[__matrix_synapse] various configuration fixes

type/__matrix_synapse/files/homeserver.yaml.sh

@@ -525,13 +525,19 @@ retention:
 # full certificate chain including any intermediate certificates (for
 # instance, if using certbot, use \`fullchain.pem\` as your certificate,
 # not \`cert.pem\`).
-#
-tls_certificate_path: "${TLS_CERTIFICATE_PATH:?}"
+EOF
+
+if [ -n "$TLS_CERTIFICATE_PATH" ] && [ -n "$TLS_PRIVATE_KEY_PATH" ]; then
+	cat << EOF
+tls_certificate_path: "$TLS_CERTIFICATE_PATH}"
 
 # PEM-encoded private key for TLS
 #
-tls_private_key_path: "${TLS_PRIVATE_KEY_PATH:?}"
+tls_private_key_path: "$TLS_PRIVATE_KEY_PATH"
+EOF
+fi
 
+cat << EOF
 # Whether to verify TLS server certificates for outbound federation requests.
 #
 # Defaults to \`true\`. To disable certificate verification, uncomment the
@@ -2495,7 +2501,7 @@ push:
   # The default value is "true" to include message details. Uncomment to only
   # include the event ID and room ID in push notification payloads.
   #
-  #include_content: false
+  include_content: true
 
   # When a push notification is received, an unread count is also sent.
   # This number can either be calculated as the number of unread messages
@@ -2538,7 +2544,7 @@ spam_checker:
 # Note that this option will only affect rooms created after it is set. It
 # will also not affect rooms created by other servers.
 #
-encryption_enabled_by_default_for_room_type: "${ROOM_ENCRYPTION_POLICY:?}"j
+encryption_enabled_by_default_for_room_type: "${ROOM_ENCRYPTION_POLICY:?}"
 
 
 # Uncomment to allow non-server-admin users to create groups on this server

type/__matrix_synapse/files/log.config.sh

@@ -5,6 +5,7 @@ cat << EOF
 # THIS FILE HAS BEEN GENERATED BY CDIST. DO NOT EDIT BY HAND. #
 ###############################################################
 
+
 # Log configuration for Synapse.
 #
 # This is a YAML file containing a standard Python logging configuration
@@ -15,65 +16,55 @@ cat << EOF
 #
 # [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
 # [2]: https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md
-
+#
 version: 1
 
 formatters:
-    precise:
-        format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+  precise:
+   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.util.logcontext.LoggingContextFilter
+    request: ""
 
 handlers:
-    file:
-        class: logging.handlers.TimedRotatingFileHandler
-        formatter: precise
-        filename: ${LOG_DIR:?}/homeserver.log
-        when: midnight
-        backupCount: 3  # Does not include the current log file.
-        encoding: utf8
-
-    # Default to buffering writes to log file for efficiency. This means that
-    # will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
-    # logs will still be flushed immediately.
-    buffer:
-        class: logging.handlers.MemoryHandler
-        target: file
-        # The capacity is the number of log lines that are buffered before
-        # being written to disk. Increasing this will lead to better
-        # performance, at the expensive of it taking longer for log lines to
-        # be written to disk.
-        capacity: 10
-        flushLevel: 30  # Flush for WARNING logs as well
-
-    # A handler that writes logs to stderr. Unused by default, but can be used
-    # instead of "buffer" and "file" in the logger handlers.
-    console:
-        class: logging.StreamHandler
-        formatter: precise
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: precise
+    filename: ${LOG_DIR:?}/homeserver.log
+    when: midnight
+    backupCount: 3  # Does not include the current log file.
+    filters: [context]
+    encoding: utf8
+  # Default to buffering writes to log file for efficiency. This means that
+  # will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
+  # logs will still be flushed immediately.
+  buffer:
+    class: logging.handlers.MemoryHandler
+    target: file
+    # The capacity is the number of log lines that are buffered before
+    # being written to disk. Increasing this will lead to better
+    # performance, at the expensive of it taking longer for log lines to
+    # be written to disk.
+    capacity: 10
+    flushLevel: 30  # Flush for WARNING logs as well
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+    level: WARN
 
 loggers:
-    synapse.storage.SQL:
-        # beware: increasing this to DEBUG will make synapse log sensitive
-        # information such as access tokens.
-        level: INFO
-
-    twisted:
-        # We send the twisted logging directly to the file handler,
-        # to work around https://github.com/matrix-org/synapse/issues/3471
-        # when using "buffer" logger. Use "console" to log to stderr instead.
-        handlers: [file]
-        propagate: false
-
-root:
+  synapse:
+    level: INFO
+  synapse.storage.SQL:
+    # beware: increasing this to DEBUG will make synapse log sensitive
+    # information such as access tokens.
+    level: INFO
+  twisted:
     level: INFO
 
-    # Write logs to the \`buffer\` handler, which will buffer them together in memory,
-    # then write them to a file.
-    #
-    # Replace "buffer" with "console" to log to stderr instead. (Note that you'll
-    # also need to update the configuration for the \`twisted\` logger above, in
-    # this case.)
-    #
-    handlers: [buffer]
-
-disable_existing_loggers: false
+root:
+  level: INFO
+  handlers: [buffer, console]
 EOF

type/__matrix_synapse/gencode-remote

@@ -6,11 +6,11 @@ init=$(cat "$__global/explorer/init")
 case "$os" in
 	alpine)
 		synapse_conf_dir=/etc/synapse
-		synapse_service=matrix-synapse
+		synapse_service=synapse
 		;;
 	debian)
 		synapse_conf_dir=/etc/matrix-synapse
-		synapse_service=synapse
+		synapse_service=matrix-synapse
 		;;
 	*)
 		echo "Unknown OS $os." >&2
@@ -18,10 +18,10 @@ case "$os" in
 	;;
 esac
 
-if grep -qE "^__file/$synapse_conf_dir" "${__messages_in}"; then
+if grep -qE "^__file$synapse_conf_dir" "${__messages_in}"; then
 	case "$init" in
 		systemd)
-			echo "systemctl try-reload-or-restart $synapse_service"
+			echo "systemctl restart $synapse_service"
 			;;
 		initd)
 			echo "service --ifstopped $synapse_service start"

type/__matrix_synapse/man.rst

@@ -28,12 +28,6 @@ database-name
   Path to database file if SQLite3 is used or database name if PostgresSQL is
   used.
 
-tls-cert
-  Path to PEM-encoded X509 TLS certificate.
-
-tls-private-key
-  Path to PEM-encoded TLS private key.
-
 OPTIONAL PARAMETERS
 -------------------
 database-host
@@ -69,6 +63,14 @@ ldap-bind-password
 ldap-filter
   LDAP user filter, defaulting to `(objectClass=posixAccount)`.
 
+tls-cert
+  Path to PEM-encoded X509 TLS certificate. Not needed if TLS termination is
+  handled by a reverse Proxy such as NGINX.
+
+tls-private-key
+  Path to PEM-encoded TLS private key. Not needed if TLS termination is
+  handled by a reverse Proxy such as NGINX.
+
 smtp-host
   The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
 

type/__matrix_synapse/manifest

@@ -119,9 +119,14 @@ if [ -f "$__object/parameter/enable-server-notices" ]; then
 fi
 
 # TLS.
-TLS_CERTIFICATE_PATH=$(cat "$__object/parameter/tls-cert")
-TLS_PRIVATE_KEY_PATH=$(cat "$__object/parameter/tls-private-key")
-export TLS_PRIVATE_KEY_PATH TLS_CERTIFICATE_PATH
+if [ -f "$__object/parameter/tls-cert" ]; then
+	TLS_CERTIFICATE_PATH=$(cat "$__object/parameter/tls-cert")
+	export TLS_CERTIFICATE_PATH
+fi
+if [ -f "$__object/parameter/tls-private-key" ]; then
+	TLS_PRIVATE_KEY_PATH=$(cat "$__object/parameter/tls-private-key")
+	export TLS_PRIVATE_KEY_PATH
+fi
 
 # Performance flags.
 GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor")
@@ -144,7 +149,11 @@ export DATABASE_ENGINE DATABASE_NAME DATABASE_HOST DATABASE_USER \
 	DATABASE_PASSWORD
 
 # LDAP-based authentication.
-ENABLE_LDAP_AUTH=$(get_boolean_for 'enable-ldap-auth')
+if [ -f "$__object/enable-ldap-auth" ]; then
+	ENABLE_LDAP_AUTH=$(get_boolean_for 'enable-ldap-auth')
+	export ENABLE_LDAP_AUTH
+fi
+
 LDAP_FILTER=$(cat "$__object/parameter/ldap-filter")
 LDAP_UID_ATTRIBUTE=$(cat "$__object/parameter/ldap-uid-attribute")
 LDAP_MAIL_ATTRIBUTE=$(cat "$__object/parameter/ldap-mail-attribute")
@@ -154,9 +163,8 @@ LDAP_BASE_DN=$(cat "$__object/parameter/ldap-base-dn")
 LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn")
 LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
 LDAP_USE_STARTTLS=$(get_boolean_for 'ldap-use-starttls')
-export ENABLE_LDAP_AUTH LDAP_FILTER LDAP_UID_ATTRIBUTE LDAP_MAIL_ATTRIBUTE \
-	LDAP_NAME_ATTRIBUTE LDAP_URI LDAP_BASE_DN LDAP_BIND_DN LDAP_BIND_PASSWORD \
-	LDAP_USE_STARTTLS
+export LDAP_FILTER LDAP_UID_ATTRIBUTE LDAP_MAIL_ATTRIBUTE LDAP_NAME_ATTRIBUTE \
+	LDAP_URI LDAP_BASE_DN LDAP_BIND_DN LDAP_BIND_PASSWORD LDAP_USE_STARTTLS
 
 # Outgoing emails (= notifications).
 ENABLE_NOTIFICATIONS=$(get_boolean_for 'enable-notifications')
@@ -181,6 +189,11 @@ ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations')
 USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users')
 export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS
 
+if [ -f "$__object/parameter/registration-shared-token" ]; then
+	REGISTRATION_SHARED_SECRET=$(cat "$__object/parameter/registration-shared-secret")
+	export REGISTRATION_SHARED_SECRET
+fi
+
 if [ -f "$__object/parameter/registration-requires-email" ]; then
     export REGISTRATION_REQUIRES_EMAIL=1
 fi
@@ -196,14 +209,16 @@ if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
 fi
 
 # Federation.
-DISABLE_FEDERATION=$(get_boolean_for 'disable-federation')
 ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation')
 ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth')
 LIMIT_REMOTE_ROOM_COMPLEXITY=$(get_boolean_for 'limit-remote-room-complexity')
 REMOTE_ROOM_COMPLEXITY_TRESHOLD=$(cat "$__object/parameter/remote-room-complexity-treshold")
-export DISABLE_FEDERATION ALLOW_PUBLIC_ROOMS_OVER_FEDERATION \
-	ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH LIMIT_REMOTE_ROOM_COMPLEXITY \
-	REMOTE_ROOM_COMPLEXITY_TRESHOLD
+export ALLOW_PUBLIC_ROOMS_OVER_FEDERATION ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH \
+	LIMIT_REMOTE_ROOM_COMPLEXITY REMOTE_ROOM_COMPLEXITY_TRESHOLD
+
+if [ -f "$__object/parameter/disable-federation" ]; then
+	export DISABLE_FEDERATION=1
+fi
 
 # Message retention.
 ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy')
@@ -290,7 +305,7 @@ esac
 # backports situation.
 synapse_req=
 if [ -n "$apt_target_release" ]; then
-	__package_apt "$synapse_pkg" \
+	require="__apt_source/debian-backports" __package_apt "$synapse_pkg" \
 		--target-release "$apt_target_release"
 	synapse_req="__package_apt/$synapse_pkg"
 else
@@ -298,7 +313,7 @@ else
 	synapse_req="__package/$synapse_pkg"
 fi
 
-if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
+if [ -n "$ENABLE_LDAP_AUTH" ]; then
 	if [ -n "$apt_target_release" ]; then
 		require="__package_apt/$synapse_pkg" __package_apt "$ldap_auth_provider_pkg" \
 			--target-release "$apt_target_release"

type/__matrix_synapse/parameter/optional

@@ -29,3 +29,6 @@ notification-from
 message-max-lifetime
 worker-replication-secret
 background-tasks-worker
+tls-cert
+tls-private-key
+registration-shared-secret

type/__matrix_synapse/parameter/required

@@ -2,5 +2,3 @@ server-name
 base-url
 database-engine
 database-name
-tls-cert
-tls-private-key