cdist-contrib/type/__matrix_synapse/manifest

#!/bin/sh -e
#
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#

# OS-specific configuration.
os=$(cat "$__global/explorer/os")
distribution=$(cat "$__global/explorer/lsb_codename")

case "$os" in
   debian)
     synapse_user=matrix-synapse
     synapse_pkg=matrix-synapse
     synapse_service=matrix-synapse
     ldap_auth_provider_pkg=matrix-synapse-ldap3
     psycopg2_pkg=python3-psycopg2
     synapse_conf_dir='/etc/matrix-synapse'
     synapse_data_dir='/var/lib/matrix-synapse'

     if [ ! -f "$__global/explorer/lsb_codename" ]; then
       ls "$__global/explorer" >&2
       echo "Could not determine Debian release, ensure that lsb-release is installed on the target." >&2
       exit 1
     fi
     ;;
   fedora)
     synapse_user=synapse
     synapse_pkg=matrix-synapse
     synapse_service=synapse
     ldap_auth_provider_pkg=python-matrix-synapse-ldap3
     synapse_conf_dir='/etc/synapse'
     synapse_data_dir='/var/lib/synapse'
     ;;
   freebsd)
     synapse_user=synapse
     synapse_pkg=py36-matrix-synapse
     synapse_service=synapse
     ldap_auth_provider_pkg=py36-matrix-synapse-ldap3
     synapse_conf_dir='/usr/local/etc/matrix-synapse'
     synapse_data_dir='/var/matrix-synapse'
     ;;
   alpine)
     echo "As of 2019-12-19  matrix-synapse is not in alpine stable. Exiting."
     exit 1
     ;;
   *)
      printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
      printf "Please contribute an implementation for it if you can.\n" >&2
      exit 1
   ;;
esac

# Required parameters:
SERVER_NAME=$(cat "$__object/parameter/server-name")
export SERVER_NAME
BASE_URL=$(cat "$__object/parameter/base-url")
export BASE_URL

export DATA_DIR=$synapse_data_dir
export LOG_DIR='/var/log/matrix-synapse'
export PIDFILE='/var/run/matrix/homeserver.pid'
export LOG_CONFIG_PATH="$synapse_conf_dir/log.yaml"
export SIGNING_KEY_PATH="$synapse_conf_dir/signin.key"

DATABASE_ENGINE=$(cat "$__object/parameter/database-engine")
export DATABASE_ENGINE
DATABASE_NAME=$(cat "$__object/parameter/database-name")
export DATABASE_NAME

# Optional parameters:
DATABASE_HOST=$(cat "$__object/parameter/database-host")
export DATABASE_HOST
DATABASE_USER=$(cat "$__object/parameter/database-user")
export DATABASE_USER
DATABASE_PASSWORD=$(cat "$__object/parameter/database-password")
export DATABASE_PASSWORD

GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor")
export GLOBAL_CACHE_FACTOR
EVENT_CACHE_SIZE=$(cat "$__object/parameter/event-cache-size")
export EVENT_CACHE_SIZE

LDAP_FILTER=$(cat "$__object/parameter/ldap-filter")
export LDAP_FILTER
LDAP_UID_ATTRIBUTE=$(cat "$__object/parameter/ldap-uid-attribute")
export LDAP_UID_ATTRIBUTE
LDAP_MAIL_ATTRIBUTE=$(cat "$__object/parameter/ldap-mail-attribute")
export LDAP_MAIL_ATTRIBUTE
LDAP_NAME_ATTRIBUTE=$(cat "$__object/parameter/ldap-name-attribute")
export LDAP_NAME_ATTRIBUTE
LDAP_URI=$(cat "$__object/parameter/ldap-uri")
export LDAP_URI
LDAP_BASE_DN=$(cat "$__object/parameter/ldap-base-dn")
export LDAP_BASE_DN
LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn")
export LDAP_BIND_DN
LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
export LDAP_BIND_PASSWORD

TURN_USER_LIFETIME=$(cat "$__object/parameter/turn-user-lifetime")
export TURN_USER_LIFETIME
if [ -f "$__object/parameter/turn-shared-secret" ]; then
    TURN_SHARED_SECRET=$(cat "$__object/parameter/turn-shared-secret")
    export TURN_SHARED_SECRET
fi
if [ -f "$__object/parameter/turn-uri" ]; then
    uris=$(tr "\n" "," < "$__object/parameter/turn-uri" | sed 's/,$//')
    export TURN_URIS="[$uris]"
fi

if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
    RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern")
    export RESGISTRATION_ALLOWS_EMAIL_PATTERN
fi

if [ -f "$__object/parameter/auto-join-room" ]; then
    AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")"
    export AUTO_JOIN_ROOMS
fi

if [ -f "$__object/parameter/app-service-config-file" ]; then
    APP_SERVICE_CONFIG_FILES=$(cat "$__object/parameter/app-service-config-file")
    export APP_SERVICE_CONFIG_FILES
fi

MAX_UPLOAD_SIZE=$(cat "$__object/parameter/max-upload-size")
export MAX_UPLOAD_SIZE
RIOT_BASE_URL=$(cat "$__object/parameter/riot-base-url")
export RIOT_BASE_URL

SMTP_HOST=$(cat "$__object/parameter/smtp-host")
export SMTP_HOST
SMTP_PORT=$(cat "$__object/parameter/smtp-port")
export SMTP_PORT
SMTP_USER=$(cat "$__object/parameter/smtp-user")
export SMTP_USER
SMTP_PASS=$(cat "$__object/parameter/smtp-pass")
export SMTP_PASS

RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc-message-per-second")
export RC_MESSAGE_PER_SECOND
RC_MESSAGE_BURST=$(cat "$__object/parameter/rc_message_burst")
export RC_MESSAGE_BURST
RC_LOGIN_PER_SECOND=$(cat "$__object/parameter/rc-login-per-second")
export RC_LOGIN_PER_SECOND
RC_LOGIN_BURST=$(cat "$__object/parameter/rc-login-burst")
export RC_LOGIN_BURST

if [ -f "$__object/parameter/extra-setting" ]; then
    EXTRA_SETTINGS=$(cat "$__object/parameter/extra-setting")
    export EXTRA_SETTINGS
fi

# Boolean parameters:
if [ -f "$__object/parameter/report-stats" ]; then
    export REPORT_STATS='true'
else
    export REPORT_STATS='false'
fi
if [ -f "$__object/parameter/allow-registration" ]; then
    export ALLOW_REGISTRATION='true'
else
    export ALLOW_REGISTRATION='false'
fi
if [ -f "$__object/parameter/enable-ldap-auth" ]; then
    export ENABLE_LDAP_AUTH='true'
else
    export ENABLE_LDAP_AUTH='false'
fi
if [ -f "$__object/parameter/ldap-search-mode" ]; then
    export LDAP_SEARCH_MODE=1
fi
if [ -f "$__object/parameter/expose-metrics" ]; then
    export EXPOSE_METRICS='true'
else
    export EXPOSE_METRICS='false'
fi
if [ -f "$__object/parameter/enable-notifications" ]; then
    export ENABLE_NOTIFICATIONS='true'
else
    export ENABLE_NOTIFICATIONS='false'
fi
if [ -f "$__object/parameter/enable_notifications-by-default" ]; then
    export ENABLE_NOTIFICATIONS_BY_DEFAULT='true'
else
    export ENABLE_NOTIFICATIONS_BY_DEFAULT='false'
fi
if [ -f "$__object/parameter/smtp-requires-tls" ]; then
    export SMTP_TLS='true'
else
    export SMTP_TLS='false'
fi
if [ -f "$__object/parameter/disable-federation" ]; then
    export DISABLE_FEDERATION='true'
else
    export DISABLE_FEDERATION='false'
fi
if [ -f "$__object/parameter/allow-guest-access" ]; then
    export ALLOW_GUEST_ACCESS='true'
else
    export ALLOW_GUEST_ACCESS='false'
fi
if [ -f "$__object/parameter/registration-requires-email" ]; then
    export REGISTRATION_REQUIRES_EMAIL=1
fi
if [ -f "$__object/parameter/allow-public-rooms-over-federation" ]; then
    export ALLOW_PUBLIC_ROOMS_OVER_FEDERATION='true'
else
    export ALLOW_PUBLIC_ROOMS_OVER_FEDERATION='false'
fi
if [ -f "$__object/parameter/allow-public-rooms-without-auth" ]; then
    export ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH='true'
else
    export ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH='false'
fi
if [ -f "$__object/parameter/enable-server-notices" ]; then
    export ENABLE_SERVER_NOTICES=1
fi

# Specific case for debian-buster, boilerplate but there's not much I can do
# about it.

installation_reqs=""
if [ "$os" = "debian" ] && [ "$distribution" = "buster" ]; then
  # Enable debian-backports for debian Buster, as the 'stable'
  # matrix-synapse package is ways too old (< 1.0).
  __apt_source debian-backports \
    --uri http://deb.debian.org/debian/ \
    --distribution "$distribution-backports" \
    --component main
   require="__apt_source/debian-backports" __apt_update_index

  # Install base matrix-synapse package.
  require="__apt_update_index" __package_apt $synapse_pkg \
    --state present \
    --target-release "$distribution-backports"

  # Install LdapAuthProvider module if LDAP auth is enabled.
  if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
    require="__package_apt/$synapse_pkg" __package_apt $ldap_auth_provider_pkg \
      --state present \
      --target-release "$distribution-backports"
    installation_reqs="$installation_reqs __package_apt/$ldap_auth_provider_pkg"
  fi

  # For some reason, psycopg2 is not considered a dependency of
  # matrix-synapse in matrix.org's APT repository.
  if [ "$DATABASE_ENGINE" = "psycopg2" ]; then
    require="__package_apt/$synapse_pkg" __package_apt $psycopg2_pkg \
      --state present
      installation_reqs="$installation_reqs __package_apt/$psycopg2_pkg"
  fi

  # Used for dependency order resolution.
  installation_reqs="$installation_reqs __package_apt/$synapse_pkg"
else
  # Install base matrix-synapse package.
  __package $synapse_pkg --state present

  # Install LdapAuthProvider module if LDAP auth is enabled.
  if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
    require="__package/$synapse_pkg" __package $ldap_auth_provider_pkg \
      --state present
  fi

  # Used for dependency order resolution.
  installation_reqs="__package/$synapse_pkg"
fi

# Generate and deploy configuration files.
mkdir -p "$__object/files"
"$__type/files/homeserver.yaml.sh" > "$__object/files/homeserver.yaml"
"$__type/files/log.config.sh" > "$__object/files/log.config"

require="$installation_reqs" __file "$synapse_conf_dir/homeserver.yaml" \
  --state present \
  --owner $synapse_user \
  --mode 600 \
  --source "$__object/files/homeserver.yaml"
require="$installation_reqs" __file "$LOG_CONFIG_PATH" \
  --state present \
  --owner $synapse_user \
  --mode 600 \
  --source "$__object/files/log.config"
require="$installation_reqs" __directory $DATA_DIR --state present --owner $synapse_user
require="$installation_reqs" __directory $LOG_DIR --state present --owner $synapse_user

# Work around dpkg-reconfigure for Debian package.
RESTART_REQUIRES="__file/$synapse_conf_dir/homeserver.yaml"
if [ "$os" = "debian" ]; then
  require="$installation_reqs" __file "$synapse_conf_dir/conf.d/server_name.yaml" \
    --state present --owner $synapse_user --source - << EOF
server_name: "$SERVER_NAME"
EOF
  require="$installation_reqs" __file "$synapse_conf_dir/conf.d/report_stats.yaml" \
    --state present --owner $synapse_user --source - << EOF
report_stats: $REPORT_STATS
EOF

  RESTART_REQUIRES="$RESTART_REQUIRES __file/$synapse_conf_dir/conf.d/server_name.yaml \
      __file/$synapse_conf_dir/conf.d/report_stats.yaml"
fi

# Restart synapse homeserver to reload configuration.
require="$RESTART_REQUIRES" __service $synapse_service --action restart