[__matrix_synapse] wire TLS certs, fix some templating errors

type/__matrix_synapse/files/homeserver.yaml.sh

@@ -1,7 +1,8 @@
 #!/bin/sh
-
 # Note: template originally generated from synapse's 1.26.0 sample config.
 
+set -e
+
 cat << EOF
 ###############################################################
 # THIS FILE HAS BEEN GENERATED BY CDIST. DO NOT EDIT BY HAND. #
@@ -49,8 +50,13 @@ pid_file: "${PIDFILE:?}"
 # under the 'listeners' configuration, however this is a security risk:
 # https://github.com/matrix-org/synapse#security-note
 #
-web_client_location: "${WEB_CLIENT_URL:?}"
+EOF
 
+if [ -n "$WEB_CLIENT_URL" ]; then
+	echo "web_client_location: \"$WEB_CLIENT_URL\""
+fi
+
+cat << EOF
 # The public-facing base URL that clients use to access this Homeserver (not
 # including _matrix/...). This is the same URL a user might enter into the
 # 'Custom Homeserver URL' field on their client. If you use Synapse with a
@@ -690,6 +696,7 @@ if [ -n "$DISABLE_FEDERATION" ]; then
 fi
 
 cat << EOF
+
 # Report prometheus metrics on the age of PDUs being sent to and received from
 # the following domains. This can be used to give an idea of "delay" on inbound
 # and outbound federation, though be aware that any delay can be due to problems

type/__matrix_synapse/man.rst

@@ -28,6 +28,12 @@ database-name
   Path to database file if SQLite3 is used or database name if PostgresSQL is
   used.
 
+tls-cert
+  Path to PEM-encoded X509 TLS certificate.
+
+tls-private-key
+  Path to PEM-encoded TLS private key.
+
 OPTIONAL PARAMETERS
 -------------------
 database-host

type/__matrix_synapse/manifest

@@ -118,6 +118,11 @@ if [ -f "$__object/parameter/enable-server-notices" ]; then
     export ENABLE_SERVER_NOTICES=1
 fi
 
+# TLS.
+TLS_CERTIFICATE_PATH=$(cat "$__object/parameter/tls-cert")
+TLS_PRIVATE_KEY_PATH=$(cat "$__object/parameter/tls-private-key")
+export TLS_PRIVATE_KEY_PATH TLS_CERTIFICATE_PATH
+
 # Performance flags.
 GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor")
 EVENT_CACHE_SIZE=$(cat "$__object/parameter/event-cache-size")
@@ -205,6 +210,10 @@ ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-poli
 MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime")
 export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME
 
+# Previews.
+ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview')
+export ENABLE_URL_PREVIEW
+
 # Rate-limiting
 RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc-message-per-second")
 RC_MESSAGE_BURST=$(cat "$__object/parameter/rc-message-burst")

type/__matrix_synapse/parameter/boolean

@@ -16,3 +16,4 @@ ldap-use-starttls
 user-directory-search-all-users
 enable-message-retention-policy
 worker-mode
+enable-url-preview

type/__matrix_synapse/parameter/required

@@ -2,3 +2,5 @@ server-name
 base-url
 database-engine
 database-name
+tls-cert
+tls-private-key