[__matrix_synapse] wire TLS certs, fix some templating errors

This commit is contained in:
fnux 2021-02-17 14:01:06 +01:00
parent 37762dd1ca
commit 33bf0fd416
No known key found for this signature in database
GPG key ID: 4502C902C00A1E12
5 changed files with 27 additions and 2 deletions

View file

@ -1,7 +1,8 @@
#!/bin/sh
# Note: template originally generated from synapse's 1.26.0 sample config.
set -e
cat << EOF
###############################################################
# THIS FILE HAS BEEN GENERATED BY CDIST. DO NOT EDIT BY HAND. #
@ -49,8 +50,13 @@ pid_file: "${PIDFILE:?}"
# under the 'listeners' configuration, however this is a security risk:
# https://github.com/matrix-org/synapse#security-note
#
web_client_location: "${WEB_CLIENT_URL:?}"
EOF
if [ -n "$WEB_CLIENT_URL" ]; then
echo "web_client_location: \"$WEB_CLIENT_URL\""
fi
cat << EOF
# The public-facing base URL that clients use to access this Homeserver (not
# including _matrix/...). This is the same URL a user might enter into the
# 'Custom Homeserver URL' field on their client. If you use Synapse with a
@ -690,6 +696,7 @@ if [ -n "$DISABLE_FEDERATION" ]; then
fi
cat << EOF
# Report prometheus metrics on the age of PDUs being sent to and received from
# the following domains. This can be used to give an idea of "delay" on inbound
# and outbound federation, though be aware that any delay can be due to problems

View file

@ -28,6 +28,12 @@ database-name
Path to database file if SQLite3 is used or database name if PostgresSQL is
used.
tls-cert
Path to PEM-encoded X509 TLS certificate.
tls-private-key
Path to PEM-encoded TLS private key.
OPTIONAL PARAMETERS
-------------------
database-host

View file

@ -118,6 +118,11 @@ if [ -f "$__object/parameter/enable-server-notices" ]; then
export ENABLE_SERVER_NOTICES=1
fi
# TLS.
TLS_CERTIFICATE_PATH=$(cat "$__object/parameter/tls-cert")
TLS_PRIVATE_KEY_PATH=$(cat "$__object/parameter/tls-private-key")
export TLS_PRIVATE_KEY_PATH TLS_CERTIFICATE_PATH
# Performance flags.
GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor")
EVENT_CACHE_SIZE=$(cat "$__object/parameter/event-cache-size")
@ -205,6 +210,10 @@ ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-poli
MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime")
export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME
# Previews.
ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview')
export ENABLE_URL_PREVIEW
# Rate-limiting
RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc-message-per-second")
RC_MESSAGE_BURST=$(cat "$__object/parameter/rc-message-burst")

View file

@ -16,3 +16,4 @@ ldap-use-starttls
user-directory-search-all-users
enable-message-retention-policy
worker-mode
enable-url-preview

View file

@ -2,3 +2,5 @@ server-name
base-url
database-engine
database-name
tls-cert
tls-private-key