From 33bf0fd4165bde47b097de05ef7e3ff1fbd25ece Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Wed, 17 Feb 2021 14:01:06 +0100 Subject: [PATCH] [__matrix_synapse] wire TLS certs, fix some templating errors --- type/__matrix_synapse/files/homeserver.yaml.sh | 11 +++++++++-- type/__matrix_synapse/man.rst | 6 ++++++ type/__matrix_synapse/manifest | 9 +++++++++ type/__matrix_synapse/parameter/boolean | 1 + type/__matrix_synapse/parameter/required | 2 ++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/type/__matrix_synapse/files/homeserver.yaml.sh b/type/__matrix_synapse/files/homeserver.yaml.sh index 7195dd5..ad81569 100755 --- a/type/__matrix_synapse/files/homeserver.yaml.sh +++ b/type/__matrix_synapse/files/homeserver.yaml.sh @@ -1,7 +1,8 @@ #!/bin/sh - # Note: template originally generated from synapse's 1.26.0 sample config. +set -e + cat << EOF ############################################################### # THIS FILE HAS BEEN GENERATED BY CDIST. DO NOT EDIT BY HAND. # @@ -49,8 +50,13 @@ pid_file: "${PIDFILE:?}" # under the 'listeners' configuration, however this is a security risk: # https://github.com/matrix-org/synapse#security-note # -web_client_location: "${WEB_CLIENT_URL:?}" +EOF +if [ -n "$WEB_CLIENT_URL" ]; then + echo "web_client_location: \"$WEB_CLIENT_URL\"" +fi + +cat << EOF # The public-facing base URL that clients use to access this Homeserver (not # including _matrix/...). This is the same URL a user might enter into the # 'Custom Homeserver URL' field on their client. If you use Synapse with a @@ -690,6 +696,7 @@ if [ -n "$DISABLE_FEDERATION" ]; then fi cat << EOF + # Report prometheus metrics on the age of PDUs being sent to and received from # the following domains. This can be used to give an idea of "delay" on inbound # and outbound federation, though be aware that any delay can be due to problems diff --git a/type/__matrix_synapse/man.rst b/type/__matrix_synapse/man.rst index ead1649..a0e9b03 100644 --- a/type/__matrix_synapse/man.rst +++ b/type/__matrix_synapse/man.rst @@ -28,6 +28,12 @@ database-name Path to database file if SQLite3 is used or database name if PostgresSQL is used. +tls-cert + Path to PEM-encoded X509 TLS certificate. + +tls-private-key + Path to PEM-encoded TLS private key. + OPTIONAL PARAMETERS ------------------- database-host diff --git a/type/__matrix_synapse/manifest b/type/__matrix_synapse/manifest index 6341461..1795b76 100755 --- a/type/__matrix_synapse/manifest +++ b/type/__matrix_synapse/manifest @@ -118,6 +118,11 @@ if [ -f "$__object/parameter/enable-server-notices" ]; then export ENABLE_SERVER_NOTICES=1 fi +# TLS. +TLS_CERTIFICATE_PATH=$(cat "$__object/parameter/tls-cert") +TLS_PRIVATE_KEY_PATH=$(cat "$__object/parameter/tls-private-key") +export TLS_PRIVATE_KEY_PATH TLS_CERTIFICATE_PATH + # Performance flags. GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor") EVENT_CACHE_SIZE=$(cat "$__object/parameter/event-cache-size") @@ -205,6 +210,10 @@ ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-poli MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime") export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME +# Previews. +ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview') +export ENABLE_URL_PREVIEW + # Rate-limiting RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc-message-per-second") RC_MESSAGE_BURST=$(cat "$__object/parameter/rc-message-burst") diff --git a/type/__matrix_synapse/parameter/boolean b/type/__matrix_synapse/parameter/boolean index 481fb9d..7ff48de 100644 --- a/type/__matrix_synapse/parameter/boolean +++ b/type/__matrix_synapse/parameter/boolean @@ -16,3 +16,4 @@ ldap-use-starttls user-directory-search-all-users enable-message-retention-policy worker-mode +enable-url-preview diff --git a/type/__matrix_synapse/parameter/required b/type/__matrix_synapse/parameter/required index f9ebcb3..344ae4c 100644 --- a/type/__matrix_synapse/parameter/required +++ b/type/__matrix_synapse/parameter/required @@ -2,3 +2,5 @@ server-name base-url database-engine database-name +tls-cert +tls-private-key