__matrix_synapse: refresh configuration template and type parameters

type/__matrix_synapse/files/environment.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-cat << EOF
-# Specify environment variables used when running Synapse
-SYNAPSE_CACHE_FACTOR=$CACHE_FACTOR
-EOF

type/__matrix_synapse/files/log.config.sh

@@ -1,60 +1,79 @@
 #!/bin/sh
 
 cat << EOF
+###############################################################
+# THIS FILE HAS BEEN GENERATED BY CDIST. DO NOT EDIT BY HAND. #
+###############################################################
+
+# Log configuration for Synapse.
+#
+# This is a YAML file containing a standard Python logging configuration
+# dictionary. See [1] for details on the valid settings.
+#
+# Synapse also supports structured logging for machine readable logs which can
+# be ingested by ELK stacks. See [2] for details.
+#
+# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
+# [2]: https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md
 
 version: 1
 
 formatters:
-  precise:
+    precise:
-   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+        format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
-  journal_fmt:
-   format: '%(name)s: [%(request)s] %(message)s'
-
-filters:
-  context:
-    (): synapse.util.logcontext.LoggingContextFilter
-    request: ""
 
 handlers:
-  file:
+    file:
-    class: logging.handlers.WatchedFileHandler
+        class: logging.handlers.TimedRotatingFileHandler
-    formatter: precise
+        formatter: precise
-    filename: $LOG_DIR/homeserver.log
+        filename: ${LOG_DIR:?}/homeserver.log
-    filters: [context]
+        when: midnight
-    level: DEBUG
+        backupCount: 3  # Does not include the current log file.
-    encoding: utf8
+        encoding: utf8
-  console:
+
-    class: logging.StreamHandler
+    # Default to buffering writes to log file for efficiency. This means that
-    formatter: precise
+    # will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
-    level: WARN
+    # logs will still be flushed immediately.
-  journal:
+    buffer:
-    class: systemd.journal.JournalHandler
+        class: logging.handlers.MemoryHandler
-    formatter: journal_fmt
+        target: file
-    filters: [context]
+        # The capacity is the number of log lines that are buffered before
-    SYSLOG_IDENTIFIER: synapse
+        # being written to disk. Increasing this will lead to better
+        # performance, at the expensive of it taking longer for log lines to
+        # be written to disk.
+        capacity: 10
+        flushLevel: 30  # Flush for WARNING logs as well
+
+    # A handler that writes logs to stderr. Unused by default, but can be used
+    # instead of "buffer" and "file" in the logger handlers.
+    console:
+        class: logging.StreamHandler
+        formatter: precise
 
 loggers:
-    twisted:
+    synapse.storage.SQL:
-        level: WARN
+        # beware: increasing this to DEBUG will make synapse log sensitive
-
+        # information such as access tokens.
-    synapse:
         level: INFO
 
-    # the following levels are more verbose than most users want
+    twisted:
-    # set them to INFO if you need more logging
+        # We send the twisted logging directly to the file handler,
-    synapse.metrics:
+        # to work around https://github.com/matrix-org/synapse/issues/3471
-        level: WARN
+        # when using "buffer" logger. Use "console" to log to stderr instead.
-
+        handlers: [file]
-    synapse.http.federation.well_known_resolver:
+        propagate: false
-        level: WARN
-
-    synapse.storage.TIME:
-        level: WARN
-
-    synapse.http.matrixfederationclient:
-        level: WARN
 
 root:
     level: INFO
-    handlers: [file, journal]
+
+    # Write logs to the \`buffer\` handler, which will buffer them together in memory,
+    # then write them to a file.
+    #
+    # Replace "buffer" with "console" to log to stderr instead. (Note that you'll
+    # also need to update the configuration for the \`twisted\` logger above, in
+    # this case.)
+    #
+    handlers: [buffer]
+
+disable_existing_loggers: false
 EOF

type/__matrix_synapse/gencode-remote

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+os=$(cat "$__global/explorer/os")
+init=$(cat "$__global/explorer/init")
+
+case "$os" in
+	alpine)
+		synapse_conf_dir=/etc/synapse
+		synapse_service=matrix-synapse
+		;;
+	debian)
+		synapse_conf_dir=/etc/matrix-synapse
+		synapse_service=synapse
+		;;
+	*)
+		echo "Unknown OS $os." >&2
+		exit 1
+	;;
+esac
+
+if grep -qE "^__file/$synapse_conf_dir" "${__messages_in}"; then
+	case "$init" in
+		systemd)
+			echo "systemctl try-reload-or-restart $synapse_service"
+			;;
+		initd)
+			echo "service --ifstopped $synapse_service start"
+			echo "service --ifstarted $synapse_service restart"
+			;;
+		*)
+			echo "Unknown init $init." >&2
+			exit 1
+			;;
+	esac
+fi

type/__matrix_synapse/manifest

@@ -23,109 +23,161 @@ os=$(cat "$__global/explorer/os")
 distribution=$(cat "$__global/explorer/lsb_codename")
 
 case "$os" in
-   debian)
+	debian)
-     synapse_user=matrix-synapse
+		synapse_user=matrix-synapse
-     synapse_pkg=matrix-synapse
+		synapse_pkg=matrix-synapse
-     synapse_service=matrix-synapse
+		synapse_service=matrix-synapse
-     ldap_auth_provider_pkg=matrix-synapse-ldap3
+		ldap_auth_provider_pkg=matrix-synapse-ldap3
-     psycopg2_pkg=python3-psycopg2
+		synapse_conf_dir='/etc/matrix-synapse'
-     synapse_conf_dir='/etc/matrix-synapse'
+		synapse_data_dir='/var/lib/matrix-synapse'
-     synapse_data_dir='/var/lib/matrix-synapse'
 
-     if [ ! -f "$__global/explorer/lsb_codename" ]; then
+		# See https://packages.debian.org/bullseye/matrix-synapse for state of
-       ls "$__global/explorer" >&2
+		# synapse packaging in debian.
-       echo "Could not determine Debian release, ensure that lsb-release is installed on the target." >&2
+		case "$distribution" in
-       exit 1
+			stretch)
-     fi
+				echo "The matrix-synapse package in debian stretch is outdated and unusable." >&2
-     ;;
+				exit 1
-   fedora)
+				;;
-     synapse_user=synapse
+			buster)
-     synapse_pkg=matrix-synapse
+				# Enable debian-backports for debian Buster, as the 'stable'
-     synapse_service=synapse
+				# matrix-synapse package is ways too old (< 1.0).
-     ldap_auth_provider_pkg=python-matrix-synapse-ldap3
+				apt_target_release=buster-backports
-     synapse_conf_dir='/etc/synapse'
+				__apt_source debian-backports \
-     synapse_data_dir='/var/lib/synapse'
+					--uri http://deb.debian.org/debian/ \
-     ;;
+					--distribution "$apt_target_release" \
-   freebsd)
+					--component main
-     synapse_user=synapse
+				;;
-     synapse_pkg=py36-matrix-synapse
+				bullseye|sid)
-     synapse_service=synapse
+					# As of writting (2021-02), the default matrix-synapse of those
-     ldap_auth_provider_pkg=py36-matrix-synapse-ldap3
+					# release is perfectly usable.
-     synapse_conf_dir='/usr/local/etc/matrix-synapse'
+					:
-     synapse_data_dir='/var/matrix-synapse'
+				;;
-     ;;
+				*)
-   alpine)
+					echo "Unknown debian release '$distribution'. Exiting" >&2
-     echo "As of 2019-12-19  matrix-synapse is not in alpine stable. Exiting."
+					exit 1
-     exit 1
+				;;
-     ;;
+		esac
-   *)
+		;;
-      printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
+	alpine)
-      printf "Please contribute an implementation for it if you can.\n" >&2
+		synapse_user=synapse
-      exit 1
+		synapse_pkg=synapse
-   ;;
+		synapse_service=synapse
+		# Note available as of writing (2021-02-15)
+		ldap_auth_provider_pkg=
+		synapse_conf_dir='/etc/synapse'
+		synapse_data_dir='/var/lib/synapse'
+		;;
+	*)
+		printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
+		printf "Please contribute an implementation for it if you can.\n" >&2
+		exit 1
+		;;
 esac
 
-# Required parameters:
+# Small helper used to get boolean values which can be used as-is in the
-SERVER_NAME=$(cat "$__object/parameter/server-name")
+# configuration template.
-export SERVER_NAME
+get_boolean_for () {
-BASE_URL=$(cat "$__object/parameter/base-url")
+	if [ -f "$__object/parameter/${1:?}" ]; then
-export BASE_URL
+		echo 'true'
+	else
+		echo 'false'
+	fi
+}
 
+# Small helper for erroring out on invalid combinations.
+is_required_when () {
+	value=$1
+	flag=$2
+	when=$3
+
+	if [ -z "$value" ]; then
+		echo "$flag is required when $when." >&2
+		exit 1
+	fi
+}
+
+# Generic configuration.
 export DATA_DIR=$synapse_data_dir
 export LOG_DIR='/var/log/matrix-synapse'
 export PIDFILE='/var/run/matrix/homeserver.pid'
 export LOG_CONFIG_PATH="$synapse_conf_dir/log.yaml"
 export SIGNING_KEY_PATH="$synapse_conf_dir/signin.key"
 
-DATABASE_ENGINE=$(cat "$__object/parameter/database-engine")
+# Base parameters.
-export DATABASE_ENGINE
+SERVER_NAME=$(cat "$__object/parameter/server-name")
-DATABASE_NAME=$(cat "$__object/parameter/database-name")
+BASE_URL=$(cat "$__object/parameter/base-url")
-export DATABASE_NAME
+REPORT_STATS=$(get_boolean_for 'report-stats')
+MAX_UPLOAD_SIZE=$(cat "$__object/parameter/max-upload-size")
+EXPOSE_METRICS=$(get_boolean_for 'expose-metrics')
+WEB_CLIENT_URL=$(cat "$__object/parameter/web-client-url")
+ROOM_ENCRYPTION_POLICY=$(cat "$__object/parameter/room-encryption-policy")
+export SERVER_NAME BASE_URL REPORT_STATS MAX_UPLOAD_SIZE EXPOSE_METRICS \
+	WEB_CLIENT_URL ROOM_ENCRYPTION_POLICY
 
-# Optional parameters:
+if [ -f "$__object/parameter/enable-server-notices" ]; then
-DATABASE_HOST=$(cat "$__object/parameter/database-host")
+    export ENABLE_SERVER_NOTICES=1
-export DATABASE_HOST
+fi
-DATABASE_USER=$(cat "$__object/parameter/database-user")
-export DATABASE_USER
-DATABASE_PASSWORD=$(cat "$__object/parameter/database-password")
-export DATABASE_PASSWORD
 
+# Performance flags.
 GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor")
-export GLOBAL_CACHE_FACTOR
 EVENT_CACHE_SIZE=$(cat "$__object/parameter/event-cache-size")
-export EVENT_CACHE_SIZE
+export GLOBAL_CACHE_FACTOR EVENT_CACHE_SIZE
 
+if [ -f "$__object/parameter/disable-presence" ]; then
+	export USE_PRESENCE='false'
+else
+	export USE_PRESENCE='true'
+fi
+
+# Database configuration.
+DATABASE_ENGINE=$(cat "$__object/parameter/database-engine")
+DATABASE_NAME=$(cat "$__object/parameter/database-name")
+DATABASE_HOST=$(cat "$__object/parameter/database-host")
+DATABASE_USER=$(cat "$__object/parameter/database-user")
+DATABASE_PASSWORD=$(cat "$__object/parameter/database-password")
+export DATABASE_ENGINE DATABASE_NAME DATABASE_HOST DATABASE_USER \
+	DATABASE_PASSWORD
+
+# LDAP-based authentication.
+ENABLE_LDAP_AUTH=$(get_boolean_for 'enable-ldap-auth')
 LDAP_FILTER=$(cat "$__object/parameter/ldap-filter")
-export LDAP_FILTER
 LDAP_UID_ATTRIBUTE=$(cat "$__object/parameter/ldap-uid-attribute")
-export LDAP_UID_ATTRIBUTE
 LDAP_MAIL_ATTRIBUTE=$(cat "$__object/parameter/ldap-mail-attribute")
-export LDAP_MAIL_ATTRIBUTE
 LDAP_NAME_ATTRIBUTE=$(cat "$__object/parameter/ldap-name-attribute")
-export LDAP_NAME_ATTRIBUTE
 LDAP_URI=$(cat "$__object/parameter/ldap-uri")
-export LDAP_URI
 LDAP_BASE_DN=$(cat "$__object/parameter/ldap-base-dn")
-export LDAP_BASE_DN
 LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn")
-export LDAP_BIND_DN
 LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
-export LDAP_BIND_PASSWORD
+LDAP_USE_STARTTLS=$(get_boolean_for 'ldap-use-starttls')
+export ENABLE_LDAP_AUTH LDAP_FILTER LDAP_UID_ATTRIBUTE LDAP_MAIL_ATTRIBUTE \
+	LDAP_NAME_ATTRIBUTE LDAP_URI LDAP_BASE_DN LDAP_BIND_DN LDAP_BIND_PASSWORD \
+	LDAP_USE_STARTTLS
 
-TURN_USER_LIFETIME=$(cat "$__object/parameter/turn-user-lifetime")
+# Outgoing emails (= notifications).
-export TURN_USER_LIFETIME
+ENABLE_NOTIFICATIONS=$(get_boolean_for 'enable-notifications')
-if [ -f "$__object/parameter/turn-shared-secret" ]; then
+SMTP_HOST=$(cat "$__object/parameter/smtp-host")
-    TURN_SHARED_SECRET=$(cat "$__object/parameter/turn-shared-secret")
+SMTP_PORT=$(cat "$__object/parameter/smtp-port")
-    export TURN_SHARED_SECRET
+SMTP_USE_STARTTLS=$(get_boolean_for 'smtp-use-starttls')
-fi
+SMTP_USER=$(cat "$__object/parameter/smtp-user")
-if [ -f "$__object/parameter/turn-uri" ]; then
+SMTP_PASSWORD=$(cat "$__object/parameter/smtp-password")
-    uris=$(tr "\n" "," < "$__object/parameter/turn-uri" | sed 's/,$//')
+export SMTP_HOST SMTP_PORT SMTP_USER SMTP_PASSWORD SMTP_USE_STARTTLS \
-    export TURN_URIS="[$uris]"
+	ENABLE_NOTIFICATIONS
+
+if [ -f "$__object/parameter/notification-from" ]; then
+	NOTIFICATION_FROM=$(cat "$__object/parameter/notification-from")
+	export NOTIFICATION_FROM
+else
+	export NOTIFICATION_FROM="Matrix <no-reply@$SERVER_NAME>"
 fi
 
-if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
+# Registrations and users.
-    RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern")
+ALLOW_GUEST_ACCESS=$(get_boolean_for 'allow-guest-access')
-    export RESGISTRATION_ALLOWS_EMAIL_PATTERN
+ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations')
+USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users')
+export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS
+
+if [ -f "$__object/parameter/registration-requires-email" ]; then
+    export REGISTRATION_REQUIRES_EMAIL=1
 fi
 
 if [ -f "$__object/parameter/auto-join-room" ]; then
@@ -133,153 +185,109 @@ if [ -f "$__object/parameter/auto-join-room" ]; then
     export AUTO_JOIN_ROOMS
 fi
 
-if [ -f "$__object/parameter/app-service-config-file" ]; then
+if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
-    APP_SERVICE_CONFIG_FILES=$(cat "$__object/parameter/app-service-config-file")
+    RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern")
-    export APP_SERVICE_CONFIG_FILES
+    export RESGISTRATION_ALLOWS_EMAIL_PATTERN
 fi
 
-MAX_UPLOAD_SIZE=$(cat "$__object/parameter/max-upload-size")
+# Federation.
-export MAX_UPLOAD_SIZE
+DISABLE_FEDERATION=$(get_boolean_for 'disable-federation')
-RIOT_BASE_URL=$(cat "$__object/parameter/riot-base-url")
+ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation')
-export RIOT_BASE_URL
+ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth')
+LIMIT_REMOTE_ROOM_COMPLEXITY=$(get_boolean_for 'limit-remote-room-complexity')
+REMOTE_ROOM_COMPLEXITY_TRESHOLD=$(cat "$__object/parameter/remote-room-complexity-treshold")
+export DISABLE_FEDERATION ALLOW_PUBLIC_ROOMS_OVER_FEDERATION \
+	ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH LIMIT_REMOTE_ROOM_COMPLEXITY \
+	REMOTE_ROOM_COMPLEXITY_TRESHOLD
 
-SMTP_HOST=$(cat "$__object/parameter/smtp-host")
+# Message retention.
-export SMTP_HOST
+ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy')
-SMTP_PORT=$(cat "$__object/parameter/smtp-port")
+MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime")
-export SMTP_PORT
+export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME
-SMTP_USER=$(cat "$__object/parameter/smtp-user")
-export SMTP_USER
-SMTP_PASS=$(cat "$__object/parameter/smtp-pass")
-export SMTP_PASS
 
+# Rate-limiting
 RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc-message-per-second")
-export RC_MESSAGE_PER_SECOND
+RC_MESSAGE_BURST=$(cat "$__object/parameter/rc-message-burst")
-RC_MESSAGE_BURST=$(cat "$__object/parameter/rc_message_burst")
-export RC_MESSAGE_BURST
 RC_LOGIN_PER_SECOND=$(cat "$__object/parameter/rc-login-per-second")
-export RC_LOGIN_PER_SECOND
 RC_LOGIN_BURST=$(cat "$__object/parameter/rc-login-burst")
-export RC_LOGIN_BURST
+export RC_MESSAGE_PER_SECOND RC_MESSAGE_BURST RC_LOGIN_PER_SECOND \
+	RC_LOGIN_BURST
 
+# Application services.
+if [ -f "$__object/parameter/app-service-config-file" ]; then
+	APP_SERVICE_CONFIG_FILES=$(cat "$__object/parameter/app-service-config-file")
+	export APP_SERVICE_CONFIG_FILES
+fi
+
+# Anything that did not fit in this type's template.
 if [ -f "$__object/parameter/extra-setting" ]; then
-    EXTRA_SETTINGS=$(cat "$__object/parameter/extra-setting")
+	EXTRA_SETTINGS=$(cat "$__object/parameter/extra-setting")
-    export EXTRA_SETTINGS
+	export EXTRA_SETTINGS
 fi
 
-# Boolean parameters:
+# TURN server (NAT traversal for P2P calls).
-if [ -f "$__object/parameter/report-stats" ]; then
+TURN_USER_LIFETIME=$(cat "$__object/parameter/turn-user-lifetime")
-    export REPORT_STATS='true'
+export TURN_USER_LIFETIME
-else
+
-    export REPORT_STATS='false'
+if [ -f "$__object/parameter/turn-shared-secret" ]; then
-fi
+	TURN_SHARED_SECRET=$(cat "$__object/parameter/turn-shared-secret")
-if [ -f "$__object/parameter/allow-registration" ]; then
+	export TURN_SHARED_SECRET
-    export ALLOW_REGISTRATION='true'
-else
-    export ALLOW_REGISTRATION='false'
-fi
-if [ -f "$__object/parameter/enable-ldap-auth" ]; then
-    export ENABLE_LDAP_AUTH='true'
-else
-    export ENABLE_LDAP_AUTH='false'
-fi
-if [ -f "$__object/parameter/ldap-search-mode" ]; then
-    export LDAP_SEARCH_MODE=1
-fi
-if [ -f "$__object/parameter/expose-metrics" ]; then
-    export EXPOSE_METRICS='true'
-else
-    export EXPOSE_METRICS='false'
-fi
-if [ -f "$__object/parameter/enable-notifications" ]; then
-    export ENABLE_NOTIFICATIONS='true'
-else
-    export ENABLE_NOTIFICATIONS='false'
-fi
-if [ -f "$__object/parameter/enable_notifications-by-default" ]; then
-    export ENABLE_NOTIFICATIONS_BY_DEFAULT='true'
-else
-    export ENABLE_NOTIFICATIONS_BY_DEFAULT='false'
-fi
-if [ -f "$__object/parameter/smtp-requires-tls" ]; then
-    export SMTP_TLS='true'
-else
-    export SMTP_TLS='false'
-fi
-if [ -f "$__object/parameter/disable-federation" ]; then
-    export DISABLE_FEDERATION='true'
-else
-    export DISABLE_FEDERATION='false'
-fi
-if [ -f "$__object/parameter/allow-guest-access" ]; then
-    export ALLOW_GUEST_ACCESS='true'
-else
-    export ALLOW_GUEST_ACCESS='false'
-fi
-if [ -f "$__object/parameter/registration-requires-email" ]; then
-    export REGISTRATION_REQUIRES_EMAIL=1
-fi
-if [ -f "$__object/parameter/allow-public-rooms-over-federation" ]; then
-    export ALLOW_PUBLIC_ROOMS_OVER_FEDERATION='true'
-else
-    export ALLOW_PUBLIC_ROOMS_OVER_FEDERATION='false'
-fi
-if [ -f "$__object/parameter/allow-public-rooms-without-auth" ]; then
-    export ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH='true'
-else
-    export ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH='false'
-fi
-if [ -f "$__object/parameter/enable-server-notices" ]; then
-    export ENABLE_SERVER_NOTICES=1
 fi
 
-# Specific case for debian-buster, boilerplate but there's not much I can do
+if [ -f "$__object/parameter/turn-uri" ]; then
-# about it.
+	TURN_URIS=$(cat "$__object/parameter/turn-uri")
+	export TURN_URIS
+fi
 
-installation_reqs=""
+# Worker-mode configuration.
-if [ "$os" = "debian" ] && [ "$distribution" = "buster" ]; then
+export MAIN_LISTENER_PORT=8008
-  # Enable debian-backports for debian Buster, as the 'stable'
+export ENABLE_MEDIA_REPO='true'
-  # matrix-synapse package is ways too old (< 1.0).
+export SEND_FEDERATION_FROM_MAIN_PROCESS='true'
-  __apt_source debian-backports \
+export RUN_BACKGROUND_TASKS_ON=
-    --uri http://deb.debian.org/debian/ \
+export ENABLE_REPLICATION=
-    --distribution "$distribution-backports" \
+export ENABLE_REDIS_SUPPORT='false'
-    --component main
+MAIN_LISTENER_RESOURCES="[federation,client]"
-   require="__apt_source/debian-backports" __apt_update_index
+if [ "$EXPOSE_METRICS" = "true" ]; then
+	MAIN_LISTENER_RESOURCES="$(echo "$MAIN_LISTENER_RESOURCES" | tr -d ']'),metrics]"
+fi
+export MAIN_LISTENER_RESOURCES
 
-  # Install base matrix-synapse package.
+# Error out on invalid parameter combination.
-  require="__apt_update_index" __package_apt $synapse_pkg \
+case "$DATABASE_ENGINE" in
-    --state present \
+	sqlite3)
-    --target-release "$distribution-backports"
+		:
+	;;
+	psycopg2)
+		when='database engine is psycopg2'
+		is_required_when "$DATABASE_HOST" '--database-host' "$when"
+		is_required_when "$DATABASE_USER" '--database-user' "$when"
+	;;
+	*)
+		echo "Invalid database engine: $DATABASE_ENGINE." >&2
+		exit 1
+	;;
+esac
 
-  # Install LdapAuthProvider module if LDAP auth is enabled.
-  if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
-    require="__package_apt/$synapse_pkg" __package_apt $ldap_auth_provider_pkg \
-      --state present \
-      --target-release "$distribution-backports"
-    installation_reqs="$installation_reqs __package_apt/$ldap_auth_provider_pkg"
-  fi
 
-  # For some reason, psycopg2 is not considered a dependency of
+# Install OS packages. We have a bit of boilerplate to handle the debian
-  # matrix-synapse in matrix.org's APT repository.
+# backports situation.
-  if [ "$DATABASE_ENGINE" = "psycopg2" ]; then
+synapse_req=
-    require="__package_apt/$synapse_pkg" __package_apt $psycopg2_pkg \
+if [ -n "$apt_target_release" ]; then
-      --state present
+	__package_apt "$synapse_pkg" \
-      installation_reqs="$installation_reqs __package_apt/$psycopg2_pkg"
+		--target-release "$apt_target_release"
-  fi
+	synapse_req="__package_apt/$synapse_pkg"
-
-  # Used for dependency order resolution.
-  installation_reqs="$installation_reqs __package_apt/$synapse_pkg"
 else
-  # Install base matrix-synapse package.
+	__package "$synapse_pkg"
-  __package $synapse_pkg --state present
+	synapse_req="__package/$synapse_pkg"
+fi
 
-  # Install LdapAuthProvider module if LDAP auth is enabled.
+if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
-  if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
+	if [ -n "$apt_target_release" ]; then
-    require="__package/$synapse_pkg" __package $ldap_auth_provider_pkg \
+		require="__package_apt/$synapse_pkg" __package_apt "$ldap_auth_provider_pkg" \
-      --state present
+			--target-release "$apt_target_release"
-  fi
+		else
-
+			__package "$ldap_auth_provider_pkg"
-  # Used for dependency order resolution.
+	fi
-  installation_reqs="__package/$synapse_pkg"
 fi
 
 # Generate and deploy configuration files.
@@ -287,34 +295,35 @@ mkdir -p "$__object/files"
 "$__type/files/homeserver.yaml.sh" > "$__object/files/homeserver.yaml"
 "$__type/files/log.config.sh" > "$__object/files/log.config"
 
-require="$installation_reqs" __file "$synapse_conf_dir/homeserver.yaml" \
+require="$synapse_req" __file "$synapse_conf_dir/homeserver.yaml" \
-  --state present \
   --owner $synapse_user \
   --mode 600 \
   --source "$__object/files/homeserver.yaml"
-require="$installation_reqs" __file "$LOG_CONFIG_PATH" \
+require="$synapse_req" __file "$LOG_CONFIG_PATH" \
-  --state present \
   --owner $synapse_user \
   --mode 600 \
   --source "$__object/files/log.config"
-require="$installation_reqs" __directory $DATA_DIR --state present --owner $synapse_user
-require="$installation_reqs" __directory $LOG_DIR --state present --owner $synapse_user
 
-# Work around dpkg-reconfigure for Debian package.
+for directory in $DATA_DIR $LOG_DIR; do
-RESTART_REQUIRES="__file/$synapse_conf_dir/homeserver.yaml"
+	require="$synapse_req" __directory $directory \
+		--state present \
+		--owner $synapse_user
+done
+
+# Make dpkg-reconfigure happy on debian systems.
 if [ "$os" = "debian" ]; then
-  require="$installation_reqs" __file "$synapse_conf_dir/conf.d/server_name.yaml" \
+	require="$synapse_req" __file "$synapse_conf_dir/conf.d/server_name.yaml" \
-    --state present --owner $synapse_user --source - << EOF
+		--owner $synapse_user \
-server_name: "$SERVER_NAME"
+		--source - <<- EOF
-EOF
+		server_name: "$SERVER_NAME"
-  require="$installation_reqs" __file "$synapse_conf_dir/conf.d/report_stats.yaml" \
+		EOF
-    --state present --owner $synapse_user --source - << EOF
-report_stats: $REPORT_STATS
-EOF
 
-  RESTART_REQUIRES="$RESTART_REQUIRES __file/$synapse_conf_dir/conf.d/server_name.yaml \
+	require="$synapse_req" __file "$synapse_conf_dir/conf.d/report_stats.yaml" \
-      __file/$synapse_conf_dir/conf.d/report_stats.yaml"
+		--owner $synapse_user \
+		--source - <<- EOF
+		report_stats: $REPORT_STATS
+		EOF
 fi
 
-# Restart synapse homeserver to reload configuration.
+# Start service at boot - started/reload in gencode-remote.
-require="$RESTART_REQUIRES" __service $synapse_service --action restart
+require="$synapse_req" __start_on_boot $synapse_service

type/__matrix_synapse/parameter/boolean

@@ -1,14 +1,18 @@
 allow-registration
 enable-ldap-auth
-ldap-search-mode
 report-stats
 expose-metrics
 enable-notifications
 enable-notifications-by-default
-smtp-requires-tls
+smtp-use-starttls
 disable-federation
 registration-requires-email
 allow-public-rooms-over-federation
 enable-server-notices
 allow-guest-access
 allow-public-rooms-without-auth
+limit-remote-room-complexity
+disable-presence
+ldap-use-starttls
+user-directory-search-all-users
+enable-message-retention-policy

type/__matrix_synapse/parameter/default/message-max-lifetime

@@ -0,0 +1 @@
+1y

type/__matrix_synapse/parameter/default/remote-room-complexity-treshold

@@ -0,0 +1 @@
+1.0

type/__matrix_synapse/parameter/default/room-encryption-policy

@@ -0,0 +1 @@
+off

type/__matrix_synapse/parameter/default/web-client-url

@@ -0,0 +1 @@
+https://app.element.io/

type/__matrix_synapse/parameter/optional

@@ -15,11 +15,15 @@ max-upload-size
 smtp-host
 smtp-port
 smtp-user
-smtp-pass
+smtp-password
-riot-base-url
+web-client-url
 rc-message-per-second
 rc-message-burst
 rc-login-per-second
 rc-login-burst
 global-cache-factor
 event-cache-size
+remote-room-complexity-treshold
+room-encryption-policy
+notification-from
+message-max-lifetime