initial commit

.gitignore

@@ -0,0 +1,3 @@
+*~
+.DS_Store
+*.swp

Dockerfile

@@ -0,0 +1,76 @@
+FROM thallian/confd-env:latest
+
+ENV VERSION v0.17.0-rc1
+
+RUN addgroup synapse
+RUN adduser -h /var/lib/synapse -D -G synapse synapse
+
+RUN apk add --no-cache \
+    bash \
+    coreutils \
+    curl \
+    file \
+    gcc \
+    postgresql-dev \
+    libffi \
+    libffi-dev \
+    libjpeg-turbo \
+    libjpeg-turbo-dev \
+    libssl1.0 \
+    libtool \
+    libxml2 \
+    libxml2-dev \
+    libxslt \
+    libxslt-dev \
+    linux-headers \
+    make \
+    musl \
+    musl-dev \
+    openldap \
+    openldap-dev \
+    openssl-dev \
+    pwgen \
+    py-pip \
+    py-virtualenv \
+    python \
+    python-dev \
+    sqlite \
+    sqlite-libs \
+    unzip \
+    zlib \
+    zlib-dev
+
+RUN virtualenv -p python /var/lib/synapse
+RUN source /var/lib/synapse/bin/activate && \
+    pip install --upgrade setuptools && \
+    pip install psycopg2 && \
+    pip install python-ldap && \
+    pip install https://github.com/matrix-org/synapse/tarball/$VERSION
+
+RUN apk del \
+    coreutils \
+    file \
+    gcc \
+    postgresql-dev \
+    libffi-dev \
+    libjpeg-turbo-dev \
+    libtool \
+    libxml2-dev \
+    libxslt-dev \
+    linux-headers \
+    make \
+    musl-dev \
+    openldap-dev \
+    openssl-dev \
+    python-dev \
+    sqlite-libs \
+    zlib-dev
+
+RUN chown -R synapse:synapse /var/lib/synapse
+ENV HOME /var/lib/synapse
+
+ADD /rootfs /
+
+EXPOSE 8448
+
+VOLUME /var/lib/synapse/media_store/ /var/lib/synapse/signing/ /etc/ssl/synapse/

rootfs/etc/confd/conf.d/server.yaml.toml

@@ -0,0 +1,3 @@
+[template]
+src = "server.yaml.tmpl"
+dest = "/var/lib/synapse/server.yaml"

rootfs/etc/confd/templates/server.yaml.tmpl

@@ -0,0 +1,149 @@
+tls_certificate_path: "/etc/ssl/synapse/fullchain.pem"
+tls_private_key_path: "/etc/ssl/synapse/privkey.pem"
+tls_dh_params_path: "/var/lib/synapse/signing/dhparams.pem"
+no_tls: False
+
+server_name: "{{getenv "SERVER_NAME"}}"
+
+pid_file: /var/lib/synapse/homeserver.pid
+
+web_client: True
+
+# The public-facing base URL for the client API (not including _matrix/...)
+# public_baseurl: https://example.com:8448/
+
+soft_file_limit: 0
+
+listeners:
+  -
+    port: 8448
+    bind_address: ''
+    type: httpp
+    tls: true
+    x_forwarded: false
+    resources:
+      -
+        names:
+          - client
+          - webclient
+        compress: true
+
+      - names: [federation]
+        compress: false
+
+  - port: 8008
+    tls: false
+    bind_address: ''
+    type: http
+    x_forwarded: false
+
+    resources:
+      - names: [client, webclient]
+        compress: true
+      - names: [federation]
+        compress: false
+
+database:
+  name: "psycopg2"
+  args:
+    user: {{getenv "DB_USER"}}
+    password: {{getenv "DB_PASSWORD"}}
+    database: {{getenv "DB_NAME"}}
+    host: {{getenv "DB_HOST"}}
+    cp_min: 5
+    cp_max: 10
+
+event_cache_size: "10K"
+
+verbose: 0
+log_file: "/var/lib/synapse/homeserver.log"
+log_config: "/var/lib/synapse/log.config"
+
+rc_messages_per_second: 0.2
+rc_message_burst_count: 10.0
+federation_rc_window_size: 1000
+federation_rc_sleep_limit: 10
+federation_rc_sleep_delay: 500
+federation_rc_reject_limit: 50
+federation_rc_concurrent: 3
+
+media_store_path: "/var/lib/synapse/media_store"
+uploads_path: "/var/lib/synapse/uploads"
+max_upload_size: "{{getenv "MAX_UPLOAD_SIZE"}}"
+max_image_pixels: "{{getenv "MAX_THUMBNAIL_PIXELS"}}"
+dynamic_thumbnails: {{getenv "DYNAMIC_THUMBNAILS"}}
+
+thumbnail_sizes:
+- width: 32
+  height: 32
+  method: crop
+- width: 96
+  height: 96
+  method: crop
+- width: 320
+  height: 240
+  method: scale
+- width: 640
+  height: 480
+  method: scale
+- width: 800
+  height: 600
+  method: scale
+
+url_preview_enabled: False
+enable_registration_captcha: False
+
+# The public URIs of the TURN server to give to clients
+turn_uris: []
+
+# The shared secret used to compute passwords for the TURN server
+turn_shared_secret: "YOUR_SHARED_SECRET"
+
+# How long generated TURN credentials last
+turn_user_lifetime: "1h"
+
+enable_registration: False
+allow_guest_access: False
+
+trusted_third_party_id_servers:
+    - matrix.org
+    - vector.im
+
+enable_metrics: {{getenv "ENABLE_METRICS"}}
+report_stats: {{getenv "REPORT_STATS"}}
+
+room_invite_state_types:
+    - "m.room.join_rules"
+    - "m.room.canonical_alias"
+    - "m.room.avatar"
+    - "m.room.name"
+
+app_service_config_files: []
+
+macaroon_secret_key: "{{getenv "MACAROON_SECRET_KEY"}}"
+expire_access_token: False
+
+signing_key_path: "/var/lib/synapse/signing/signing.key"
+old_signing_keys: {}
+
+key_refresh_interval: "1d" # 1 Day.
+
+perspectives:
+  servers:
+    "matrix.org":
+      verify_keys:
+        "ed25519:auto":
+          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+
+ldap_config:
+   enabled: true
+   uri: "{{getenv "LDAP_URI"}}"
+   start_tls: true
+   base: "{{getenv "LDAP_BASE_DN"}}"
+   attributes:
+      uid: "{{getenv "LDAP_UID_ATTRIBUTE"}}"
+      mail: "{{getenv "LDAP_MAIL_ATTRIBUTE"}}"
+      name: "{{getenv "LDAP_NAME_ATTRIBUTE"}}"
+   bind_dn: "{{getenv "LDAP_BIND_DN"}}"
+   bind_password: "{{getenv "LDAPBIND_PASSWORD"}}"
+   filter: "{{getenv "LDAP_FILTER"}}"

rootfs/etc/cont-init.d/synapse-keys

@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv sh
+
+if [ ! -f /var/lib/synapse/signing/signing.key ]; then
+    source /var/lib/synapse/bin/activate
+    s6-setuidgid synapse python -B -m synapse.app.homeserver -c server.yaml --generate-config --report-stats=no
+fi
+
+if [ ! -f /var/lib/synapse/signing/dhparams.pem ]; then
+    openssl dhparam -out /var/lib/synapse/signing/dhparams.pem $DHPARAM_LENGTH
+fi

rootfs/etc/fix-attrs.d/01-synapse

@@ -0,0 +1,2 @@
+/var/lib/synapse/signing/ true synapse 0640 0750
+/var/lib/synapse/media_store/ true synapse 0640 0750

rootfs/etc/services.d/synapse/run

@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv sh
+
+cd /var/lib/synapse
+source /var/lib/synapse/bin/activate
+s6-setuidgid synapse python -B -m synapse.app.homeserver -c server.yaml