container/matrix-synapse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'k3s'

Browse Source
This commit is contained in:
Sebastian Hugentobler 2022-02-16 08:51:43 +01:00
commit 8634a7e11f
14 changed files with 761 additions and 716 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.editorconfig
View File

@ -1,9 +0,0 @@
root = true
[*]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
indent_size = 4

4
Dockerfile
View File

@ -1,6 +1,6 @@
FROM alpine:3.14 AS builder FROM alpine:3.15 AS builder
ENV VERSION=v1.49.0 ENV VERSION=v1.52.0
RUN apk add --no-cache \ RUN apk add --no-cache \
alpine-sdk \ alpine-sdk \

45
README.md
View File

@ -1,4 +1,9 @@
[Synapse](https://github.com/matrix-org/synapse) homeserver for the [matrix](http://matrix.org/) network. [Synapse](https://github.com/matrix-org/synapse) homeserver for the [matrix](http://matrix.org/) network with keycloak auth.
# Database
```
CREATE DATABASE matrix_synapse WITH TEMPLATE 'template0' LC_COLLATE 'C' LC_CTYPE 'C' OWNER 'synapse';
```
# Volumes # Volumes
- `/var/lib/matrix-synapse/media_store/` - `/var/lib/matrix-synapse/media_store/`
@ -67,50 +72,20 @@ Whether to generate new thumbnails on the fly to precisely match the resolution
Semi colon seperated list of registration files to load. Semi colon seperated list of registration files to load.
## OIDC_ENABLED ## OIDC_NAME
- default: false Name of the oidc provider as shown to users.
Whether to enable authorization against an OpenID Connect server.
## OIDC_DISCOVER
- default: true
Whether to use the OIDC discovery mechanism to discover endpoints.
## OIDC_ISSUER ## OIDC_ISSUER
The OIDC issuer. Used to validate tokens and (if discovery is enabled) to discover the provider's endpoints. The OIDC issuer. Used to validate tokens and (if discovery is enabled) to discover the provider's endpoints.
For example `https://auth.example.com/auth/realms/master"`.
## OIDC_CLIENT_ID ## OIDC_CLIENT_ID
oauth2 client id. oauth2 client id.
## OIDC_CLIENT_SECRET ## OIDC_CLIENT_SECRET
oauth2 client secret. oauth2 client secret.
## OIDC_SCOPES
- default: "\"openid\""
Comma separated list of scopes to request.
## OIDC_AUTH_ENDPOINT
oauth2 authorization endpoint. Required if provider discovery is disabled.
## OIDC_TOKEN_ENDPOINT
oauth2 token endpoint. Required if provider discovery is disabled.
## OIDC_USERINFO_ENDPOINT
OIDC userinfo endpoint. Required if discovery is disabled and the "openid" scope
is not requested.
## OIDC_JWKS_URI
URI where to fetch the JWKS. Required if discovery is disabled and the "openid"
scope is used.
## OIDC_MAPPING_PROVIDER
- default: synapse.handlers.oidc_handler.JinjaOidcMappingProvider
Python module for mapping attributes returned from a OIDC provider onto a matrix
user.
## OIDC_ALLOW_EXISTING_USER ## OIDC_ALLOW_EXISTING_USER
- default: false - default: false

2
rootfs/etc/cont-init.d/synapse-keys → rootfs/bin/synapse-keys Normal file → Executable file
View File

@ -1,4 +1,4 @@
#!/usr/bin/with-contenv sh #!/bin/sh
if [ ! -f /var/lib/matrix-synapse/signing/signing.key ]; then if [ ! -f /var/lib/matrix-synapse/signing/signing.key ]; then
s6-setuidgid matrix-synapse python3 -B -m synapse.app.homeserver -c /var/lib/matrix-synapse/server.yaml --generate-config -H $SERVER_NAME --report-stats=no s6-setuidgid matrix-synapse python3 -B -m synapse.app.homeserver -c /var/lib/matrix-synapse/server.yaml --generate-config -H $SERVER_NAME --report-stats=no

1385
rootfs/etc/confd/templates/server.yaml.tmpl
View File

File diff suppressed because it is too large Load Diff

2
rootfs/etc/fix-attrs.d/01-synapse
View File

@ -1,2 +0,0 @@
/var/lib/matrix-synapse/signing/ true matrix-synapse 0640 0750
/var/lib/matrix-synapse/media_store/ true matrix-synapse 0640 0750

2
rootfs/etc/s6-overlay/s6-rc.d/matrix-synapse/dependencies Normal file
View File

@ -0,0 +1,2 @@
confd
synapse-keys

2
rootfs/etc/services.d/synapse/run → rootfs/etc/s6-overlay/s6-rc.d/matrix-synapse/run
View File

@ -1,4 +1,4 @@
#!/usr/bin/with-contenv sh #!/bin/sh
cd /var/lib/matrix-synapse cd /var/lib/matrix-synapse
s6-setuidgid matrix-synapse python3 -B -m synapse.app.homeserver -c server.yaml s6-setuidgid matrix-synapse python3 -B -m synapse.app.homeserver -c server.yaml

1
rootfs/etc/s6-overlay/s6-rc.d/matrix-synapse/type Normal file
View File

@ -0,0 +1 @@
longrun

1
rootfs/etc/s6-overlay/s6-rc.d/synapse-keys/dependencies Normal file
View File

@ -0,0 +1 @@
confd

1
rootfs/etc/s6-overlay/s6-rc.d/synapse-keys/type Normal file
View File

@ -0,0 +1 @@
oneshot

1
rootfs/etc/s6-overlay/s6-rc.d/synapse-keys/up Normal file
View File

@ -0,0 +1 @@
synapse-keys

0
rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/matrix-synapse Normal file
View File

22
rootfs/py-pkgs/nextcloud_oicd_mapping_provider.py
View File

@ -1,22 +0,0 @@
from synapse.handlers.oidc import OidcMappingProvider
class NextcloudOidcMappingProvider(OidcMappingProvider):
def __init__(self, config):
self._config = config
@staticmethod
def parse_config(config):
return {}
def get_remote_user_id(self, userinfo):
return userinfo["ocs"]["data"]["id"]
async def map_user_attributes(self, userinfo, token):
localpart = userinfo["ocs"]["data"]["id"]
display_name = userinfo["ocs"]["data"]["display-name"]
return {"localpart": localpart, "display_name": display_name}
async def get_extra_attributes(self, userinfo, token):
extras = {}
return extras