add script to perform mas migration compatibility check
This commit is contained in:
39
abra.sh
39
abra.sh
@ -19,6 +19,45 @@ ensure_mas_database () {
|
||||
fi
|
||||
}
|
||||
|
||||
# Local helper: fetch homeserver.yaml from app, push to mas, then syn2mas check + dry-run.
|
||||
prepare_mas_migration () {
|
||||
local hs_local syn_cfg
|
||||
|
||||
syn_cfg=/tmp/homeserver.yaml
|
||||
|
||||
cleanup_prepare_mas_migration() {
|
||||
rm -f "homeserver.yaml"
|
||||
}
|
||||
trap cleanup_prepare_mas_migration EXIT
|
||||
|
||||
echo "Fetching /data/homeserver.yaml from app to homeserver.yaml (abra app run … cat)..."
|
||||
if ! abra app run -t "$DOMAIN" app cat /data/homeserver.yaml > "homeserver.yaml"
|
||||
then
|
||||
return 1
|
||||
fi
|
||||
if [ ! -s "homeserver.yaml" ]; then
|
||||
echo "Error: fetched homeserver.yaml is empty." >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo "Copying into mas:/tmp"
|
||||
abra app cp -C "$DOMAIN" "homeserver.yaml" "mas:/tmp" || return 1
|
||||
|
||||
echo "Running mas-cli syn2mas check..."
|
||||
abra app run -t "$DOMAIN" mas -- mas-cli syn2mas check \
|
||||
--config /etc/mas/config.yaml \
|
||||
--synapse-config "$syn_cfg" || return 1
|
||||
|
||||
echo "Running mas-cli syn2mas migrate --dry-run..."
|
||||
abra app run -t "$DOMAIN" mas -- mas-cli syn2mas migrate \
|
||||
--config /etc/mas/config.yaml \
|
||||
--synapse-config "$syn_cfg" \
|
||||
--dry-run || return 1
|
||||
|
||||
# trap - EXIT
|
||||
# cleanup_prepare_mas_migration
|
||||
}
|
||||
|
||||
set_admin () {
|
||||
admin=akadmin
|
||||
if [ -n "$1" ]
|
||||
|
||||
@ -17,19 +17,27 @@ server_name: {{ or (env "SERVER_NAME") (env "DOMAIN") }}
|
||||
public_baseurl: https://{{ env "DOMAIN" }}/
|
||||
|
||||
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#require_auth_for_profile_requests
|
||||
{{ if (env "REQUIRE_AUTH_FOR_PROFILE_REQUESTS") }}
|
||||
require_auth_for_profile_requests: {{ env "REQUIRE_AUTH_FOR_PROFILE_REQUESTS" }}
|
||||
{{ end }}
|
||||
|
||||
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_profile_requests_to_users_who_share_rooms
|
||||
{{ if (env "LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS") }}
|
||||
limit_profile_requests_to_users_who_share_rooms: {{ env "LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#serve_server_wellknown
|
||||
{{ if (env "SERVE_SERVER_WELLKNOWN") }}
|
||||
serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_without_auth
|
||||
allow_public_rooms_without_auth: false
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_over_federation
|
||||
allow_public_rooms_over_federation: {{ or (env "ALLOW_PUBLIC_ROOMS_FEDERATION") "true" }}
|
||||
{{ if (env "ALLOW_PUBLIC_ROOMS_FEDERATION") }}
|
||||
allow_public_rooms_over_federation: {{ env "ALLOW_PUBLIC_ROOMS_FEDERATION" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#listeners
|
||||
listeners:
|
||||
@ -64,7 +72,9 @@ delete_stale_devices_after: {{ env "DELETE_STALE_DEVICES_AFTER" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#admin_contact
|
||||
{{ if (env "ADMIN_EMAIL") }}
|
||||
admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}'
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_remote_rooms
|
||||
limit_remote_rooms:
|
||||
@ -81,19 +91,27 @@ forgotten_room_retention_period: 3d
|
||||
request_token_inhibit_3pid_errors: true
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#redaction_retention_period
|
||||
{{ if (env "REDACTION_RETENTION_PERIOD") }}
|
||||
redaction_retention_period: {{ env "REDACTION_RETENTION_PERIOD" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_ips_max_age
|
||||
{{ if (env "USER_IPS_MAX_AGE") }}
|
||||
user_ips_max_age: {{ env "USER_IPS_MAX_AGE" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#retention
|
||||
retention:
|
||||
enabled: true
|
||||
default_policy:
|
||||
min_lifetime: 1d
|
||||
{{ if (env "RETENTION_MAX_LIFETIME") }}
|
||||
max_lifetime: {{ env "RETENTION_MAX_LIFETIME" }}
|
||||
{{ end }}
|
||||
allowed_lifetime_min: 1d
|
||||
{{ if (env "ALLOWED_LIFETIME_MAX") }}
|
||||
allowed_lifetime_max: {{ env "ALLOWED_LIFETIME_MAX" }}
|
||||
{{ end }}
|
||||
purge_jobs:
|
||||
- longest_max_lifetime: 3d
|
||||
interval: 12h
|
||||
@ -134,20 +152,30 @@ max_upload_size: 50M
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#turn
|
||||
{{ if eq (env "TURN_ENABLED") "1" }}
|
||||
{{ if (env "TURN_URIS") }}
|
||||
turn_uris: {{ env "TURN_URIS" }}
|
||||
{{ end }}
|
||||
turn_shared_secret: "{{ secret "turn_shared_secret" }}"
|
||||
turn_user_lifetime: 1h
|
||||
{{ if (env "TURN_ALLOW_GUESTS") }}
|
||||
turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_registration
|
||||
{{ if (env "ENABLE_REGISTRATION") }}
|
||||
enable_registration: {{ env "ENABLE_REGISTRATION" }}
|
||||
{{ end }}
|
||||
|
||||
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_requires_token
|
||||
{{ if (env "REGISTRATION_REQUIRES_TOKEN") }}
|
||||
registration_requires_token: {{ env "REGISTRATION_REQUIRES_TOKEN" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_3pid_lookup
|
||||
{{ if (env "ENABLE_3PID_LOOKUP") }}
|
||||
enable_3pid_lookup: {{ env "ENABLE_3PID_LOOKUP" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_guest_access
|
||||
allow_guest_access: false
|
||||
@ -177,7 +205,9 @@ session_lifetime: {{ env "SESSION_LIFETIME" }}
|
||||
report_stats: false
|
||||
|
||||
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#track_puppeted_user_ips
|
||||
{{ if (env "TRACK_PUPPETED_USER_IPS") }}
|
||||
track_puppeted_user_ips: {{ env "TRACK_PUPPETED_USER_IPS" }}
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "APP_SERVICES_ENABLED") "1" }}
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#app_service_config_files
|
||||
@ -216,7 +246,9 @@ oidc_providers:
|
||||
client_id: "{{ env "KEYCLOAK_CLIENT_ID" }}"
|
||||
client_secret: "{{ secret "keycloak_client_secret" }}"
|
||||
scopes: ["openid", "profile"]
|
||||
{{ if (env "KEYCLOAK_ALLOW_EXISTING_USERS") }}
|
||||
allow_existing_users: {{ env "KEYCLOAK_ALLOW_EXISTING_USERS" }}
|
||||
{{ end }}
|
||||
user_mapping_provider:
|
||||
config:
|
||||
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
||||
@ -229,7 +261,9 @@ oidc_providers:
|
||||
client_id: "{{ env "KEYCLOAK2_CLIENT_ID" }}"
|
||||
client_secret: "{{ secret "keycloak2_client_secret" }}"
|
||||
scopes: ["openid", "profile"]
|
||||
{{ if (env "KEYCLOAK2_ALLOW_EXISTING_USERS") }}
|
||||
allow_existing_users: {{ env "KEYCLOAK2_ALLOW_EXISTING_USERS" }}
|
||||
{{ end }}
|
||||
user_mapping_provider:
|
||||
config:
|
||||
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
||||
@ -243,7 +277,9 @@ oidc_providers:
|
||||
client_id: "{{ env "KEYCLOAK3_CLIENT_ID" }}"
|
||||
client_secret: "{{ secret "keycloak3_client_secret" }}"
|
||||
scopes: ["openid", "profile"]
|
||||
{{ if (env "KEYCLOAK3_ALLOW_EXISTING_USERS") }}
|
||||
allow_existing_users: {{ env "KEYCLOAK3_ALLOW_EXISTING_USERS" }}
|
||||
{{ end }}
|
||||
user_mapping_provider:
|
||||
config:
|
||||
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
||||
@ -260,8 +296,10 @@ sso:
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
|
||||
# With MAS (matrix_authentication_service), Synapse rejects password_config.enabled: true — set PASSWORD_LOGIN_ENABLED=false in app .env when MAS_ENABLED=1 (.env.sample).
|
||||
{{ if (env "PASSWORD_LOGIN_ENABLED") }}
|
||||
password_config:
|
||||
enabled: {{ env "PASSWORD_LOGIN_ENABLED" }}
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "MAS_ENABLED") "1" }}
|
||||
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#matrix_authentication_service
|
||||
@ -286,19 +324,37 @@ email:
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#encryption_enabled_by_default_for_room_type
|
||||
{{ if (env "ENCRYPTED_BY_DEFAULT") }}
|
||||
encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_directory
|
||||
{{ if or (env "USER_DIRECTORY_ENABLED") (env "USER_DIRECTORY_SEARCH_ALL_USERS") (env "USER_DIRECTORY_PREFER_LOCAL_USERS") (env "USER_DIRECTORY_SHOW_LOCKED_USERS") }}
|
||||
user_directory:
|
||||
{{ if (env "USER_DIRECTORY_ENABLED") }}
|
||||
enabled: {{ env "USER_DIRECTORY_ENABLED" }}
|
||||
{{ end }}
|
||||
{{ if (env "USER_DIRECTORY_SEARCH_ALL_USERS") }}
|
||||
search_all_users: {{ env "USER_DIRECTORY_SEARCH_ALL_USERS" }}
|
||||
{{ end }}
|
||||
{{ if (env "USER_DIRECTORY_PREFER_LOCAL_USERS") }}
|
||||
prefer_local_users: {{ env "USER_DIRECTORY_PREFER_LOCAL_USERS" }}
|
||||
{{ end }}
|
||||
{{ if (env "USER_DIRECTORY_SHOW_LOCKED_USERS") }}
|
||||
show_locked_users: {{ env "USER_DIRECTORY_SHOW_LOCKED_USERS" }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_retention
|
||||
{{ if or (env "MEDIA_RETENTION_LOCAL_LIFETIME") (env "MEDIA_RETENTION_REMOTE_LIFETIME") }}
|
||||
media_retention:
|
||||
{{ if (env "MEDIA_RETENTION_LOCAL_LIFETIME") }}
|
||||
local_media_lifetime: {{ env "MEDIA_RETENTION_LOCAL_LIFETIME" }}
|
||||
{{ end }}
|
||||
{{ if (env "MEDIA_RETENTION_REMOTE_LIFETIME") }}
|
||||
remote_media_lifetime: {{ env "MEDIA_RETENTION_REMOTE_LIFETIME" }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_metrics
|
||||
enable_metrics: false
|
||||
@ -314,13 +370,21 @@ opentracing:
|
||||
enabled: false
|
||||
|
||||
# https://matrix-org.github.io/synapse/develop/usage/configuration/config_documentation.html#ratelimiting
|
||||
{{ if or (and (env "LOGIN_LIMIT_IP_PER_SECOND") (env "LOGIN_LIMIT_IP_BURST")) (and (env "LOGIN_LIMIT_ACCOUNT_PER_SECOND") (env "LOGIN_LIMIT_ACCOUNT_BURST")) }}
|
||||
rc_login:
|
||||
{{ if and (env "LOGIN_LIMIT_IP_PER_SECOND") (env "LOGIN_LIMIT_IP_BURST") }}
|
||||
address:
|
||||
per_second: {{ env "LOGIN_LIMIT_IP_PER_SECOND" }}
|
||||
burst_count: {{ env "LOGIN_LIMIT_IP_BURST" }}
|
||||
{{ end }}
|
||||
{{ if and (env "LOGIN_LIMIT_ACCOUNT_PER_SECOND") (env "LOGIN_LIMIT_ACCOUNT_BURST") }}
|
||||
account:
|
||||
per_second: {{ env "LOGIN_LIMIT_ACCOUNT_PER_SECOND" }}
|
||||
burst_count: {{ env "LOGIN_LIMIT_ACCOUNT_BURST" }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#web_client_location
|
||||
{{ if (env "WEB_CLIENT_LOCATION") }}
|
||||
web_client_location: {{ env "WEB_CLIENT_LOCATION" }}
|
||||
{{ end }}
|
||||
|
||||
Reference in New Issue
Block a user