add comrade backupbot

This config allows matrix-synapse to create a endpoint on
$DOMAIN/.well-known/matrix/server used for federation.
It's a straight forward way (no port opening required)
to enable federation if you are okay having a subdomain
(matrix.example.org) as your homeserver address.

.env.sample

@@ -15,6 +15,9 @@ COMPOSE_FILE="compose.yml"
 
 #DISABLE_FEDERATION=1
 
+# Set "true" to enable federation endpoint on $DOMAIN/.well-known/matrix/server
+SERVE_SERVER_WELLKNOWN=false 
+
 ENABLE_REGISTRATION=false
 PASSWORD_LOGIN_ENABLED=true
 
@@ -32,6 +35,8 @@ ENABLE_3PID_LOOKUP=true
 
 USER_IPS_MAX_AGE=1d
 
+ENCRYPTED_BY_DEFAULT=all
+
 #ENABLE_ALLOWLIST=1
 #FEDERATION_ALLOWLIST="[]"
 

README.md

@@ -34,6 +34,12 @@
 - use `DISABLE_FEDERATION=1` to turn off federation listeners
 - don't use [`compose.matrix.yml`](https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/compose.matrix.yml) in your traefik config to keep the federation ports closed
 
+### Enabling federation
+
+See [`#27`](https://git.coopcloud.tech/coop-cloud/matrix-synapse/pulls/27) for more.
+
+Depending on your setup, using `SERVE_SERVER_WELLKNOWN=true` might work to start federating.
+
 ### Seeing what changed in `homeserver.yaml` between versions
 
 Change the version range to suit your needs.

abra.sh

@@ -1,3 +1,3 @@
 export ENTRYPOINT_CONF_VERSION=v1
-export HOMESERVER_YAML_VERSION=v6
+export HOMESERVER_YAML_VERSION=v8
 export LOG_CONFIG_VERSION=v2

compose.yml

@@ -12,6 +12,7 @@ services:
       - macaroon_secret_key
       - form_secret
     environment:
+      - ENCRYPTED_BY_DEFAULT
       - AUTO_JOIN_ROOM
       - AUTO_JOIN_ROOM_ENABLED
       - DISABLE_FEDERATION
@@ -24,6 +25,7 @@ services:
       - PASSWORD_LOGIN_ENABLED
       - REDACTION_RETENTION_PERIOD
       - ROOT_LOG_LEVEL
+      - SERVE_SERVER_WELLKNOWN
       - SQL_LOG_LEVEL
       - STACK_NAME
       - SYNAPSE_ADMIN_EMAIL
@@ -72,6 +74,12 @@ services:
       test: ["CMD", "pg_isready", "-U", "synapse"]
     volumes:
       - postgres:/var/lib/postgresql/data
+    deploy:
+      labels:
+          backupbot.backup: "true"
+          backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
+          backupbot.backup.path: "/tmp/backup/"
 
 volumes:
   data:

homeserver.yaml.tmpl

@@ -85,7 +85,7 @@ public_baseurl: https://{{ env "DOMAIN" }}/
 #
 # Defaults to 'false'.
 #
-#serve_server_wellknown: true
+serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}
 
 # Set the soft limit on the number of file descriptors synapse can use
 # Zero is used to indicate synapse should set the soft limit to the
@@ -2316,7 +2316,7 @@ push:
 # Note that this option will only affect rooms created after it is set. It
 # will also not affect rooms created by other servers.
 #
-#encryption_enabled_by_default_for_room_type: invite
+encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}
 
 
 # Uncomment to allow non-server-admin users to create groups on this server

release/1.3.0+v1.55.2

@@ -1,3 +1,6 @@
 The deployment failed due to the app/db getting confused. I think this is just
 due to the recipe not having good healthcheck config. After the app container
-flapped a bit, everything came up nicely. d1 @ autonomic co-op
+flapped a bit, everything came up nicely. d1 @ autonomic co-op.
+
+Same thing happened to me when deploying this for another instance. Also d1 @
+autonomic co-op.