Compare commits
11 Commits
5.0.4+v1.1
...
main
Author | SHA1 | Date |
---|---|---|
Moritz | c36c147dff | |
Moritz | 8a37984e15 | |
Moritz | 63a1abb2c0 | |
3wc | 86106b6b6f | |
3wc | 8250916051 | |
3wc | e007bda255 | |
3wc | 951fc56434 | |
Moritz | 6fe14edef7 | |
Moritz | a0a9c2b863 | |
3wc | bdf8e11dc5 | |
3wc | 2658fed366 |
6
abra.sh
6
abra.sh
|
@ -1,11 +1,11 @@
|
|||
export DISCORD_BRIDGE_YAML_VERSION=v2
|
||||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
export HOMESERVER_YAML_VERSION=v27
|
||||
export ENTRYPOINT_CONF_VERSION=v2
|
||||
export HOMESERVER_YAML_VERSION=v28
|
||||
export LOG_CONFIG_VERSION=v2
|
||||
export SHARED_SECRET_AUTH_VERSION=v1
|
||||
export SIGNAL_BRIDGE_YAML_VERSION=v4
|
||||
export TELEGRAM_BRIDGE_YAML_VERSION=v6
|
||||
export NGINX_CONFIG_VERSION=v5
|
||||
export NGINX_CONFIG_VERSION=v6
|
||||
export WK_SERVER_VERSION=v1
|
||||
export WK_CLIENT_VERSION=v1
|
||||
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
authentik:
|
||||
env:
|
||||
KEYCLOAK_ID: authentik
|
||||
KEYCLOAK_NAME: sso
|
||||
KEYCLOAK_URL: https://authentik.example.com/application/o/matrix/
|
||||
KEYCLOAK_CLIENT_DOMAIN: https://element-web.example.com
|
||||
KEYCLOAK_ALLOW_EXISTING_USERS: "true"
|
||||
KEYCLOAK_CLIENT_ID: matrix
|
||||
uncomment:
|
||||
- compose.keycloak.yml
|
||||
- KEYCLOAK_ENABLED
|
||||
- KEYCLOAK_CLIENT_ID
|
||||
- SECRET_KEYCLOAK_CLIENT_SECRET_VERSION
|
||||
shared_secrets:
|
||||
matrix_secret: keycloak_client_secret
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
environment:
|
||||
- APP_SERVICES_ENABLED
|
||||
- APP_SERVICE_CONFIGS
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
secrets:
|
||||
- db_password
|
||||
- form_secret
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
secrets:
|
||||
- keycloak2_client_secret
|
||||
environment:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
secrets:
|
||||
- keycloak3_client_secret
|
||||
environment:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
environment:
|
||||
- SHARED_SECRET_AUTH_ENABLED
|
||||
secrets:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
environment:
|
||||
- APP_SERVICES_ENABLED
|
||||
- APP_SERVICE_CONFIGS
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
secrets:
|
||||
- db_password
|
||||
- form_secret
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
environment:
|
||||
- APP_SERVICES_ENABLED
|
||||
- APP_SERVICE_CONFIGS
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
synapse:
|
||||
app:
|
||||
secrets:
|
||||
- db_password
|
||||
- form_secret
|
||||
|
|
21
compose.yml
21
compose.yml
|
@ -2,12 +2,13 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
web:
|
||||
image: nginx:1.25.3
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
environment:
|
||||
- DOMAIN
|
||||
- STACK_NAME
|
||||
- NGINX_ACCESS_LOG_LOCATION
|
||||
- NGINX_ERROR_LOG_LOCATION
|
||||
|
@ -27,15 +28,13 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=5.0.4+v1.100.0"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
healthcheck:
|
||||
test: curl -f http://synapse:8008/health || exit 1
|
||||
test: curl -f http://${STACK_NAME}_app:8008/health || exit 1
|
||||
interval: 5s
|
||||
timeout: 3s
|
||||
retries: 20
|
||||
|
||||
synapse:
|
||||
app:
|
||||
image: "matrixdotorg/synapse:v1.100.0"
|
||||
volumes:
|
||||
- "data:/data"
|
||||
|
@ -87,6 +86,12 @@ services:
|
|||
- source: entrypoint_conf
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=6.0.2+v1.100.0"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
|
||||
interval: 30s
|
||||
|
@ -119,9 +124,9 @@ services:
|
|||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -r /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data"
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
|
|
@ -6,6 +6,7 @@ chown 991:991 /data
|
|||
|
||||
if [[ ! -f /data/{{ env "DOMAIN" }}.signing.key ]]; then
|
||||
/start.py generate
|
||||
chown -R 991:991 /data/*.config /data/*.key
|
||||
fi
|
||||
|
||||
/start.py
|
||||
|
|
|
@ -23,7 +23,7 @@ serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}
|
|||
allow_public_rooms_without_auth: false
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_over_federation
|
||||
allow_public_rooms_over_federation: {{ env "ALLOW_PUBLIC_ROOMS_FEDERATION" }}
|
||||
allow_public_rooms_over_federation: {{ or (env "ALLOW_PUBLIC_ROOMS_FEDERATION") "true" }}
|
||||
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#listeners
|
||||
listeners:
|
||||
|
|
|
@ -8,13 +8,13 @@ http {
|
|||
server {
|
||||
listen 80;
|
||||
|
||||
access_log {{ env "NGINX_ACCESS_LOG_LOCATION" }};
|
||||
error_log {{ env "NGINX_ERROR_LOG_LOCATION" }};
|
||||
access_log {{ or (env "NGINX_ACCESS_LOG_LOCATION") "/dev/null" }};
|
||||
error_log {{ or (env "NGINX_ERROR_LOG_LOCATION") "/dev/null" }};
|
||||
|
||||
server_name {{ env "DOMAIN" }};
|
||||
|
||||
location ~* ^(\/_matrix|\/_synapse\/client) {
|
||||
proxy_pass http://{{ env "STACK_NAME"}}_synapse:8008;
|
||||
proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Host $host;
|
||||
|
|
|
@ -5,4 +5,6 @@ Copy the secrets:
|
|||
* `registration_shared_secret` to `registration`
|
||||
* `macaroon_secret_key` to `macaroon`
|
||||
|
||||
The easiest way to do this is to run `abra app run <matrix.example.com> app bash` BEFORE this upgrade, then `cat /run/secrets/registration_shared_secret`. If you haven't saved the secrets yet, and would like to, please Ctrl+C out of this upgrade and do that first.
|
||||
|
||||
Regeneration of these secrets should also work.
|
||||
|
|
|
@ -1,17 +1 @@
|
|||
An Nginx proxy has been configured as the entrypoint for Synapse. This is not
|
||||
optional. This is done to counteract IP collection in Synapse itself. See more:
|
||||
|
||||
!!! You MUST undeploy your Synapse install before upgrading to this version !!!
|
||||
|
||||
This is because there have been a service rename in the recipe configuration:
|
||||
|
||||
* `app` -> `synapse`
|
||||
|
||||
This could break stuff in the recipe, so please report issues if you run into
|
||||
anything!
|
||||
|
||||
https://git.coopcloud.tech/coop-cloud/matrix-synapse/issues/38
|
||||
|
||||
Thanks!
|
||||
|
||||
-- d1
|
||||
It's recommended not to upgrade / downgrade directly to this version (or other 5.y.z versions), because of service renaming which was reverted in 6.0.0+v1.100.0.
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
take care when upgrading! You need to add two variables to your .env file:
|
||||
use the following if you don't want any access logs (including users' IP addresses):
|
||||
NGINX_ACCESS_LOG_LOCATION="/dev/null"
|
||||
NGINX_ERROR_LOG_LOCATION="/dev/null"
|
||||
Logging is now disabled by default. If you want to reënable it, set these options:
|
||||
|
||||
use the following if you want logs:
|
||||
```
|
||||
NGINX_ACCESS_LOG_LOCATION="/dev/stdout"
|
||||
NGINX_ERROR_LOG_LOCATION="/dev/stderr"
|
||||
```
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
We had to rename some secrets: https://git.coopcloud.tech/coop-cloud/matrix-synapse/issues/35
|
||||
|
||||
Copy the secrets:
|
||||
|
||||
* `registration_shared_secret` to `registration`
|
||||
* `macaroon_secret_key` to `macaroon`
|
||||
|
||||
Regeneration of these secrets should also work.
|
|
@ -0,0 +1 @@
|
|||
If you are upgrading from verison 5.y.z of this recipe, you will need to `undeploy` then `deploy`, because of a service rename which was reverted.
|
Loading…
Reference in New Issue