chore: publish 6.6.3+v1.124.0 release

Reviewed-on: #50
Reviewed-by: 3wordchant <3wordchant@noreply.git.coopcloud.tech>

.env.sample

@@ -33,7 +33,7 @@ ALLOW_PUBLIC_ROOMS_FEDERATION=false
 ENABLE_REGISTRATION=false
 PASSWORD_LOGIN_ENABLED=true
 
-# Token based registration. Enable ADMIN_INTERFACE_ENABLED=1 (below) to use the admin interface to generate tokens.
+# Token based registration. Enable ADMIN_INTERFACE (below) to use the admin interface to generate tokens.
 #REGISTRATION_REQUIRES_TOKEN=true
 
 ## Room auto-join
@@ -86,6 +86,11 @@ RETENTION_MAX_LIFETIME=4w
 #MEDIA_RETENTION_LOCAL_LIFETIME=30d
 #MEDIA_RETENTION_REMOTE_LIFETIME=14d
 
+## Old Signing Key
+#OLD_SIGNING_KEY_ID=a_OLDKEYID
+#OLD_SIGNING_KEY=base64string
+#OLD_SIGNING_KEY_EXPIRES=123456789123
+
 ## Ratelimit
 
 #LOGIN_LIMIT_IP_PER_SECOND=5

abra.sh

@@ -1,6 +1,6 @@
 export DISCORD_BRIDGE_YAML_VERSION=v2
 export ENTRYPOINT_CONF_VERSION=v3
-export HOMESERVER_YAML_VERSION=v31
+export HOMESERVER_YAML_VERSION=v32
 export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v2
 export SIGNAL_BRIDGE_YAML_VERSION=v6

compose.yml

@@ -55,6 +55,9 @@ services:
       - ENABLE_REGISTRATION
       - REGISTRATION_REQUIRES_TOKEN
       - ENCRYPTED_BY_DEFAULT
+      - OLD_SIGNING_KEY
+      - OLD_SIGNING_KEY_ID
+      - OLD_SIGNING_KEY_EXPIRES
       - USER_DIRECTORY_ENABLED=${USER_DIRECTORY_ENABLED:-true}
       - USER_DIRECTORY_SEARCH_ALL_USERS=${USER_DIRECTORY_SEARCH_ALL_USERS:-true}
       - USER_DIRECTORY_PREFER_LOCAL_USERS=${USER_DIRECTORY_PREFER_LOCAL_USERS:-true}
@@ -101,7 +104,7 @@ services:
       restart_policy:
         condition: on-failure
       labels:
-        - "coop-cloud.${STACK_NAME}.version=6.6.2+v1.124.0"
+        - "coop-cloud.${STACK_NAME}.version=6.6.3+v1.124.0"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8008/health"]

homeserver.yaml.tmpl

@@ -186,6 +186,12 @@ form_secret: "{{ secret "form_secret" }}"
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#signing_key_path
 signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key"
 
+# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#old_signing_keys
+{{ if (and (env "OLD_SIGNING_KEY_ID") (env "OLD_SIGNING_KEY") (env "OLD_SIGNING_KEY_EXPIRES")) }}
+old_signing_keys:
+  "ed25519:{{ env "OLD_SIGNING_KEY_ID" }}": { key: "{{ env "OLD_SIGNING_KEY" }}", expired_ts: {{ env "OLD_SIGNING_KEY_EXPIRES" }} }
+{{ end }}
+
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers
 {{ if eq (env "ENABLE_ALLOWLIST") "1" }}
 trusted_key_servers: [] # NOTE(d1): defaults to requesting server directly, which matches FEDERATION_ALLOWLIST

release/6.6.3+v1.124.0

@@ -0,0 +1 @@
+added env for old-signing-keys