chore: publish 5.0.2+v1.93.0 release

Reviewed-on: #40

.env.sample

@@ -1,7 +1,7 @@
 TYPE=matrix-synapse
 DOMAIN=matrix-synapse.example.com
-#TIMEOUT=300
+TIMEOUT=300
-#ENABLE_AUTO_UPDATE=true
+ENABLE_AUTO_UPDATE=true
 LETS_ENCRYPT_ENV=production
 COMPOSE_FILE="compose.yml"
 # POST_DEPLOY_CMDS="db set_admin"
@@ -42,6 +42,13 @@ PASSWORD_LOGIN_ENABLED=true
 SQL_LOG_LEVEL=WARN
 ROOT_LOG_LEVEL=WARN
 
+# for nginx
+NGINX_ACCESS_LOG_LOCATION="/dev/null"
+NGINX_ERROR_LOG_LOCATION="/dev/null"
+# Comment the previous two lines and uncomment these to enable logging
+#NGINX_ACCESS_LOG_LOCATION="/dev/stdout"
+#NGINX_ERROR_LOG_LOCATION="/dev/stderr"
+
 ## Privacy
 
 ENABLE_3PID_LOOKUP=true

abra.sh

@@ -1,11 +1,11 @@
 export DISCORD_BRIDGE_YAML_VERSION=v2
 export ENTRYPOINT_CONF_VERSION=v1
-export HOMESERVER_YAML_VERSION=v25
+export HOMESERVER_YAML_VERSION=v26
 export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v1
 export SIGNAL_BRIDGE_YAML_VERSION=v4
 export TELEGRAM_BRIDGE_YAML_VERSION=v6
-export NGINX_CONFIG_VERSION=v4
+export NGINX_CONFIG_VERSION=v5
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
 

compose.keycloak.yml

@@ -7,8 +7,8 @@ services:
       - db_password
       - form_secret
       - keycloak_client_secret
-      - macaroon_secret_key
+      - macaroon
-      - registration_shared_secret
+      - registration
     environment:
       - KEYCLOAK_CLIENT_DOMAIN
       - KEYCLOAK_CLIENT_ID

compose.smtp.yml

@@ -6,8 +6,8 @@ services:
     secrets:
       - db_password
       - form_secret
-      - macaroon_secret_key
+      - macaroon
-      - registration_shared_secret
+      - registration
       - smtp_password
     environment:
       - SMTP_APP_NAME

compose.turn.yml

@@ -6,8 +6,8 @@ services:
     secrets:
       - db_password
       - form_secret
-      - macaroon_secret_key
+      - macaroon
-      - registration_shared_secret
+      - registration
       - turn_shared_secret
     environment:
       - TURN_ALLOW_GUESTS

compose.yml

@@ -9,6 +9,8 @@ services:
       - internal
     environment:
       - STACK_NAME
+      - NGINX_ACCESS_LOG_LOCATION
+      - NGINX_ERROR_LOG_LOCATION
     configs:
       - source: nginx_config
         target: /etc/nginx/nginx.conf
@@ -25,7 +27,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=5.0.0+v1.93.0"
+        - "coop-cloud.${STACK_NAME}.version=5.0.2+v1.93.0"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
     healthcheck:
       test: curl -f http://synapse:8008/health || exit 1
@@ -39,8 +41,8 @@ services:
       - "data:/data"
     secrets:
       - db_password
-      - registration_shared_secret
+      - registration
-      - macaroon_secret_key
+      - macaroon
       - form_secret
     environment:
       - ALLOWED_LIFETIME_MAX
@@ -156,10 +158,10 @@ secrets:
   db_password:
     external: true
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-  registration_shared_secret:
+  registration:
     external: true
     name: ${STACK_NAME}_registration_${SECRET_REGISTRATION_VERSION}
-  macaroon_secret_key:
+  macaroon:
     external: true
     name: ${STACK_NAME}_macaroon_${SECRET_MACAROON_VERSION}
   form_secret:

homeserver.yaml.tmpl

@@ -139,7 +139,7 @@ enable_3pid_lookup: {{ env "ENABLE_3PID_LOOKUP" }}
 allow_guest_access: false
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_shared_secret
-registration_shared_secret: {{ secret "registration_shared_secret" }}
+registration_shared_secret: {{ secret "registration" }}
 
 {{ if eq (env "AUTO_JOIN_ROOM_ENABLED") "1" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#auto_join_rooms
@@ -156,7 +156,7 @@ app_service_config_files: {{ env "APP_SERVICE_CONFIGS" }}
 {{ end }}
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#macaroon_secret_key
-macaroon_secret_key: "{{ secret "macaroon_secret_key" }}"
+macaroon_secret_key: "{{ secret "macaroon" }}"
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#form_secret
 form_secret: "{{ secret "form_secret" }}"
@@ -173,8 +173,8 @@ trusted_key_servers:
 {{ end }}
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#oidc_providers
+{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
 oidc_providers:
-  {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
   - idp_id: {{ env "KEYCLOAK_ID" }}
     idp_name: {{ env "KEYCLOAK_NAME" }}
     issuer: "{{ env "KEYCLOAK_URL" }}"
@@ -186,7 +186,6 @@ oidc_providers:
       config:
         localpart_template: "{{ "{{ user.preferred_username }}" }}"
         display_name_template: "{{ "{{ user.name }}" }}"
-  {{ end }}
 
   {{ if eq (env "KEYCLOAK2_ENABLED") "1" }}
   - idp_id: {{ env "KEYCLOAK2_ID" }}
@@ -215,22 +214,22 @@ oidc_providers:
         localpart_template: "{{ "{{ user.preferred_username }}" }}"
         display_name_template: "{{ "{{ user.name }}" }}"
   {{ end }}
+{{ end }}
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#sso 
+{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
 sso:
-    {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
+  client_whitelist:
-    client_whitelist:
+    - https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }}
-      - https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }}
+{{ end }}
-    {{ end }}
-
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
 password_config:
    enabled: {{ env "PASSWORD_LOGIN_ENABLED" }}
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email
+{{ if eq (env "SMTP_ENABLED") "1" }}
 email:
-  {{ if eq (env "SMTP_ENABLED") "1" }}
   smtp_host: {{ env "SMTP_HOST" }}
   smtp_port: {{ env "SMTP_PORT" }}
   smtp_user: {{ env "SMTP_USER" }}
@@ -240,7 +239,7 @@ email:
   app_name: {{ env "SMTP_APP_NAME" }}
   enable_notifs: true
   client_base_url: https://{{ env "DOMAIN" }}
-  {{ end }}
+{{ end }}
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#encryption_enabled_by_default_for_room_type
 encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}

nginx.conf.tmpl

@@ -8,15 +8,15 @@ http {
   server {
     listen 80;
 
-    access_log off;
+    access_log {{ env "NGINX_ACCESS_LOG_LOCATION" }};
-    error_log /dev/null;
+    error_log {{ env "NGINX_ERROR_LOG_LOCATION" }};
 
     server_name {{ env "DOMAIN" }};
 
     location ~* ^(\/_matrix|\/_synapse\/client) {
       proxy_pass http://{{ env "STACK_NAME"}}_synapse:8008;
       proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Proto https;
       proxy_set_header Host $host;
       client_max_body_size 50M;
       proxy_http_version 1.1;

release/5.0.1+v1.93.0

@@ -0,0 +1,8 @@
+take care when upgrading! You need to add two variables to your .env file:
+use the following if you don't want any access logs (including users' IP addresses):
+NGINX_ACCESS_LOG_LOCATION="/dev/null"
+NGINX_ERROR_LOG_LOCATION="/dev/null"
+
+use the following if you want logs:
+NGINX_ACCESS_LOG_LOCATION="/dev/stdout"
+NGINX_ERROR_LOG_LOCATION="/dev/stderr"

release/next

@@ -0,0 +1,8 @@
+We had to rename some secrets: https://git.coopcloud.tech/coop-cloud/matrix-synapse/issues/35
+
+Copy the secrets:
+
+* `registration_shared_secret` to `registration`
+* `macaroon_secret_key` to `macaroon`
+
+Regeneration of these secrets should also work.