#!/bin/bash
#
# Matrix Service

PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

config_matrix() {
  echo -ne "\n* Configuring /federated/apps/matrix container.."
  spin &
  SPINPID=$!

  if [ ! -d "/federated/apps/matrix" ]; then
    mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
    cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/
    chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key
  fi

cat > /federated/apps/matrix/docker-compose.yml <<EOF
version: '3.7'

services:
  matrix:
    image: matrixdotorg/synapse:\${IMAGE_VERSION}
    container_name: matrix
    hostname: matrix.$DOMAIN
    domainname: $DOMAIN
    restart: always
    networks:
      federated:
        ipv4_address: 172.99.0.19
    volumes:
     - ./data/matrix:/data
    env_file:
      - ./.env
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.matrix.rule=Host(\`matrix.$DOMAIN\`)"
      - "traefik.http.routers.matrix.entrypoints=websecure"
      - "traefik.http.routers.matrix.tls.certresolver=letsencrypt"

networks:
  federated:
    external: true
EOF

cat > /federated/apps/matrix/.env <<EOF
IMAGE_VERSION="v1.85.2"
EOF
chmod 600 /federated/apps/matrix/.env

LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
COTURN_MATRIX_SECRET=$(create_password);

# Generate the matrix homeserver.yaml file
docker run --rm -v "/federated/apps/matrix/data/matrix:/data" -e SYNAPSE_SERVER_NAME=matrix.$DOMAIN -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run docker matrixdotorg/synapse:latest generate"

# Take out default Sqlite database config
sed -i 's!database: /data/homeserver.db!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i 's!database:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i 's!name: sqlite3!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml

# Insert our Postgres and LDAP config
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF

serve_server_wellknown: true
turn_uris: [ "turn:turn.$DOMAIN?transport=udp", "turn:turn.$DOMAIN?transport=tcp" ]
turn_shared_secret: "$COTURN_MATRIX_SECRET"
turn_user_lifetime: 86400000
database:
    name: psycopg2
    args:
        user: matrix
        password: $MATRIX_SECRET
        host: postgresql.$DOMAIN
        database: matrix
        cp_min: 5
        cp_max: 10
email:
  smtp_host: "mail.$DOMAIN"
  smtp_port: 587
  smtp_user: "fcore"
  smtp_pass: "$ADMINPASS"
  force_tls: true
  #  require_transport_security: true
  enable_tls: true
  notif_from: "Your Friendly %(app)s homeserver <matrix@matrix.$DOMAIN>"
  app_name: $COMPANY Matrix Server

modules:
  - module: "ldap_auth_provider.LdapAuthProviderModule"
    config:
      enabled: true
      uri: "ldaps://ldap.$DOMAIN:636"
      start_tls: true
      base: "dc=federatedcomputer,dc=cloud"
      attributes:
        mail: "mail"
        uid: "uid"
        name: "givenName"
      bind_dn: cn=admin,dc=federatedcomputer,dc=cloud
      bind_password: $LDAP_SECRET
      tls_options:
        validate: true
        local_certificate_file: /data/$DOMAIN.crt
        local_private_key_file: /data/$DOMAIN.key
EOF

kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_matrix() {
  # Start service with command to make sure it's up before proceeding
  start_service "matrix" "nc -z 172.99.0.19 8008 &> /dev/null" "8"

  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
}