116 lines
3.3 KiB
Bash
116 lines
3.3 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Matrix Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
config_matrix() {
|
|
echo -ne "\n* Configuring /federated/apps/matrix container.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ ! -d "/federated/apps/matrix" ]; then
|
|
mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
|
|
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/
|
|
chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key
|
|
fi
|
|
|
|
cat > /federated/apps/matrix/docker-compose.yml <<EOF
|
|
version: '3.7'
|
|
|
|
services:
|
|
matrix:
|
|
image: matrixdotorg/synapse:\${IMAGE_VERSION}
|
|
container_name: matrix
|
|
hostname: matrix.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
networks:
|
|
federated:
|
|
ipv4_address: 172.99.0.19
|
|
volumes:
|
|
- ./data/matrix:/data
|
|
env_file:
|
|
- ./.env
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.matrix.rule=Host(\`matrix.$DOMAIN\`)"
|
|
- "traefik.http.routers.matrix.entrypoints=websecure"
|
|
- "traefik.http.routers.matrix.tls.certresolver=letsencrypt"
|
|
|
|
networks:
|
|
federated:
|
|
external: true
|
|
EOF
|
|
|
|
cat > /federated/apps/matrix/.env <<EOF
|
|
IMAGE_VERSION="v1.85.2"
|
|
EOF
|
|
chmod 600 /federated/apps/matrix/.env
|
|
|
|
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
|
|
|
|
# Generate the matrix homeserver.yaml file
|
|
docker run --rm -v "/federated/apps/matrix/data/matrix:/data" -e SYNAPSE_SERVER_NAME=matrix.$DOMAIN -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run docker matrixdotorg/synapse:latest generate"
|
|
|
|
# Take out default Sqlite database config
|
|
sed -i 's!database: /data/homeserver.db!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
|
|
sed -i 's!database:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
|
|
sed -i 's!name: sqlite3!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
|
|
sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
|
|
|
|
# Insert our Postgres and LDAP config
|
|
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
|
|
|
|
serve_server_wellknown: true
|
|
database:
|
|
name: psycopg2
|
|
args:
|
|
user: matrix
|
|
password: $MATRIX_SECRET
|
|
host: postgresql.$DOMAIN
|
|
database: matrix
|
|
cp_min: 5
|
|
cp_max: 10
|
|
email:
|
|
smtp_host: "mail.$DOMAIN"
|
|
smtp_port: 587
|
|
smtp_user: "admin"
|
|
smtp_pass: "$ADMINPASS"
|
|
force_tls: true
|
|
# require_transport_security: true
|
|
enable_tls: true
|
|
notif_from: "Your Friendly %(app)s homeserver <matrix@matrix.$DOMAIN>"
|
|
app_name: $COMPANY Matrix Server
|
|
|
|
modules:
|
|
- module: "ldap_auth_provider.LdapAuthProviderModule"
|
|
config:
|
|
enabled: true
|
|
uri: "ldaps://ldap.$DOMAIN:636"
|
|
start_tls: true
|
|
base: "dc=federatedcomputer,dc=cloud"
|
|
attributes:
|
|
mail: "mail"
|
|
uid: "uid"
|
|
name: "givenName"
|
|
bind_dn: cn=admin,dc=federatedcomputer,dc=cloud
|
|
bind_password: $LDAP_SECRET
|
|
tls_options:
|
|
validate: true
|
|
local_certificate_file: /data/$DOMAIN.crt
|
|
local_private_key_file: /data/$DOMAIN.key
|
|
EOF
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|
|
start_matrix() {
|
|
# Start service with command to make sure it's up before proceeding
|
|
start_service "matrix" "nc -z 172.99.0.19 8008 &> /dev/null"
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|