rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(service): improve matrix templates (#7560)

Browse source 
Co-authored-by: 🏔️ Peak <122374094+peaklabs-dev@users.noreply.github.com>
This commit is contained in:
4www 2026-01-08 22:11:03 +01:00 committed by GitHub
parent b78c6df780
commit d4d6da9328
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 199 additions and 132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

128
templates/compose/matrix-synapse-with-postgresql.yaml Normal file
View file

@ -0,0 +1,128 @@
# documentation: https://element-hq.github.io/synapse/latest/welcome_and_overview.html
# slogan: Chat securely with your family, friends, community, or build great apps with Matrix!
# category: messaging
# tags: chat, slack, discord, voip, video, call, matrix, synapse, postgresql
# logo: svgs/matrix.svg
# port: 8008
# IMPORTANT: SYNAPSE_SERVER_NAME is permanent and cannot be changed after first deployment!
# - If hosting at matrix.example.org but want user IDs like @user:example.org, set SYNAPSE_SERVER_NAME=example.org
# - You'll need to set up .well-known delegation at https://example.org/.well-known/matrix/server
# - See: https://element-hq.github.io/synapse/latest/delegate.html
services:
synapse:
image: matrixdotorg/synapse:latest
environment:
- SERVICE_URL_SYNAPSE_8008
- SYNAPSE_SERVER_NAME=${SYNAPSE_SERVER_NAME:?}
- SYNAPSE_REPORT_STATS=${SYNAPSE_REPORT_STATS:-no}
- ENABLE_REGISTRATION=${ENABLE_REGISTRATION:-false}
- SERVICE_USER_ADMIN=${SERVICE_USER_ADMIN}
- SERVICE_PASSWORD_ADMIN=${SERVICE_PASSWORD_ADMIN}
- SERVICE_USER_POSTGRESQL=${SERVICE_USER_POSTGRESQL}
- SERVICE_PASSWORD_POSTGRESQL=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_DB=${POSTGRES_DB:-synapse-db}
volumes:
- synapse-data:/data
entrypoint:
- /bin/bash
- -c
- |
! test -f /data/homeserver.yaml && /start.py generate
# Extract secrets from generated config
grep "registration_shared_secret" /data/homeserver.yaml \
| awk '{print $2}' > ./registration_shared_secret
grep "macaroon_secret_key" /data/homeserver.yaml \
| awk '{print $2}' > ./macaroon_secret_key
grep "form_secret" /data/homeserver.yaml \
| awk '{print $2}' > ./form_secret
# Create homeserver.yaml with PostgreSQL
cat <<EOF > /data/homeserver.yaml
server_name: "${SYNAPSE_SERVER_NAME}"
pid_file: /data/homeserver.pid
public_baseurl: "${SERVICE_URL_SYNAPSE}/"
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: ['0.0.0.0']
resources:
- names: [client, federation]
compress: false
database:
name: psycopg2
args:
user: ${SERVICE_USER_POSTGRESQL}
password: ${SERVICE_PASSWORD_POSTGRESQL}
database: ${POSTGRES_DB:-synapse-db}
host: postgres
port: 5432
cp_min: 5
cp_max: 10
log_config: "/data/${SYNAPSE_SERVER_NAME}.log.config"
media_store_path: /data/media_store
report_stats: ${SYNAPSE_REPORT_STATS}
registration_shared_secret: $(<./registration_shared_secret)
macaroon_secret_key: $(<./macaroon_secret_key)
form_secret: $(<./form_secret)
signing_key_path: "/data/${SYNAPSE_SERVER_NAME}.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
EOF
[ "${ENABLE_REGISTRATION}" = "true" ] && ! grep "#registration" /data/homeserver.yaml &>/dev/null \
&& echo >> /data/homeserver.yaml \
&& cat <<EOF >> /data/homeserver.yaml
enable_registration: true
EOF
# Register admin user if provided
register_admin(){
while ! curl -sf http://localhost:8008/health > /dev/null; do
sleep 2
done
register_new_matrix_user \
-a \
-u ${SERVICE_USER_ADMIN} \
-p ${SERVICE_PASSWORD_ADMIN} \
-c /data/homeserver.yaml \
http://localhost:8008 &>/dev/null
}
[ -n "${SERVICE_USER_ADMIN}" ] && register_admin &
/start.py
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
interval: 10s
timeout: 5s
retries: 10
start_period: 10s
depends_on:
postgres:
condition: service_healthy
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_DB=${POSTGRES_DB:-synapse-db}
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --lc-collate=C --lc-ctype=C
volumes:
- postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB:-synapse-db}"]
interval: 5s
timeout: 5s
retries: 10

71
templates/compose/matrix-synapse-with-sqlite.yaml Normal file
View file

@ -0,0 +1,71 @@
# documentation: https://element-hq.github.io/synapse/latest/welcome_and_overview.html
# slogan: Chat securely with your family, friends, community, or build great apps with Matrix!
# category: messaging
# tags: chat,slack,discord,voip,video,call,matrix,synapse,sqlite
# logo: svgs/matrix.svg
# port: 8008
# IMPORTANT: SYNAPSE_SERVER_NAME is permanent and cannot be changed after first deployment!
# - If hosting at matrix.example.org but want user IDs like @user:example.org, set SYNAPSE_SERVER_NAME=example.org
# - You'll need to set up .well-known delegation at https://example.org/.well-known/matrix/server
# - See: https://element-hq.github.io/synapse/latest/delegate.html
services:
synapse:
image: matrixdotorg/synapse:latest
environment:
- SERVICE_URL_SYNAPSE_8008
- SYNAPSE_SERVER_NAME=${SYNAPSE_SERVER_NAME:?}
- SYNAPSE_REPORT_STATS=${SYNAPSE_REPORT_STATS:-no}
- ENABLE_REGISTRATION=${ENABLE_REGISTRATION:-false}
- SERVICE_USER_ADMIN=${SERVICE_USER_ADMIN}
- SERVICE_PASSWORD_ADMIN=${SERVICE_PASSWORD_ADMIN}
volumes:
- synapse-data:/data
entrypoint: /bin/bash
command:
- -c
- |
# Generate config on first run
if [ ! -f /data/homeserver.yaml ]; then
# Generate default config using SYNAPSE_SERVER_NAME (permanent, used in user IDs)
/start.py generate
# Set public_baseurl to actual deployment URL (may differ from server_name)
# This allows hosting at matrix.example.org while server_name is example.org
if ! grep -q "public_baseurl" /data/homeserver.yaml; then
sed -i "/^server_name:/a public_baseurl: ${SERVICE_URL_SYNAPSE}/" /data/homeserver.yaml
fi
# Configure listener for reverse proxy
sed -i 's/bind_addresses: \[.*\]/bind_addresses: ["0.0.0.0"]/' /data/homeserver.yaml
sed -i '/x_forwarded:/d' /data/homeserver.yaml
sed -i '/type: http/a \ x_forwarded: true' /data/homeserver.yaml
# Enable registration if requested
if [ "${ENABLE_REGISTRATION}" = "true" ] && ! grep -q "enable_registration" /data/homeserver.yaml; then
echo "enable_registration: true" >> /data/homeserver.yaml
fi
fi
# Register admin user if credentials provided
if [ -n "${SERVICE_USER_ADMIN}" ] && [ -n "${SERVICE_PASSWORD_ADMIN}" ]; then
(
while ! curl -sf http://localhost:8008/health > /dev/null 2>&1; do
sleep 2
done
register_new_matrix_user -a \
-u "${SERVICE_USER_ADMIN}" \
-p "${SERVICE_PASSWORD_ADMIN}" \
-c /data/homeserver.yaml \
http://localhost:8008 2>/dev/null || true
) &
fi
exec /start.py
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
interval: 30s
timeout: 10s
retries: 5
start_period: 20s

132
templates/compose/matrix.yaml
View file

@ -1,132 +0,0 @@
# documentation: https://matrix.org/docs/chat_basics/matrix-for-im/
# slogan: Chat securely with your family, friends, community, or build great apps with Matrix!
# category: messaging
# tags: chat,slack,discord,voip,video,call
# logo: svgs/matrix.svg
# port: 8008
services:
matrix:
image: matrixdotorg/synapse:latest
environment:
- SERVICE_URL_MATRIX_8008
- SYNAPSE_SERVER_NAME=${SERVICE_FQDN_MATRIX}
- SYNAPSE_REPORT_STATS=${SYNAPSE_REPORT_STATS:-no}
- ENABLE_REGISTRATION=${ENABLE_REGISTRATION:-false}
- RECAPTCHA_PUBLIC_KEY=${RECAPTCHA_PUBLIC_KEY}
- RECAPTCHA_PRIVATE_KEY=${RECAPTCHA_PRIVATE_KEY}
- _SERVER_NAME=${SERVICE_FQDN_MATRIX}
- _ADMIN_NAME=${SERVICE_USER_ADMIN}
- _ADMIN_PASS=${SERVICE_PASSWORD_ADMIN}
volumes:
- matrix-data:/data
entrypoint:
- /bin/bash
- -c
- |
! test -f /data/homeserver.yaml && /start.py generate
# registration_shared_secret
grep "registration_shared_secret" /data/homeserver.yaml \
| awk '{print $2}' > ./registration_shared_secret
# macaroon_secret_key
grep "macaroon_secret_key" /data/homeserver.yaml \
| awk '{print $2}' > ./macaroon_secret_key
# form_secret
grep "form_secret" /data/homeserver.yaml \
| awk '{print $2}' > ./form_secret
##########################
# #
# homeserver.yaml: start #
# #
##########################
cat <<EOF > /data/homeserver.yaml
server_name: "${SERVICE_FQDN_MATRIX}"
pid_file: /data/homeserver.pid
# server
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
# database
database:
name: sqlite3
args:
database: /data/homeserver.db
# general
log_config: "/data/${SERVICE_FQDN_MATRIX}.log.config"
media_store_path: /data/media_store
report_stats: false
# secrets
registration_shared_secret: $(<./registration_shared_secret)
macaroon_secret_key: $(<./macaroon_secret_key)
form_secret: $(<./form_secret)
signing_key_path: "/data/${SERVICE_FQDN_MATRIX}.signing.key"
#rooms
auto_join_rooms:
- "#general:${SERVICE_FQDN_MATRIX}"
# federation
trusted_key_servers:
- server_name: "matrix.org"
autocreate_auto_join_rooms_federated: false
allow_public_rooms_over_federation: false
EOF
########################
# #
# homeserver.yaml: end #
# #
########################
[ "${ENABLE_REGISTRATION}" = "true" ] && ! grep "#registration" /data/homeserver.yaml &>/dev/null \
&& echo >> /data/homeserver.yaml \
&& cat <<EOF >> /data/homeserver.yaml
#registration
enable_registration: true # Allows users to register on your server.
EOF
[ -n "${RECAPTCHA_PUBLIC_KEY}" ] && ! grep "${RECAPTCHA_PUBLIC_KEY}" /data/homeserver.yaml &>/dev/null \
&& echo >> /data/homeserver.yaml \
&& cat <<EOF >> /data/homeserver.yaml
# reCAPTCHA settings
enable_registration_captcha: true # Enables CAPTCHA for registrations.
recaptcha_public_key: "${RECAPTCHA_PUBLIC_KEY}"
recaptcha_private_key: "${RECAPTCHA_PRIVATE_KEY}"
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
EOF
register_admin(){
while ! curl -I localhost:8008 &>/dev/null; do
sleep 1
done
register_new_matrix_user \
-a \
-u ${SERVICE_USER_ADMIN} \
-p ${SERVICE_PASSWORD_ADMIN} \
-c /data/homeserver.yaml \
http://localhost:8008 &>/dev/null
}
register_admin &
/start.py
healthcheck:
test:
- CMD
- curl
- -I
- localhost:8008
interval: 5s
timeout: 3s
retries: 5