diff --git a/templates/compose/matrix-synapse-with-postgresql.yaml b/templates/compose/matrix-synapse-with-postgresql.yaml new file mode 100644 index 000000000..74969c757 --- /dev/null +++ b/templates/compose/matrix-synapse-with-postgresql.yaml @@ -0,0 +1,128 @@ +# documentation: https://element-hq.github.io/synapse/latest/welcome_and_overview.html +# slogan: Chat securely with your family, friends, community, or build great apps with Matrix! +# category: messaging +# tags: chat, slack, discord, voip, video, call, matrix, synapse, postgresql +# logo: svgs/matrix.svg +# port: 8008 + +# IMPORTANT: SYNAPSE_SERVER_NAME is permanent and cannot be changed after first deployment! +# - If hosting at matrix.example.org but want user IDs like @user:example.org, set SYNAPSE_SERVER_NAME=example.org +# - You'll need to set up .well-known delegation at https://example.org/.well-known/matrix/server +# - See: https://element-hq.github.io/synapse/latest/delegate.html + +services: + synapse: + image: matrixdotorg/synapse:latest + environment: + - SERVICE_URL_SYNAPSE_8008 + - SYNAPSE_SERVER_NAME=${SYNAPSE_SERVER_NAME:?} + - SYNAPSE_REPORT_STATS=${SYNAPSE_REPORT_STATS:-no} + - ENABLE_REGISTRATION=${ENABLE_REGISTRATION:-false} + - SERVICE_USER_ADMIN=${SERVICE_USER_ADMIN} + - SERVICE_PASSWORD_ADMIN=${SERVICE_PASSWORD_ADMIN} + - SERVICE_USER_POSTGRESQL=${SERVICE_USER_POSTGRESQL} + - SERVICE_PASSWORD_POSTGRESQL=${SERVICE_PASSWORD_POSTGRESQL} + - POSTGRES_DB=${POSTGRES_DB:-synapse-db} + volumes: + - synapse-data:/data + entrypoint: + - /bin/bash + - -c + - | + ! test -f /data/homeserver.yaml && /start.py generate + + # Extract secrets from generated config + grep "registration_shared_secret" /data/homeserver.yaml \ + | awk '{print $2}' > ./registration_shared_secret + + grep "macaroon_secret_key" /data/homeserver.yaml \ + | awk '{print $2}' > ./macaroon_secret_key + + grep "form_secret" /data/homeserver.yaml \ + | awk '{print $2}' > ./form_secret + + # Create homeserver.yaml with PostgreSQL + cat < /data/homeserver.yaml + server_name: "${SYNAPSE_SERVER_NAME}" + pid_file: /data/homeserver.pid + public_baseurl: "${SERVICE_URL_SYNAPSE}/" + + listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client, federation] + compress: false + + database: + name: psycopg2 + args: + user: ${SERVICE_USER_POSTGRESQL} + password: ${SERVICE_PASSWORD_POSTGRESQL} + database: ${POSTGRES_DB:-synapse-db} + host: postgres + port: 5432 + cp_min: 5 + cp_max: 10 + + log_config: "/data/${SYNAPSE_SERVER_NAME}.log.config" + media_store_path: /data/media_store + report_stats: ${SYNAPSE_REPORT_STATS} + + registration_shared_secret: $(<./registration_shared_secret) + macaroon_secret_key: $(<./macaroon_secret_key) + form_secret: $(<./form_secret) + signing_key_path: "/data/${SYNAPSE_SERVER_NAME}.signing.key" + + trusted_key_servers: + - server_name: "matrix.org" + EOF + + [ "${ENABLE_REGISTRATION}" = "true" ] && ! grep "#registration" /data/homeserver.yaml &>/dev/null \ + && echo >> /data/homeserver.yaml \ + && cat <> /data/homeserver.yaml + enable_registration: true + EOF + + # Register admin user if provided + register_admin(){ + while ! curl -sf http://localhost:8008/health > /dev/null; do + sleep 2 + done + register_new_matrix_user \ + -a \ + -u ${SERVICE_USER_ADMIN} \ + -p ${SERVICE_PASSWORD_ADMIN} \ + -c /data/homeserver.yaml \ + http://localhost:8008 &>/dev/null + } + [ -n "${SERVICE_USER_ADMIN}" ] && register_admin & + + /start.py + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8008/health"] + interval: 10s + timeout: 5s + retries: 10 + start_period: 10s + depends_on: + postgres: + condition: service_healthy + + postgres: + image: postgres:16-alpine + environment: + - POSTGRES_USER=${SERVICE_USER_POSTGRESQL} + - POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL} + - POSTGRES_DB=${POSTGRES_DB:-synapse-db} + - POSTGRES_INITDB_ARGS=--encoding=UTF8 --lc-collate=C --lc-ctype=C + volumes: + - postgres-data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB:-synapse-db}"] + interval: 5s + timeout: 5s + retries: 10 diff --git a/templates/compose/matrix-synapse-with-sqlite.yaml b/templates/compose/matrix-synapse-with-sqlite.yaml new file mode 100644 index 000000000..e0884f54d --- /dev/null +++ b/templates/compose/matrix-synapse-with-sqlite.yaml @@ -0,0 +1,71 @@ +# documentation: https://element-hq.github.io/synapse/latest/welcome_and_overview.html +# slogan: Chat securely with your family, friends, community, or build great apps with Matrix! +# category: messaging +# tags: chat,slack,discord,voip,video,call,matrix,synapse,sqlite +# logo: svgs/matrix.svg +# port: 8008 + +# IMPORTANT: SYNAPSE_SERVER_NAME is permanent and cannot be changed after first deployment! +# - If hosting at matrix.example.org but want user IDs like @user:example.org, set SYNAPSE_SERVER_NAME=example.org +# - You'll need to set up .well-known delegation at https://example.org/.well-known/matrix/server +# - See: https://element-hq.github.io/synapse/latest/delegate.html + +services: + synapse: + image: matrixdotorg/synapse:latest + environment: + - SERVICE_URL_SYNAPSE_8008 + - SYNAPSE_SERVER_NAME=${SYNAPSE_SERVER_NAME:?} + - SYNAPSE_REPORT_STATS=${SYNAPSE_REPORT_STATS:-no} + - ENABLE_REGISTRATION=${ENABLE_REGISTRATION:-false} + - SERVICE_USER_ADMIN=${SERVICE_USER_ADMIN} + - SERVICE_PASSWORD_ADMIN=${SERVICE_PASSWORD_ADMIN} + volumes: + - synapse-data:/data + entrypoint: /bin/bash + command: + - -c + - | + # Generate config on first run + if [ ! -f /data/homeserver.yaml ]; then + # Generate default config using SYNAPSE_SERVER_NAME (permanent, used in user IDs) + /start.py generate + + # Set public_baseurl to actual deployment URL (may differ from server_name) + # This allows hosting at matrix.example.org while server_name is example.org + if ! grep -q "public_baseurl" /data/homeserver.yaml; then + sed -i "/^server_name:/a public_baseurl: ${SERVICE_URL_SYNAPSE}/" /data/homeserver.yaml + fi + + # Configure listener for reverse proxy + sed -i 's/bind_addresses: \[.*\]/bind_addresses: ["0.0.0.0"]/' /data/homeserver.yaml + sed -i '/x_forwarded:/d' /data/homeserver.yaml + sed -i '/type: http/a \ x_forwarded: true' /data/homeserver.yaml + + # Enable registration if requested + if [ "${ENABLE_REGISTRATION}" = "true" ] && ! grep -q "enable_registration" /data/homeserver.yaml; then + echo "enable_registration: true" >> /data/homeserver.yaml + fi + fi + + # Register admin user if credentials provided + if [ -n "${SERVICE_USER_ADMIN}" ] && [ -n "${SERVICE_PASSWORD_ADMIN}" ]; then + ( + while ! curl -sf http://localhost:8008/health > /dev/null 2>&1; do + sleep 2 + done + register_new_matrix_user -a \ + -u "${SERVICE_USER_ADMIN}" \ + -p "${SERVICE_PASSWORD_ADMIN}" \ + -c /data/homeserver.yaml \ + http://localhost:8008 2>/dev/null || true + ) & + fi + + exec /start.py + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8008/health"] + interval: 30s + timeout: 10s + retries: 5 + start_period: 20s diff --git a/templates/compose/matrix.yaml b/templates/compose/matrix.yaml deleted file mode 100644 index 09bd81b54..000000000 --- a/templates/compose/matrix.yaml +++ /dev/null @@ -1,132 +0,0 @@ -# documentation: https://matrix.org/docs/chat_basics/matrix-for-im/ -# slogan: Chat securely with your family, friends, community, or build great apps with Matrix! -# category: messaging -# tags: chat,slack,discord,voip,video,call -# logo: svgs/matrix.svg -# port: 8008 - -services: - matrix: - image: matrixdotorg/synapse:latest - environment: - - SERVICE_URL_MATRIX_8008 - - SYNAPSE_SERVER_NAME=${SERVICE_FQDN_MATRIX} - - SYNAPSE_REPORT_STATS=${SYNAPSE_REPORT_STATS:-no} - - ENABLE_REGISTRATION=${ENABLE_REGISTRATION:-false} - - RECAPTCHA_PUBLIC_KEY=${RECAPTCHA_PUBLIC_KEY} - - RECAPTCHA_PRIVATE_KEY=${RECAPTCHA_PRIVATE_KEY} - - _SERVER_NAME=${SERVICE_FQDN_MATRIX} - - _ADMIN_NAME=${SERVICE_USER_ADMIN} - - _ADMIN_PASS=${SERVICE_PASSWORD_ADMIN} - volumes: - - matrix-data:/data - entrypoint: - - /bin/bash - - -c - - | - ! test -f /data/homeserver.yaml && /start.py generate - - # registration_shared_secret - grep "registration_shared_secret" /data/homeserver.yaml \ - | awk '{print $2}' > ./registration_shared_secret - - # macaroon_secret_key - grep "macaroon_secret_key" /data/homeserver.yaml \ - | awk '{print $2}' > ./macaroon_secret_key - - # form_secret - grep "form_secret" /data/homeserver.yaml \ - | awk '{print $2}' > ./form_secret - - ########################## - # # - # homeserver.yaml: start # - # # - ########################## - cat < /data/homeserver.yaml - server_name: "${SERVICE_FQDN_MATRIX}" - pid_file: /data/homeserver.pid - - # server - listeners: - - port: 8008 - tls: false - type: http - x_forwarded: true - resources: - - names: [client, federation] - compress: false - - # database - database: - name: sqlite3 - args: - database: /data/homeserver.db - - # general - log_config: "/data/${SERVICE_FQDN_MATRIX}.log.config" - media_store_path: /data/media_store - report_stats: false - - # secrets - registration_shared_secret: $(<./registration_shared_secret) - macaroon_secret_key: $(<./macaroon_secret_key) - form_secret: $(<./form_secret) - signing_key_path: "/data/${SERVICE_FQDN_MATRIX}.signing.key" - - #rooms - auto_join_rooms: - - "#general:${SERVICE_FQDN_MATRIX}" - - # federation - trusted_key_servers: - - server_name: "matrix.org" - autocreate_auto_join_rooms_federated: false - allow_public_rooms_over_federation: false - EOF - ######################## - # # - # homeserver.yaml: end # - # # - ######################## - - [ "${ENABLE_REGISTRATION}" = "true" ] && ! grep "#registration" /data/homeserver.yaml &>/dev/null \ - && echo >> /data/homeserver.yaml \ - && cat <> /data/homeserver.yaml - #registration - enable_registration: true # Allows users to register on your server. - EOF - - [ -n "${RECAPTCHA_PUBLIC_KEY}" ] && ! grep "${RECAPTCHA_PUBLIC_KEY}" /data/homeserver.yaml &>/dev/null \ - && echo >> /data/homeserver.yaml \ - && cat <> /data/homeserver.yaml - # reCAPTCHA settings - enable_registration_captcha: true # Enables CAPTCHA for registrations. - recaptcha_public_key: "${RECAPTCHA_PUBLIC_KEY}" - recaptcha_private_key: "${RECAPTCHA_PRIVATE_KEY}" - recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" - EOF - - register_admin(){ - while ! curl -I localhost:8008 &>/dev/null; do - sleep 1 - done - register_new_matrix_user \ - -a \ - -u ${SERVICE_USER_ADMIN} \ - -p ${SERVICE_PASSWORD_ADMIN} \ - -c /data/homeserver.yaml \ - http://localhost:8008 &>/dev/null - } - register_admin & - - /start.py - healthcheck: - test: - - CMD - - curl - - -I - - localhost:8008 - interval: 5s - timeout: 3s - retries: 5