docker-compose environment for the entire v.st system https://v.st/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
env/matrix/setup

89 lines
2.5 KiB

#!/bin/bash
die() { echo >&2 "matrix: ERROR $@" ; exit 1 ; }
info() { echo >&2 "matrix: $@" ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
source ../env.production || die "no top levle env?"
source ../env.smtp 2>/dev/null
source env.production || die "no local env?"
DATA="../data/matrix"
SYNAPSE_DIR="$DATA/synapse"
HOMESERVER_YAML="$SYNAPSE_DIR/homeserver.yaml"
if [ -r "$HOMESERVER_YAML" ]; then
docker-compose up -d || die "matrix: unable to restart"
exit 0
fi
docker-compose down 2>/dev/null
mkdir -p "$DATA"
# fix up the Element client config to have the correct hostname
# based on the environment variables
export DOMAIN_NAME MATRIX_HOSTNAME
envsubst < "element-config.json.template" > "$DATA/element-config.json"
# This will create a *delegated* matrix server,
# where the "servername" is just the top level domain,
# but it is hosted on "matrix.DOMAIN_NAME".
# the syntax here is confusing and it is not clear in
# the docs *which* have to be updated.
docker-compose run \
--rm \
-e SYNAPSE_SERVER_NAME="$DOMAIN_NAME" \
-e SYNAPSE_REPORT_STATS="no" \
synapse generate \
|| die "unable to generate synapse config"
MATRIX_CLIENT_SECRET="$(openssl rand -hex 20)"
cat <<EOF >> "$HOMESERVER_YAML"
web_client_location: https://${MATRIX_HOSTNAME}/
public_baseurl: https://${MATRIX_HOSTNAME}/
oidc_providers:
- idp_id: keycloak
idp_name: "KeyCloak"
issuer: "https://${KEYCLOAK_HOSTNAME}/realms/${REALM}"
client_id: "synapse"
client_secret: "${MATRIX_CLIENT_SECRET}"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name }}"
EOF
if [ -n "$SMTP_SERVER" ]; then
info "configuring email"
cat <<EOF >> "$HOMESERVER_YAML"
email:
smtp_host: ${SMTP_SERVER}
smtp_port: ${SMTP_PORT}
smtp_user: "${SMTP_USER}"
smtp_pass: "${SMTP_PASSWORD}"
require_transport_security: true
notif_from: "%(app)s matrix homeserver <noreply@${DOMAIN_NAME}>"
app_name: ${DOMAIN_NAME}
EOF
fi
../keycloak/client-delete 'synapse' 2>/dev/null
../keycloak/client-create << EOF || die "unable to create client id"
{
"clientId": "synapse",
"rootUrl": "https://$MATRIX_HOSTNAME/",
"adminUrl": "https://$MATRIX_HOSTNAME/",
"redirectUris": [ "https://$MATRIX_HOSTNAME/*" ],
"webOrigins": [ "https://$MATRIX_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$MATRIX_CLIENT_SECRET"
}
EOF
docker-compose up -d || die "matrix: unable to start container"