MarcusVRP pushed to branch main at Root / Serviços / Matrix Synapse
Commits:
-
7fe4ac5f
by marcusvrp at 2025-08-01T05:05:19-03:00
5 changed files:
Changes:
| 1 | 1 | FROM matrixdotorg/synapse
|
| 2 | 2 | |
| 3 | 3 | # Enable S3 Storage Provider Module
|
| 4 | -RUN apt-get update && apt-get install -y git python3-pip gettext-base
|
|
| 4 | +RUN apt-get update && apt-get install -y git python3-pip
|
|
| 5 | 5 | RUN git clone https://github.com/matrix-org/synapse-s3-storage-provider.git
|
| 6 | -RUN pip install --break-system-packages boto3 pyyaml
|
|
| 6 | +RUN pip install --break-system-packages boto3
|
|
| 7 | 7 | ENV PYTHONPATH /synapse-s3-storage-provider |
| 8 | - |
|
| 9 | -# Copy files to render the synapse config later
|
|
| 10 | -COPY ./ /root/
|
|
| 11 | - |
|
| 12 | -# Then you just gotta use an initContainer that runs:
|
|
| 13 | -# /root/configure.sh
|
|
| 14 | - |
|
| 15 | -# Note that for this to work you have to set the proper ENV variables expected in the template file (check it)
|
|
| 16 | - |
|
| 17 | -ENTRYPOINT /root/configure.sh |
| 1 | -# C3SL Synapse Image
|
|
| 1 | +# Synapse Docker C3SL
|
|
| 2 | 2 | |
| 3 | -Imagem customizada do C3SL para o synapse, facilitando o uso de segredos no Kubernetes e possibilitando o uso do S3.
|
|
| 3 | +## Problema
|
|
| 4 | 4 | |
| 5 | -Mais detalhes: perguntar pro Marcus.
|
|
| 5 | +No [Helm ESS](https://github.com/element-hq/ess-helm), a versão community [não inclui suporte nativo para armazenamento via S3](https://github.com/element-hq/ess-helm/issues/558). Para resolver essa limitação, criamos uma imagem personalizada do Synapse que inclui o módulo de S3 Storage Provider.
|
|
| 6 | 6 | |
| 7 | -TODO: element-web image will need something similar |
|
| 7 | +Para atualizar a imagem basta clonar o repositório e editar a tag da imagem do synapse no Dockerfile, então buildar e dar push no harbor:
|
|
| 8 | + |
|
| 9 | +```
|
|
| 10 | +git clone git@gitlab.c3sl.ufpr.br:root/services/matrixsynapse.git
|
|
| 11 | + |
|
| 12 | +# faz novo build da imagem
|
|
| 13 | +vim Dockerfile
|
|
| 14 | +docker build . -t harbor.c3sl.ufpr.br/root/synapse
|
|
| 15 | + |
|
| 16 | +# login no registry
|
|
| 17 | +pass -c harbor.c3sl.ufpr.br/admin
|
|
| 18 | +docker login harbor.c3sl.ufpr.br
|
|
| 19 | +# user admin, senha vc sabe
|
|
| 20 | + |
|
| 21 | +# finalmente... atualiza a imagem
|
|
| 22 | +docker push harbor.c3sl.ufpr.br/root/synapse
|
|
| 23 | +```
|
|
| 24 | + |
|
| 25 | +**TODO**: fazer build e push direto com commits no repositório. |
| 1 | -#!/bin/bash
|
|
| 2 | -envsubst < /root/homeserver.yaml.template > /root/homeserver.yaml && \
|
|
| 3 | -/start.py generate && \
|
|
| 4 | -python3 /root/merge.py /data/homeserver.yaml /root/homeserver.yaml -o /data/homeserver.yaml && \
|
|
| 5 | -/start.py |
| 1 | -server_name: "${SYNAPSE_SERVER_NAME}"
|
|
| 2 | - |
|
| 3 | -database:
|
|
| 4 | - allow_unsafe_locale: true
|
|
| 5 | - name: "psycopg2"
|
|
| 6 | - args:
|
|
| 7 | - user: "${POSTGRES_USER}"
|
|
| 8 | - password: "${POSTGRES_PASSWORD}"
|
|
| 9 | - database: "${POSTGRES_DB}"
|
|
| 10 | - host: "${POSTGRES_HOST}"
|
|
| 11 | - cp_min: 5
|
|
| 12 | - cp_max: 10
|
|
| 13 | - |
|
| 14 | -report_stats: false
|
|
| 15 | - |
|
| 16 | -trusted_key_servers:
|
|
| 17 | - - server_name: "${SYNAPSE_SERVER_NAME}"
|
|
| 18 | - - server_name: "matrix.org"
|
|
| 19 | -public_baseurl: "https://${SYNAPSE_SERVER_NAME}"
|
|
| 20 | -serve_server_wellknown: true
|
|
| 21 | - |
|
| 22 | - |
|
| 23 | -oidc_providers:
|
|
| 24 | -- idp_id: "keycloak"
|
|
| 25 | - enable_registration: true
|
|
| 26 | - idp_name: "${OIDC_IDP_NAME}"
|
|
| 27 | - discover: true
|
|
| 28 | - issuer: "${OIDC_ISSUER}"
|
|
| 29 | - client_id: "${OIDC_CLIENT_ID}"
|
|
| 30 | - client_secret: "${OIDC_CLIENT_SECRET}"
|
|
| 31 | - scopes: ["openid", "profile"]
|
|
| 32 | - user_mapping_provider:
|
|
| 33 | - config:
|
|
| 34 | - localpart_template: "{{ user.preferred_username }}"
|
|
| 35 | - display_name_template: "{{ user.name }}"
|
|
| 36 | - |
|
| 37 | -enable_registration: false
|
|
| 38 | - |
|
| 39 | -default_identity_server: "https://${SYNAPSE_SERVER_NAME}"
|
|
| 40 | - |
|
| 41 | -trusted_third_party_id_servers:
|
|
| 42 | - - "${SYNAPSE_SERVER_NAME}"
|
|
| 43 | - |
|
| 44 | -email:
|
|
| 45 | - smtp_host: smtp.c3sl.ufpr.br
|
|
| 46 | - smtp_port: 25
|
|
| 47 | - notif_from: "${SYNAPSE_SERVER_NAME}"
|
|
| 48 | - enable_notifs: true
|
|
| 49 | - notif_for_new_users: true
|
|
| 50 | - validation_token_lifetime: 15m
|
|
| 51 | - |
|
| 52 | -media_storage_providers:
|
|
| 53 | -- module: s3_storage_provider.S3StorageProviderBackend
|
|
| 54 | - store_local: False
|
|
| 55 | - store_remote: True
|
|
| 56 | - store_synchronous: True
|
|
| 57 | - config:
|
|
| 58 | - bucket: "${S3_BUCKET_NAME}"
|
|
| 59 | - region_name: "${S3_REGION_NAME}"
|
|
| 60 | - endpoint_url: "${S3_ENDPOINT_URL}"
|
|
| 61 | - access_key_id: "${S3_ACCESS_KEY_ID}"
|
|
| 62 | - secret_access_key: "${S3_SECRET_ACCESS_KEY}"
|
|
| 63 | - |
|
| 64 | -user_directory:
|
|
| 65 | - enabled: true
|
|
| 66 | - search_all_users: true
|
|
| 67 | - prefer_local_users: true
|
|
| 68 | - show_locked_users: false
|
|
| 69 | - |
|
| 70 | -# vim:ft=yaml
|
|
| 71 | -# |
| 1 | -import yaml
|
|
| 2 | -import argparse
|
|
| 3 | -import sys
|
|
| 4 | - |
|
| 5 | -def load_yaml_file(path):
|
|
| 6 | - try:
|
|
| 7 | - with open(path, 'r') as file:
|
|
| 8 | - return yaml.safe_load(file) or {}
|
|
| 9 | - except FileNotFoundError:
|
|
| 10 | - print(f"File not found: {path}")
|
|
| 11 | - sys.exit(1)
|
|
| 12 | - except yaml.YAMLError as e:
|
|
| 13 | - print(f"Error parsing YAML file {path}: {e}")
|
|
| 14 | - sys.exit(1)
|
|
| 15 | - |
|
| 16 | -def merge_dicts(dict1, dict2):
|
|
| 17 | - """Recursively merge dict2 into dict1 (dict2 wins conflicts)."""
|
|
| 18 | - for key, value in dict2.items():
|
|
| 19 | - if key in dict1 and isinstance(dict1[key], dict) and isinstance(value, dict):
|
|
| 20 | - merge_dicts(dict1[key], value)
|
|
| 21 | - else:
|
|
| 22 | - dict1[key] = value
|
|
| 23 | - return dict1
|
|
| 24 | - |
|
| 25 | -def write_yaml_file(data, path):
|
|
| 26 | - with open(path, 'w') as file:
|
|
| 27 | - yaml.safe_dump(data, file, default_flow_style=False)
|
|
| 28 | - |
|
| 29 | -def main():
|
|
| 30 | - parser = argparse.ArgumentParser(description="Merge two YAML files.")
|
|
| 31 | - parser.add_argument("file1", help="First input YAML file")
|
|
| 32 | - parser.add_argument("file2", help="Second input YAML file (overrides file1's values on conflict)")
|
|
| 33 | - parser.add_argument("-o", "--output", default="merged.yaml", help="Output YAML file (default: merged.yaml)")
|
|
| 34 | - |
|
| 35 | - args = parser.parse_args()
|
|
| 36 | - |
|
| 37 | - yaml1 = load_yaml_file(args.file1)
|
|
| 38 | - yaml2 = load_yaml_file(args.file2)
|
|
| 39 | - merged = merge_dicts(yaml1, yaml2)
|
|
| 40 | - write_yaml_file(merged, args.output)
|
|
| 41 | - |
|
| 42 | - print(f"Merged YAML written to {args.output}")
|
|
| 43 | - |
|
| 44 | -if __name__ == "__main__":
|
|
| 45 | - main() |