From d7ca8092a1f8f4e268b3943679c30f4755a149a5 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Sat, 7 May 2022 15:38:45 +0000
Subject: [PATCH] init

---
 README.md                |   5 ++
 client.yaml              |  14 ++++
 docker-compose.yaml      | 150 +++++++++++++++++++++++++++++++++++++++
 federation-receiver.yaml |  14 ++++
 federation-sender.yaml   |   5 ++
 homeserver.yaml          |  69 ++++++++++++++++++
 zknt.org.log.config      |  22 ++++++
 7 files changed, 279 insertions(+)
 create mode 100644 README.md
 create mode 100644 client.yaml
 create mode 100644 docker-compose.yaml
 create mode 100644 federation-receiver.yaml
 create mode 100644 federation-sender.yaml
 create mode 100644 homeserver.yaml
 create mode 100644 zknt.org.log.config

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c375010
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+# Matrix/Synapse configuration
+
+Everything (except for docker-compose.yaml) goes into the data-volume of the synapse installation.
+
+*This is work in progress a.k.a. defunct!*
diff --git a/client.yaml b/client.yaml
new file mode 100644
index 0000000..bae0a53
--- /dev/null
+++ b/client.yaml
@@ -0,0 +1,14 @@
+worker_app: "synapse.app.generic_worker"
+worker_name: "worker_client"
+
+worker_replication_host: "synapse"
+worker_replication_http_port: 9093
+
+worker_listeners:
+- type: "http"
+  port: 8083
+  resources:
+    - names:
+      - "client"
+
+worker_log_config: "/data/zknt.org.log.config"
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..218a8e0
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,150 @@
+---
+version: '2.1'
+
+networks:
+  dmz:
+    # defined by traefik service
+    external: true
+  back: {}
+
+services:
+  postgres:
+    image: "postgres:11"
+    restart: "unless-stopped"
+    volumes:
+      - "dbdata:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_PASSWORD: "hunter2"
+      POSTGRES_USER: "synapse"
+      POSTGRES_INITDB_ARGS: "--encoding='UTF8' --lc-collate='C' --lc-ctype='C'"
+    networks:
+      back: {}
+
+  redis:
+    image: "reg.zknt.org/zknt/redis"
+    restart: "unless-stopped"
+    volumes:
+      - "redisdata:/var/lib/redis"
+    networks:
+      back: {}
+
+  federation-sender:
+    image: "matrixdotorg/synapse:latest"
+    restart: "unless-stopped"
+    healthcheck:
+      disable: true
+    volumes:
+      - "data:/data"
+    command: "run -m synapse.app.federation_sender --config-path=/data/homeserver.yaml --config-path=/data/federation-sender.yaml"
+    networks:
+      back: {}
+
+  federation-receiver:
+    image: "matrixdotorg/synapse:latest"
+    restart: "unless-stopped"
+    healthcheck:
+      disable: true
+    volumes:
+      - "data:/data"
+    command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/federation-receiver.yaml"
+    networks:
+      back: {}
+      dmz: {}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=dmz"
+
+      - "traefik.http.routers.matrix-federation.rule=Host(`matrix.zknt.org`) && PathPrefix(
+        `/_matrix/federation`,
+        `/_matrix/key`
+        )"
+      - "traefik.http.routers.matrix-federation.tls=true"
+      - "traefik.http.services.matrix-federation.loadbalancer.server.port=8084"
+      - "traefik.http.routers.matrix-federation.service=matrix-federation"
+
+  federation-client:
+    image: "matrixdotorg/synapse:latest"
+    restart: "unless-stopped"
+    healthcheck:
+      disable: true
+    volumes:
+      - "data:/data"
+    command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/client.yaml"
+    networks:
+      back: {}
+      dmz: {}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=dmz"
+
+      - "traefik.http.routers.matrix-client.rule=Host(`matrix.zknt.org`) && PathPrefix(
+        `/_matrix/client/(v2_alpha|r0)/sync`,
+        `/_matrix/client/(api/v1|v2_alpha|r0)/events`,
+        `/_matrix/client/(api/v1|r0)/initialSync`,
+        `/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync`,
+        `/_matrix/client/(api/v1|r0|unstable)/publicRooms`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state`,
+        `/_matrix/client/(api/v1|r0|unstable)/account/3pid`,
+        `/_matrix/client/(api/v1|r0|unstable)/devices`,
+        `/_matrix/client/(api/v1|r0|unstable)/keys/query`,
+        `/_matrix/client/(api/v1|r0|unstable)/keys/changes`,
+        `/_matrix/client/versions`,
+        `/_matrix/client/(api/v1|r0|unstable)/voip/turnServer`,
+        `/_matrix/client/(api/v1|r0|unstable)/joined_groups`,
+        `/_matrix/client/(api/v1|r0|unstable)/publicised_groups`,
+        `/_matrix/client/(api/v1|r0|unstable)/publicised_groups/`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/`,
+        `/_matrix/client/(api/v1|r0|unstable)/joined_rooms`,
+        `/_matrix/client/(api/v1|r0|unstable)/search`,
+        `/_matrix/client/(api/v1|r0|unstable)/login`,
+        `/_matrix/client/(r0|unstable)/register`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/`,
+        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)`,
+        `/_matrix/client/(api/v1|r0|unstable)/join/`,
+        `/_matrix/client/(api/v1|r0|unstable)/profile/`
+        )"
+      - "traefik.http.routers.matrix-client.tls=true"
+      - "traefik.http.services.matrix-client.loadbalancer.server.port=8083"
+      - "traefik.http.routers.matrix-client.service=matrix-client"
+
+  synapse:
+    image: "matrixdotorg/synapse:latest"
+    restart: "unless-stopped"
+    volumes:
+      - "data:/data"
+    environment:
+      SYNAPSE_SERVER_NAME: "zknt.org"
+      SYNAPSE_REPORT_STATS: "no"
+    networks:
+      dmz: {}
+      back: {}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=dmz"
+
+      - "traefik.http.routers.matrix.rule=Host(`matrix.zknt.org`)"
+      - "traefik.http.routers.matrix.tls=true"
+      - "traefik.http.routers.matrix.tls.certresolver=leprod"
+      - "traefik.http.services.matrix.loadbalancer.server.port=8008"
+      - "traefik.http.routers.matrix.service=matrix"
+
+      - "traefik.http.routers.matrix-admin.rule=Host(`matrix.zknt.org`) && PathPrefix(`/_synapse/admin/`)"
+      - "traefik.http.routers.matrix-admin.tls=true"
+      - "traefik.http.middlewares.matrix-admin-allow.ipwhitelist.sourcerange=172.27.0.0/16"
+      - "traefik.http.routers.matrix-admin.middlewares=matrix-admin-allow@docker"
+
+volumes:
+  data:
+    labels:
+      org.zknt.backup: true
+  dbdata:
+    labels:
+      org.zknt.backup: true
+  redisdata:
+    labels:
+      org.zknt.backup: true
diff --git a/federation-receiver.yaml b/federation-receiver.yaml
new file mode 100644
index 0000000..191344e
--- /dev/null
+++ b/federation-receiver.yaml
@@ -0,0 +1,14 @@
+worker_app: "synapse.app.generic_worker"
+worker_name: "federation_worker"
+
+worker_replication_host: "synapse"
+worker_replication_http_port: 9093
+
+worker_listeners:
+- type: "http"
+  port: 8084
+  resources:
+    - names:
+      - "federation"
+
+worker_log_config: "/data/zknt.org.log.config"
diff --git a/federation-sender.yaml b/federation-sender.yaml
new file mode 100644
index 0000000..58fb26d
--- /dev/null
+++ b/federation-sender.yaml
@@ -0,0 +1,5 @@
+worker_app: "synapse.app.federation_sender"
+worker_name: "federation_sender"
+worker_replication_host: "synapse"
+worker_replication_http_port: 9093
+worker_log_config: "/data/zknt.org.log.config"
diff --git a/homeserver.yaml b/homeserver.yaml
new file mode 100644
index 0000000..8a966f5
--- /dev/null
+++ b/homeserver.yaml
@@ -0,0 +1,69 @@
+server_name: "zknt.org"
+signing_key_path: "/data/zknt.org.signing.key"
+registration_shared_secret: "hunter2"
+macaroon_secret_key: "hunter2"
+media_store_path: "/data/media_store"
+public_baseurl: "https://matrix.zknt.org"
+admin_contact: "mailto:a@b.c"
+log_config: "/data/zknt.org.log.config"
+
+presence:
+  enabled: false
+enable_metrics: false
+report_stats: false
+supporess_key_server_warning: true
+max_upload_size: "50M"
+
+trusted_key_servers:
+  - server_name: "matrix.org"
+suppress_key_server_warning: true
+
+listeners:
+  - port: 8008
+    tls: false
+    type: "http"
+    x_forward: true
+    bind_addresses:
+      - "0.0.0.0"
+    resources:
+      - names:
+          - "client"
+          - "federation"
+        compress: false
+
+  - port: 9093
+    bind_addresses:
+      - "0.0.0.0"
+    type: "http"
+    resources:
+      - names:
+          - "replication"
+
+database:
+  name: "psycopg2"
+  txn_limit: 10000
+  args:
+    user: "synapse"
+    password: "hunter2"
+    database: "synapse"
+    host: "postgres"
+    port: 5432
+    cp_min: 5
+    cp_max: 10
+
+email:
+  smtp_host: "172.27.32.80"
+  smtp_port: 25
+  enable_tls: false
+  notif_from: "Your Friendly %(app)s homeserver <a@b.c>"
+  app_name: "ZKNT"
+  enable_notifs: true
+
+redis:
+  enabled: true
+  host: "redis"
+  port: 6379
+
+send_federation: false
+federation_sender_instances:
+  - "federation_sender"
diff --git a/zknt.org.log.config b/zknt.org.log.config
new file mode 100644
index 0000000..71b31ca
--- /dev/null
+++ b/zknt.org.log.config
@@ -0,0 +1,22 @@
+version: 1
+
+formatters:
+  precise:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+loggers:
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: WARNING
+
+root:
+    level: WARNING
+    handlers: [console]
+
+disable_existing_loggers: false