diff --git a/intern/docker_omada/templates/docker-compose.yml b/intern/docker_omada/templates/docker-compose.yml
index fc280b3c2b78c638b3535929ef5ac0a7730041e0..82de50c20bee7c1d0f3cc50c54b88d61f693500c 100644
--- a/intern/docker_omada/templates/docker-compose.yml
+++ b/intern/docker_omada/templates/docker-compose.yml
@@ -5,15 +5,18 @@ services:
image: mbentley/omada-controller:latest
restart: always
ports:
- - {{ omada_port_http }}:8088
- - {{ omada_port_https }}:8043
- - {{ omada_portal_https }}:8843
+ - "{{ omada_port_http }}:{{ omada_port_http }}"
+ - "{{ omada_port_https }}:{{ omada_port_https }}"
+ - "{{ omada_portal_https }}:{{ omada_portal_https }}"
- 27001:27001/udp
+ - 27002:27002
- 29810:29810/udp
- 29811:29811
- 29812:29812
- 29813:29813
- 29814:29814
+ - 29815:29815
+ - 29816:29816
sysctls:
- net.ipv4.ip_unprivileged_port_start=0
volumes:
@@ -34,6 +37,8 @@ services:
PORT_DISCOVERY: 29810
PORT_MANAGER_V1: 29811
PORT_MANAGER_V2: 29814
+ PORT_TRANSFER_V2: 29815
+ PORT_RTTY: 29816
PORT_UPGRADE_V1: 29813
SHOW_SERVER_LOGS: "true"
SHOW_MONGODB_LOGS: "false"
diff --git a/intern/docker_pihole/templates/docker-compose.yml b/intern/docker_pihole/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4d83bd9b79dd8ed4d924540cdb6202ac4f2f6c3d
--- /dev/null
+++ b/intern/docker_pihole/templates/docker-compose.yml
@@ -0,0 +1,30 @@
+services:
+ app:
+ image: pihole/pihole:latest
+ restart: always
+ ports:
+ - "53:53/tcp"
+ - "53:53/udp"
+ volumes:
+ - "{{ basedir }}/etc:/etc/pihole"
+ - "{{ basedir }}/dnsmasq:/etc/dnsmasq.d"
+ - "/dev/null:/var/log/pihole.log"
+ - "/dev/null:/var/log/pihole-FTL.log"
+ hostname: pihole
+ environment:
+ TZ: 'Europe/Berlin'
+ TAIL_FTL_LOG: 0
+ FTLCONF_LOCAL_IPV4: '{{ int_ip4 }}'
+ WEBPASSWORD: '{{ admin_password }}'
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+ - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+ - traefik.http.services.{{ servicename }}.loadBalancer.server.port=80
+ networks:
+ - default
+ - web
+
+networks:
+ web:
+ external: true
\ No newline at end of file
diff --git a/testserver/docker_matrix/templates/rest_auth_provider.py b/testserver/docker_matrix/templates/rest_auth_provider.py
deleted file mode 100644
index 5f6f583a51c7691df6bdc6ae177a86778bac2640..0000000000000000000000000000000000000000
--- a/testserver/docker_matrix/templates/rest_auth_provider.py
+++ /dev/null
@@ -1,217 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# REST endpoint Authentication module for Matrix synapse
-# Copyright (C) 2017 Kamax Sarl
-#
-# https://www.kamax.io/
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-import logging
-from twisted.internet import defer
-import requests
-import json
-import time
-
-logger = logging.getLogger(__name__)
-
-
-class RestAuthProvider(object):
-
- def __init__(self, config, account_handler):
- self.account_handler = account_handler
-
- if not config.endpoint:
- raise RuntimeError('Missing endpoint config')
-
- self.endpoint = config.endpoint
- self.regLower = config.regLower
- self.config = config
-
- logger.info('Endpoint: %s', self.endpoint)
- logger.info('Enforce lowercase username during registration: %s', self.regLower)
-
- @defer.inlineCallbacks
- def check_password(self, user_id, password):
- logger.info("Got password check for " + user_id)
- data = {'user': {'id': user_id, 'password': password}}
- r = requests.post(self.endpoint + '/_matrix-internal/identity/v1/check_credentials', json=data)
- r.raise_for_status()
- r = r.json()
- if not r["auth"]:
- reason = "Invalid JSON data returned from REST endpoint"
- logger.warning(reason)
- raise RuntimeError(reason)
-
- auth = r["auth"]
- if not auth["success"]:
- logger.info("User not authenticated")
- defer.returnValue(False)
-
- localpart = user_id.split(":", 1)[0][1:]
- logger.info("User %s authenticated", user_id)
-
- registration = False
- if not (yield self.account_handler.check_user_exists(user_id)):
- logger.info("User %s does not exist yet, creating...", user_id)
-
- if localpart != localpart.lower() and self.regLower:
- logger.info('User %s was cannot be created due to username lowercase policy', localpart)
- defer.returnValue(False)
-
- user_id, access_token = (yield self.account_handler.register(localpart=localpart))
- registration = True
- logger.info("Registration based on REST data was successful for %s", user_id)
- else:
- logger.info("User %s already exists, registration skipped", user_id)
-
- if auth["profile"]:
- logger.info("Handling profile data")
- profile = auth["profile"]
-
- # fixme: temporary fix
- try:
- store = yield self.account_handler._hs.get_profile_handler().store # for synapse >= 1.9.0
- except AttributeError:
- store = yield self.account_handler.hs.get_profile_handler().store # for synapse < 1.9.0
-
- if "display_name" in profile and ((registration and self.config.setNameOnRegister) or (self.config.setNameOnLogin)):
- display_name = profile["display_name"]
- logger.info("Setting display name to '%s' based on profile data", display_name)
- yield store.set_profile_displayname(localpart, display_name)
- else:
- logger.info("Display name was not set because it was not given or policy restricted it")
-
- if (self.config.updateThreepid):
- if "three_pids" in profile:
- logger.info("Handling 3PIDs")
-
- external_3pids = []
- for threepid in profile["three_pids"]:
- medium = threepid["medium"].lower()
- address = threepid["address"].lower()
- external_3pids.append({"medium": medium, "address": address})
- logger.info("Looking for 3PID %s:%s in user profile", medium, address)
-
- validated_at = time_msec()
- if not (yield store.get_user_id_by_threepid(medium, address)):
- logger.info("3PID is not present, adding")
- yield store.user_add_threepid(
- user_id,
- medium,
- address,
- validated_at,
- validated_at
- )
- else:
- logger.info("3PID is present, skipping")
-
- if (self.config.replaceThreepid):
- for threepid in (yield store.user_get_threepids(user_id)):
- medium = threepid["medium"].lower()
- address = threepid["address"].lower()
- if {"medium": medium, "address": address} not in external_3pids:
- logger.info("3PID is not present in external datastore, deleting")
- yield store.user_delete_threepid(
- user_id,
- medium,
- address
- )
-
- else:
- logger.info("3PIDs were not updated due to policy")
- else:
- logger.info("No profile data")
-
- defer.returnValue(True)
-
- @staticmethod
- def parse_config(config):
- # verify config sanity
- _require_keys(config, ["endpoint"])
-
- class _RestConfig(object):
- endpoint = ''
- regLower = True
- setNameOnRegister = True
- setNameOnLogin = False
- updateThreepid = True
- replaceThreepid = False
-
- rest_config = _RestConfig()
- rest_config.endpoint = config["endpoint"]
-
- try:
- rest_config.regLower = config['policy']['registration']['username']['enforceLowercase']
- except TypeError:
- # we don't care
- pass
- except KeyError:
- # we don't care
- pass
-
- try:
- rest_config.setNameOnRegister = config['policy']['registration']['profile']['name']
- except TypeError:
- # we don't care
- pass
- except KeyError:
- # we don't care
- pass
-
- try:
- rest_config.setNameOnLogin = config['policy']['login']['profile']['name']
- except TypeError:
- # we don't care
- pass
- except KeyError:
- # we don't care
- pass
-
- try:
- rest_config.updateThreepid = config['policy']['all']['threepid']['update']
- except TypeError:
- # we don't care
- pass
- except KeyError:
- # we don't care
- pass
-
- try:
- rest_config.replaceThreepid = config['policy']['all']['threepid']['replace']
- except TypeError:
- # we don't care
- pass
- except KeyError:
- # we don't care
- pass
-
- return rest_config
-
-
-def _require_keys(config, required):
- missing = [key for key in required if key not in config]
- if missing:
- raise Exception(
- "REST Auth enabled but missing required config values: {}".format(
- ", ".join(missing)
- )
- )
-
-
-def time_msec():
- """Get the current timestamp in milliseconds
- """
- return int(time.time() * 1000)
diff --git a/testserver/docker_matrix/templates/synapse-data/homeserver.yaml b/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
index 7415de8c4f12868621649784372a85f7077d222a..dfe3b835e821eacf72696adbc52d06cb4d116a70 100644
--- a/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
+++ b/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
@@ -65,21 +65,21 @@ thumbnail_sizes:
url_preview_enabled: true
url_preview_ip_range_blacklist:
- - '127.0.0.0/8'
- - '10.0.0.0/8'
- - '172.16.0.0/12'
- - '192.168.0.0/16'
- - '100.64.0.0/10'
- - '192.0.0.0/24'
- - '169.254.0.0/16'
- - '198.18.0.0/15'
- - '192.0.2.0/24'
- - '198.51.100.0/24'
- - '203.0.113.0/24'
- - '224.0.0.0/4'
- - '::1/128'
- - 'fe80::/10'
- - 'fc00::/7'
+ - '127.0.0.0/8'
+ - '10.0.0.0/8'
+ - '172.16.0.0/12'
+ - '192.168.0.0/16'
+ - '100.64.0.0/10'
+ - '192.0.0.0/24'
+ - '169.254.0.0/16'
+ - '198.18.0.0/15'
+ - '192.0.2.0/24'
+ - '198.51.100.0/24'
+ - '203.0.113.0/24'
+ - '224.0.0.0/4'
+ - '::1/128'
+ - 'fe80::/10'
+ - 'fc00::/7'
max_spider_size: 10M
@@ -104,6 +104,7 @@ oidc_providers:
user_mapping_provider:
config:
subject_claim: "preferred_username"
+ subject_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
email_template: "{% raw %}{{ user.email }}{% endraw %}"