matrix: upgrades and switching identity provider

upgrade from 1.12 to 1.21.2 swichting from discontinued mx1sd to still developed fork ma1sd

matrix: upgrades and switching identity provider
upgrade from 1.12 to 1.21.2 swichting from discontinued mx1sd to still developed fork ma1sd
1fdd79fe · Jens Sandmann · b930e917 · 1fdd79fe · 1fdd79fe · 1fdd79fe
Commit 1fdd79fe authored 4 years ago by Jens Sandmann
--- a/webserver/docker_matrix/tasks/main.yml
+++ b/webserver/docker_matrix/tasks/main.yml
@@ -16,8 +16,8 @@
  with_items:
    - "/srv/matrix/"
    - "/srv/matrix/db/"
-    - "/srv/matrix/mxisd-config/"
-    - "/srv/matrix/mxisd-data/"
+    - "/srv/matrix/ma1sd-config/"
+    - "/srv/matrix/ma1sd-data/"
    - "/srv/matrix/synapse-data/"


@@ -27,7 +27,7 @@
    - Dockerfile
    - docker-compose.yml
    - rest_auth_provider.py
-    - mxisd-config/mxisd.yaml
+    - ma1sd-config/ma1sd.yaml
    - synapse-data/homeserver.log.config
    - synapse-data/homeserver.yaml
  register: configs

--- a/webserver/docker_matrix/templates/docker-compose.yml
+++ b/webserver/docker_matrix/templates/docker-compose.yml
@@ -16,11 +16,11 @@ services:

  synapse:

-    image: matrixdotorg/synapse:v1.12.4-py3
+    image: matrixdotorg/synapse:v1.21.2
    restart: always
    depends_on:
      - db
-      - mxisd
+      - ma1sd
    ports:
      - 127.0.0.1:18008:8008
      - 127.0.0.1:18448:8448
@@ -31,13 +31,12 @@ services:
    environment:
      SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"

-  mxisd:
+  ma1sd:

-    # TODO: Migrate to https://github.com/ma1uta/ma1sd
-    image: kamax/mxisd:1.4.6
+    image: ma1uta/ma1sd:2.4.0
    restart: always
    ports:
      - 127.0.0.1:18090:8090
    volumes:
-      - /srv/matrix/mxisd-config/:/etc/mxisd
-      - /srv/matrix/mxisd-data/:/var/mxisd
+      - /srv/matrix/ma1sd-config/:/etc/ma1sd
+      - /srv/matrix/ma1sd-data/:/var/ma1sd
--- a/webserver/docker_matrix/templates/mxisd-config/mxisd.yaml
+++ b/webserver/docker_matrix/templates/mxisd-config/mxisd.yaml
@@ -13,6 +13,8 @@
 #
 matrix:
  domain: 'matrix.warpzone.ms'
+  v1: true   # deprecated
+  v2: true   # MSC2140 API v2. Riot require enabled V2 API.


 ################
@@ -22,41 +24,70 @@ matrix:
 # /!\ THIS MUST **NOT** BE YOUR HOMESERVER KEYS FILE /!\
 # If this path does not exist, it will be auto-generated.
 #
-# During testing, /var/tmp/mxisd/keys is a possible value
+# During testing, /var/tmp/ma1sd/keys is a possible value
 # For production, recommended location shall be one of the following:
-#   - /var/lib/mxisd/keys
-#   - /var/opt/mxisd/keys
-#   - /var/local/mxisd/keys
+#   - /var/lib/ma1sd/keys
+#   - /var/opt/ma1sd/keys
+#   - /var/local/ma1sd/keys
 #
 key:
-  path: '/var/mxisd/keys'
+  path: '/var/ma1sd/keys'


-# Path to the SQLite DB file for mxisd internal storage
+# Path to the SQLite DB file for ma1sd internal storage
 # /!\ THIS MUST **NOT** BE YOUR HOMESERVER DATABASE /!\
 #
 # Examples:
-#  - /var/opt/mxisd/store.db
-#  - /var/local/mxisd/store.db
-#  - /var/lib/mxisd/store.db
+#  - /var/opt/ma1sd/store.db
+#  - /var/local/ma1sd/store.db
+#  - /var/lib/ma1sd/store.db
 #
 storage:
+# backend: sqlite # or postgresql
  provider:
    sqlite:
-      database: '/var/mxisd/store.db'
-
+      database: '/var/ma1sd/store.db'
+#    postgresql:
+#      # Wrap all string values with quotes to avoid yaml parsing mistakes
+#      database: '//localhost/ma1sd' # or full variant //192.168.1.100:5432/ma1sd_database
+#      username: 'ma1sd_user'
+#      password: 'ma1sd_password'
+#
+#      # Pool configuration for postgresql backend.
+#      #######
+#      # Enable or disable pooling
+#      pool: false
+#
+#      #######
+#      # Check database connection before get from pool
+#      testBeforeGetFromPool: false # or true
+#
+#      #######
+#      # There is an internal thread which checks each of the database connections as a keep-alive mechanism. This set the
+#      # number of milliseconds it sleeps between checks -- default is 30000. To disable the checking thread, set this to
+#      # 0 before you start using the connection source.
+#      checkConnectionsEveryMillis: 30000
+#
+#      #######
+#      # Set the number of connections that can be unused in the available list.
+#      maxConnectionsFree: 5
+#
+#      #######
+#      # Set the number of milliseconds that a connection can stay open before being closed. Set to 9223372036854775807 to have
+#      # the connections never expire.
+#      maxConnectionAgeMillis: 3600000

 ###################
 # Identity Stores #
 ###################
 # If you are using synapse standalone and do not have an Identity store,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md#synapse-identity-store
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md#synapse-identity-store
 #
 # If you would like to integrate with your AD/Samba/LDAP server,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/ldap.md
 #
 # For any other Identity store, or to simply discover them,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/README.md
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md

 ldap:
  enabled: true
@@ -69,7 +100,7 @@ ldap:
      - '{{ ldap_base_dn }}'
  filter: '(&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))'
  attribute:
-    uid: 
+    uid:
      type: 'uid'
      value: 'uid'
    name: 'uid'
@@ -85,10 +116,10 @@ ldap:
 # This is mandatory to deal with anything e-mail related.
 #
 # For an introduction to sessions, invites and 3PIDs in general,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#3pid-sessions
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/session/session.md#3pid-sessions
 #
 # If you would like to change the content of the notifications,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notification/template-generator.md
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md
 #
 #### E-mail connector
 threepid:
@@ -103,24 +134,88 @@ threepid:
          # SMTP host
          host: "{{ smtp_host }}"

-          # SMTP port
-          port: {{ smtp_port }}
-
-          # STARTLS mode for the connection.
-          # SSL/TLS is currently not supported. See https://github.com/kamax-matrix/mxisd/issues/125
-          #
+          # TLS mode for the connection
          # Possible values:
          #  0    Disable any kind of TLS entirely
          #  1    Enable STARTLS if supported by server (default)
          #  2    Force STARTLS and fail if not available
+          #  3    Use full TLS/SSL instead of STARTLS
          #
          tls: 1

+          # SMTP port
+          # Be sure to adapt depending on your TLS choice, if changed from default
+          port: "{{ smtp_port }}"
+
          # Login for SMTP
          login: "{{ noreply_email_user }}"

          # Password for the account
-          password: "{{ noreply_email_pass }}"
+          password:  "{{ noreply_email_pass }}"
+
+
+#### MSC2134 (hash lookup)
+
+#hashing:
+#  enabled: false # enable or disable the hash lookup MSC2140 (default is false)
+#  pepperLength: 20 # length of the pepper value (default is 20)
+#  rotationPolicy: per_requests # or `per_seconds` how often the hashes will be updating
+#  hashStorageType: sql # or `in_memory` where the hashes will be stored
+#  algorithms:
+#    - none   # the same as v1 bulk lookup
+#    - sha256 # hash the 3PID and pepper.
+#  delay: 2m # how often hashes will be updated if rotation policy = per_seconds (default is 10s)
+#  requests: 10 # how many lookup requests will be performed before updating hashes if rotation policy = per_requests (default is 10)
+
+### hash lookup for synapseSql provider.
+# synapseSql:
+#   lookup:
+#     query: 'select user_id as mxid, medium, address from user_threepid_id_server' # query for retrive 3PIDs for hashes.
+#   legacyRoomNames: false  # use the old query to get room names.
+
+### hash lookup for ldap provider (with example of the ldap configuration)
+# ldap:
+#   enabled: true
+#   lookup: true # hash lookup
+#   activeDirectory: false
+#   defaultDomain: ''
+#   connection:
+#     host: 'ldap.domain.tld'
+#     port: 389
+#     bindDn: 'cn=admin,dc=domain,dc=tld'
+#     bindPassword: 'Secret'
+#     baseDNs:
+#       - 'dc=domain,dc=tld'
+#   attribute:
+#     uid:
+#       type: 'uid' # or mxid
+#       value: 'cn'
+#     name: 'displayName'
+#   identity:
+#     filter: '(objectClass=inetOrgPerson)'
+
+#### MSC2140 (Terms)
+#policy:
+#  policies:
+#    term_name: # term name
+#      version: 1.0 # version
+#      terms:
+#        en:  # lang
+#          name: term name en  # localized name
+#          url: https://ma1sd.host.tld/term_en.html  # localized url
+#        fe:  # lang
+#          name: term name fr  # localized name
+#          url: https://ma1sd.host.tld/term_fr.html  # localized url
+#      regexp:
+#        - '/_matrix/identity/v2/account.*'
+#        - '/_matrix/identity/v2/hash_details'
+#        - '/_matrix/identity/v2/lookup'
+#
+
+# logging:
+#   root: error     # default level for all loggers (apps and thirdparty libraries)
+#   app: info       # log level only for the ma1sd
+#   requests: false # or true to dump full requests and responses

 dns:
  overwrite:
@@ -129,6 +224,7 @@ dns:
        - name: 'matrix.warpzone.ms'
          value: 'http://synapse:8008'

+
 session:
  policy:
    validation:

--- a/webserver/docker_matrix/templates/synapse-data/homeserver.yaml
+++ b/webserver/docker_matrix/templates/synapse-data/homeserver.yaml
@@ -57,7 +57,7 @@ pid_file: /tmp/homeserver.pid
 # use synapse with a reverse proxy, this should be the URL to reach
 # synapse via the proxy.
 #
-public_baseurl: {{ matrix.public_url }}/
+public_baseurl: "{{ matrix.public_url }}/"

 # Set the soft limit on the number of file descriptors synapse can use
 # Zero is used to indicate synapse should set the soft limit to the
@@ -295,7 +295,7 @@ database:
  # Arguments to pass to the engine
  args:
    user: synapse
-    password: {{ postgres_user_pass }}
+    password: "{{ postgres_user_pass }}"
    database: synapse
    host: db
    cp_min: 5
@@ -634,7 +634,7 @@ enable_registration: false
 # This setting is ignored unless public_baseurl is also set.)
 #
 #default_identity_server: https://matrix.org
-default_identity_server: {{ matrix.identity_server }}
+default_identity_server: "{{ matrix.identity_server }}"

 # The list of identity servers trusted to verify third party
 # identifiers by this server.
@@ -646,8 +646,8 @@ default_identity_server: {{ matrix.identity_server }}
 #  - matrix.org
 #  - vector.im
 trusted_third_party_id_servers:
-  - {{ matrix.domain }}
-  
+  - "{{ matrix.domain }}"
+
 # Users who register on this homeserver will automatically be joined
 # to these rooms
 #
@@ -842,7 +842,7 @@ password_config:
 email:
   enable_notifs: true
   smtp_host: "{{ smtp_host }}"
-   smtp_port: {{ smtp_port }}
+   smtp_port: "{{ smtp_port }}"
   smtp_user: "{{ noreply_email_user }}"
   smtp_pass: "{{ noreply_email_pass }}"
   require_transport_security: True
@@ -860,7 +860,7 @@ email:
 password_providers:
  - module: "rest_auth_provider.RestAuthProvider"
    config:
-      endpoint: "http://mxisd:8090"
+      endpoint: "http://ma1sd:8090"

 #password_providers:
 #  - module: "ldap_auth_provider.LdapAuthProvider"
@@ -1064,6 +1064,3 @@ user_directory:
 #    alias: "*"
 #    room_id: "*"
 #    action: allow
-
-
-