Merge remote-tracking branch 'famedly/master' into appservices
This commit is contained in:
commit
fd3fb3a7ed
10 changed files with 278 additions and 11 deletions
23
Cargo.toml
23
Cargo.toml
|
@ -77,3 +77,26 @@ required-features = ["conduit_bin"]
|
|||
[lib]
|
||||
name = "conduit"
|
||||
path = "src/lib.rs"
|
||||
|
||||
[package.metadata.deb]
|
||||
name = "matrix-conduit"
|
||||
maintainer = "Paul van Tilburg <paul@luon.net>"
|
||||
copyright = "2020, Timo Kösters <timo@koesters.xyz>"
|
||||
license-file = ["LICENSE", "3"]
|
||||
depends = "$auto, ca-certificates"
|
||||
extended-description = """\
|
||||
A fast Matrix homeserver that is optimized for smaller, personal servers, \
|
||||
instead of a server that has high scalability."""
|
||||
section = "net"
|
||||
priority = "optional"
|
||||
assets = [
|
||||
["debian/env.local", "etc/matrix-conduit/local", "644"],
|
||||
["debian/README.Debian", "usr/share/doc/matrix-conduit/", "644"],
|
||||
["README.md", "usr/share/doc/matrix-conduit/", "644"],
|
||||
["target/release/conduit", "usr/sbin/matrix-conduit", "755"],
|
||||
]
|
||||
conf-files = [
|
||||
"/etc/matrix-conduit/local"
|
||||
]
|
||||
maintainer-scripts = "debian/"
|
||||
systemd-units = { unit-name = "matrix-conduit" }
|
||||
|
|
29
debian/README.Debian
vendored
Normal file
29
debian/README.Debian
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
Conduit for Debian
|
||||
==================
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
When installed, Debconf handles the configuration of the homeserver (host)name,
|
||||
the address and port it listens on. These configuration variables end up in
|
||||
/etc/matrix-conduit/debian.
|
||||
|
||||
You can tweak more detailed settings by uncommenting and setting the variables
|
||||
in /etc/matrix-conduit/local. This involves settings such as the maximum file
|
||||
size for download/upload, enabling federation, etc.
|
||||
|
||||
Running
|
||||
-------
|
||||
|
||||
The package uses the matrix-conduit.service systemd unit file to start and
|
||||
stop Conduit. It loads the configuration files mentioned above to set up the
|
||||
environment before running the server.
|
||||
|
||||
This package assumes by default that Conduit is placed behind a reverse proxy
|
||||
such as Apache or nginx. This default deployment entails just listening on
|
||||
127.0.0.1 and the free port 14004 and is reachable via a client using the URL
|
||||
http://localhost:14004.
|
||||
|
||||
At a later stage this packaging may support also setting up TLS and running
|
||||
stand-alone. In this case, however, you need to set up some certificates and
|
||||
renewal, for it to work properly.
|
17
debian/config
vendored
Normal file
17
debian/config
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# Source debconf library.
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
# Ask for the Matrix homeserver name, address and port.
|
||||
db_input high matrix-conduit/hostname || true
|
||||
db_go
|
||||
|
||||
db_input low matrix-conduit/address || true
|
||||
db_go
|
||||
|
||||
db_input medium matrix-conduit/port || true
|
||||
db_go
|
||||
|
||||
exit 0
|
33
debian/env.local
vendored
Normal file
33
debian/env.local
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Conduit homeserver local configuration
|
||||
#
|
||||
# Conduit is an application based on the Rocket web framework.
|
||||
# Configuration of Conduit happens via Debconf (see the resulting config in
|
||||
# `/etc/matrix-conduit/debian`) and optionally by uncommenting and tweaking the
|
||||
# variables in this file below.
|
||||
|
||||
# The maximum size of a Matrix HTTP requests in bytes.
|
||||
#
|
||||
# This mostly affects the size of files that can be downloaded/uploaded.
|
||||
# It defaults to 20971520 (20MB).
|
||||
#ROCKET_MAX_REQUEST_SIZE=20971520
|
||||
|
||||
# Whether user registration is allowed.
|
||||
#
|
||||
# User registration is not disabled by default.
|
||||
#ROCKET_REGISTRATION_DISABLED=false
|
||||
|
||||
# Whether encryption is enabled.
|
||||
#
|
||||
# (End-to-end) encryption is not disabled by default.
|
||||
#ROCKET_ENCRYPTION_DISABLED=false
|
||||
|
||||
# Whether federation with other Matrix servers is enabled.
|
||||
#
|
||||
# Federation is not enabled by default; it is still experimental.
|
||||
#ROCKET_FEDERATION_ENABLED=false
|
||||
|
||||
# The log level of the homeserver.
|
||||
#
|
||||
# The log level is "critical" by default.
|
||||
# Allowed values are: "off", "normal", "debug", "critical"
|
||||
#ROCKET_LOG="critical"
|
49
debian/matrix-conduit.service
vendored
Normal file
49
debian/matrix-conduit.service
vendored
Normal file
|
@ -0,0 +1,49 @@
|
|||
[Unit]
|
||||
Description=Conduit Matrix homeserver
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=_matrix-conduit
|
||||
Group=_matrix-conduit
|
||||
Type=simple
|
||||
|
||||
AmbientCapabilities=
|
||||
CapabilityBoundingSet=
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectSystem=strict
|
||||
PrivateDevices=yes
|
||||
PrivateMounts=yes
|
||||
PrivateTmp=yes
|
||||
PrivateUsers=yes
|
||||
RemoveIPC=yes
|
||||
RestrictAddressFamilies=AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
StateDirectory=matrix-conduit
|
||||
|
||||
Environment="ROCKET_ENV=production"
|
||||
Environment="ROCKET_DATABASE_PATH=/var/lib/matrix-conduit"
|
||||
EnvironmentFile=/etc/matrix-conduit/debian
|
||||
EnvironmentFile=/etc/matrix-conduit/local
|
||||
|
||||
ExecStart=/usr/sbin/matrix-conduit
|
||||
Restart=on-failure
|
||||
RestartSec=10
|
||||
StartLimitInterval=1m
|
||||
StartLimitBurst=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
73
debian/postinst
vendored
Normal file
73
debian/postinst
vendored
Normal file
|
@ -0,0 +1,73 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
CONDUIT_CONFIG_PATH=/etc/matrix-conduit
|
||||
CONDUIT_CONFIG_FILE="$CONDUIT_CONFIG_PATH/debian"
|
||||
CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
# Create the `_matrix-conduit` user if it does not exist yet.
|
||||
if ! getent passwd _matrix-conduit > /dev/null ; then
|
||||
echo 'Adding system user for the Conduit Matrix homeserver' 1>&2
|
||||
adduser --system --group --quiet \
|
||||
--home $CONDUIT_DATABASE_PATH \
|
||||
--disabled-login \
|
||||
--force-badname \
|
||||
_matrix-conduit
|
||||
fi
|
||||
|
||||
# Create the database path if it does not exist yet.
|
||||
if [ ! -d "$CONDUIT_DATABASE_PATH" ]; then
|
||||
mkdir -p "$CONDUIT_DATABASE_PATH"
|
||||
chown _matrix-conduit "$CONDUIT_DATABASE_PATH"
|
||||
fi
|
||||
|
||||
# Write the debconf values in the config.
|
||||
db_get matrix-conduit/hostname
|
||||
ROCKET_SERVER_NAME="$RET"
|
||||
db_get matrix-conduit/address
|
||||
ROCKET_ADDRESS="$RET"
|
||||
db_get matrix-conduit/port
|
||||
ROCKET_PORT="$RET"
|
||||
cat >"$CONDUIT_CONFIG_FILE" << EOF
|
||||
# Conduit homeserver Debian configuration
|
||||
#
|
||||
# Conduit is an application based on the Rocket web framework.
|
||||
# Configuration of Conduit happens via Debconf (of which the resulting config
|
||||
# is in this file) and optionally by uncommenting and tweaking the variables in
|
||||
# /etc/matrix-conduit/local.
|
||||
|
||||
# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN!
|
||||
#
|
||||
# Please make changes by running:
|
||||
#
|
||||
# \$ dpkg-reconfigure matrix-conduit
|
||||
#
|
||||
# or by providing overriding changes in /etc/matrix-conduit/local.
|
||||
|
||||
# The server (host)name of the Matrix homeserver.
|
||||
#
|
||||
# This is the hostname the homeserver will be reachable at via a client.
|
||||
ROCKET_SERVER_NAME="$ROCKET_SERVER_NAME"
|
||||
|
||||
# The address the Matrix homeserver listens on.
|
||||
#
|
||||
# By default the server listens on address 0.0.0.0. Change this to 127.0.0.1 to
|
||||
# only listen on the localhost when using a reverse proxy.
|
||||
ROCKET_ADDRESS="$ROCKET_ADDRESS"
|
||||
|
||||
# The port of the Matrix homeserver.
|
||||
#
|
||||
# This port is could be any available port if accessed by a reverse proxy.
|
||||
# By default the server listens on port 8000.
|
||||
ROCKET_PORT="$ROCKET_PORT"
|
||||
|
||||
# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN!
|
||||
EOF
|
||||
;;
|
||||
esac
|
||||
|
||||
#DEBHELPER#
|
22
debian/postrm
vendored
Normal file
22
debian/postrm
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
CONDUIT_CONFIG_PATH=/etc/matrix-conduit
|
||||
CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit
|
||||
|
||||
case $1 in
|
||||
purge)
|
||||
# Per https://www.debian.org/doc/debian-policy/ch-files.html#behavior
|
||||
# "configuration files must be preserved when the package is removed, and
|
||||
# only deleted when the package is purged."
|
||||
if [ -d "$CONDUIT_CONFIG_PATH" ]; then
|
||||
rm -r "$CONDUIT_CONFIG_PATH"
|
||||
fi
|
||||
|
||||
if [ -d "$CONDUIT_DATABASE_PATH" ]; then
|
||||
rm -r "$CONDUIT_DATABASE_PATH"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
#DEBHELPER#
|
21
debian/templates
vendored
Normal file
21
debian/templates
vendored
Normal file
|
@ -0,0 +1,21 @@
|
|||
Template: matrix-conduit/hostname
|
||||
Type: string
|
||||
Default: localhost
|
||||
Description: The server (host)name of the Matrix homeserver
|
||||
This is the hostname the homeserver will be reachable at via a client.
|
||||
.
|
||||
If set to "localhost", you can connect with a client locally and clients
|
||||
from other hosts and also other homeservers will not be able to reach you!
|
||||
|
||||
Template: matrix-conduit/address
|
||||
Type: string
|
||||
Default: 127.0.0.1
|
||||
Description: The listen address of the Matrix homeserver
|
||||
This is the address the homeserver will listen on. Leave it set to 127.0.0.1
|
||||
when using a reverse proxy.
|
||||
|
||||
Template: matrix-conduit/port
|
||||
Type: string
|
||||
Default: 14004
|
||||
Description: The port of the Matrix homeserver
|
||||
This port is most often just accessed by a reverse proxy.
|
|
@ -584,16 +584,16 @@ pub async fn change_password_route(
|
|||
|
||||
db.users.set_password(&sender_user, &body.new_password)?;
|
||||
|
||||
// TODO: Read logout_devices field when it's available and respect that, currently not supported in Ruma
|
||||
// See: https://github.com/ruma/ruma/issues/107
|
||||
// Logout all devices except the current one
|
||||
for id in db
|
||||
.users
|
||||
.all_device_ids(&sender_user)
|
||||
.filter_map(|id| id.ok())
|
||||
.filter(|id| id != sender_device)
|
||||
{
|
||||
db.users.remove_device(&sender_user, &id)?;
|
||||
if body.logout_devices {
|
||||
// Logout all devices except the current one
|
||||
for id in db
|
||||
.users
|
||||
.all_device_ids(&sender_user)
|
||||
.filter_map(|id| id.ok())
|
||||
.filter(|id| id != sender_device)
|
||||
{
|
||||
db.users.remove_device(&sender_user, &id)?;
|
||||
}
|
||||
}
|
||||
|
||||
db.flush().await?;
|
||||
|
|
|
@ -9,7 +9,7 @@ ARG SCCACHE_ENDPOINT
|
|||
ARG SCCACHE_S3_USE_SSL
|
||||
|
||||
COPY . .
|
||||
RUN cargo build
|
||||
RUN test -e target/release/cond_test || cargo build --release --offline
|
||||
|
||||
FROM valkum/docker-rust-ci:latest
|
||||
WORKDIR /workdir
|
||||
|
|
Loading…
Reference in a new issue