Merge branch 'master' of gitlab.com:superboum/deuxfleurs.fr

11 files changed, 178 insertions, 9 deletions

diff --git a/consul/configuration/chat/fb2mx/config.yaml b/consul/configuration/chat/fb2mx/config.yaml
new file mode 100644
index 0000000..51684e3
--- /dev/null
+++ b/consul/configuration/chat/fb2mx/config.yaml
@@ -0,0 +1,133 @@
+# Homeserver details
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    address: https://im.deuxfleurs.fr
+    # The domain of the homeserver (for MXIDs, etc).
+    domain: deuxfleurs.fr
+    # Whether or not to verify the SSL certificate of the homeserver.
+    # Only applies if address starts with https://
+    verify_ssl: true
+
+# Application service host/registration related details
+# Changing these values requires regeneration of the registration.
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    address: http://fb2mx.service.2.cluster.deuxfleurs.fr:29319
+
+    # The hostname and port where this appservice should listen.
+    hostname: 0.0.0.0
+    port: 29319
+    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
+    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
+    max_body_size: 1
+
+    # The full URI to the database. SQLite and Postgres are fully supported.
+    # Other DBMSes supported by SQLAlchemy may or may not work.
+    # Format examples:
+    #   SQLite:   sqlite:///filename.db
+    #   Postgres: postgres://username:password@hostname/dbname
+    database: '{{ key "secrets/chat/fb2mx/db_url" | trimSpace }}' 
+
+    # The unique ID of this appservice.
+    id: facebook
+    # Username of the appservice bot.
+    bot_username: facebookbot
+    # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+    # to leave display name/avatar as-is.
+    bot_displayname: Facebook bridge bot
+    bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
+
+    # Community ID for bridged users (changes registration file) and rooms.
+    # Must be created manually.
+    community_id: "+fbusers:deuxfleurs.fr"
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: "This value is generated when generating the registration"
+    hs_token: "This value is generated when generating the registration"
+
+# Bridge config
+bridge:
+    # Localpart template of MXIDs for Facebook users.
+    # {userid} is replaced with the user ID of the Facebook user.
+    username_template: "facebook_{userid}"
+    # Localpart template for per-user room grouping community IDs.
+    # The bridge will create these communities and add all of the specific user's portals to the community.
+    # {localpart} is the MXID localpart and {server} is the MXID server part of the user.
+    #
+    # `facebook_{localpart}={server}` is a good value.
+    community_template: "facebook_{localpart}={server}"
+    # Displayname template for Facebook users.
+    # {displayname} is replaced with the display name of the Facebook user
+    #               as defined below in displayname_preference.
+    # Keys available for displayname_preference are also available here.
+    displayname_template: "{displayname} (FB)"
+    # Available keys:
+    # "name" (full name)
+    # "first_name"
+    # "last_name"
+    # "nickname"
+    # "own_nickname" (user-specific!)
+    displayname_preference:
+    - name
+
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: "!fb"
+
+    # Number of chats to sync (and create portals for) on startup/login.
+    # Maximum 20, set 0 to disable automatic syncing.
+    initial_chat_sync: 10
+    # Whether or not the Facebook users of logged in Matrix users should be
+    # invited to private chats when the user sends a message from another client.
+    invite_own_puppet_to_pm: false
+    # Whether or not to use /sync to get presence, read receipts and typing notifications when using
+    # your own Matrix account as the Matrix puppet for your Facebook account.
+    sync_with_custom_puppets: true
+    # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
+    # presence, but then it won't send other users' presence to the client.
+    presence: true
+    # Whether or not to update avatars when syncing all contacts at startup.
+    update_avatar_initial_sync: true
+
+    # Permissions for using the bridge.
+    # Permitted values:
+    #       user - Use the bridge with puppeting.
+    #      admin - Use and administrate the bridge.
+    # Permitted keys:
+    #        * - All Matrix users
+    #   domain - All users on that homeserver
+    #     mxid - Specific user
+    permissions:
+        "deuxfleurs.fr": "user"
+
+# Python logging configuration.
+#
+# See section 16.7.2 of the Python documentation for more info:
+# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
+logging:
+    version: 1
+    formatters:
+        colored:
+            (): mautrix_facebook.util.ColorFormatter
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+        normal:
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+    handlers:
+        file:
+            class: logging.handlers.RotatingFileHandler
+            formatter: normal
+            filename: ./mautrix-facebook.log
+            maxBytes: 10485760
+            backupCount: 10
+        console:
+            class: logging.StreamHandler
+            formatter: colored
+    loggers:
+        mau:
+            level: DEBUG
+        fbchat:
+            level: DEBUG
+        aiohttp:
+            level: INFO
+    root:
+        level: DEBUG
+        handlers: [file, console]
diff --git a/consul/configuration/chat/fb2mx/registration.yaml b/consul/configuration/chat/fb2mx/registration.yaml
new file mode 100644
index 0000000..c3d8c05
--- /dev/null
+++ b/consul/configuration/chat/fb2mx/registration.yaml
@@ -0,0 +1,11 @@
+id: facebook
+as_token: '{{ key "secrets/chat/fb2mx/as_token" | trimSpace }}'
+hs_token: '{{ key "secrets/chat/fb2mx/hs_token" | trimSpace }}'
+namespaces:
+    users:
+    - exclusive: true
+      regex: '@facebook_.+:deuxfleurs.fr'
+      group_id: '+fbusers:deuxfleurs.fr'
+url: http://fb2mx.service.2.cluster.deuxfleurs.fr:29319
+sender_localpart: facebookbot
+rate_limited: false
diff --git a/consul/configuration/chat/synapse/homeserver.yaml b/consul/configuration/chat/synapse/homeserver.yaml
index 119dd7c..9e0e97f 100644
--- a/consul/configuration/chat/synapse/homeserver.yaml
+++ b/consul/configuration/chat/synapse/homeserver.yaml
@@ -307,7 +307,8 @@ room_invite_state_types:
 
 
 # A list of application service config file to use
-app_service_config_files: []
+app_service_config_files: 
+    - "/etc/matrix-synapse/fb2mx_registration.yaml"
 
 
 # macaroon_secret_key: <PRIVATE STRING>
@@ -402,4 +403,8 @@ password_config:
 #   notif_template_html: notif_mail.html
 #   notif_template_text: notif_mail.txt
 #   notif_for_new_users: True
+
+# Key that had to be added after some synapse updates to please matrix developers...
 report_stats: false
+suppress_key_server_warning: true
+enable_group_creation: true
diff --git a/consul/restore_configuration.sh b/consul/restore_configuration.sh
index ba4d353..33742e5 100755
--- a/consul/restore_configuration.sh
+++ b/consul/restore_configuration.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-find {configuration,secrets} -type f \
+find {configuration,secrets}/$1 -type f \
   | grep --perl-regexp --invert-match "\.sample$|\.gen$|/.gitignore$" \
   | while read filename; do
       consul kv put "${filename}" "@${filename}"
diff --git a/consul/secrets/chat/fb2mx/as_token.sample b/consul/secrets/chat/fb2mx/as_token.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/consul/secrets/chat/fb2mx/as_token.sample
diff --git a/consul/secrets/chat/fb2mx/db_url.sample b/consul/secrets/chat/fb2mx/db_url.sample
new file mode 100644
index 0000000..aff4635
--- /dev/null
+++ b/consul/secrets/chat/fb2mx/db_url.sample
@@ -0,0 +1 @@
+postgres://username:password@hostname/dbname
diff --git a/consul/secrets/chat/fb2mx/hs_token.sample b/consul/secrets/chat/fb2mx/hs_token.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/consul/secrets/chat/fb2mx/hs_token.sample
diff --git a/docker/seafile/Dockerfile b/docker/seafile/Dockerfile
index 7373b47..88dee4f 100644
--- a/docker/seafile/Dockerfile
+++ b/docker/seafile/Dockerfile
@@ -9,7 +9,7 @@ RUN apt-get update && \
     tar xf ./seafile.tar.gz && \
     mv seafile-server-${VERSION} seafile-server
 
-FROM debian:buster
+FROM amd64/debian:buster
 
 COPY --from=builder ./seafile-server /srv/webstore/seafile-server
 
@@ -32,10 +32,11 @@ RUN apt-get update && \
     pip install Pillow==4.3.0 && \
     pip install moviepy && \
     useradd -u 1000 -d /srv/webstore seauser && \
-    chown -R seauser:1000 /srv/webstore/ && \
-    mkdir -p /usr/lib64/mysql/plugin/ && \
-    ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/mysql_clear_password.so /usr/lib64/mysql/plugin/ && \
-    ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/dialog.so /usr/lib64/mysql/plugin/
+    chown -R seauser:1000 /srv/webstore/
+
+RUN mkdir -p /usr/local/lib/mariadb/plugin/  && \
+    ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/mysql_clear_password.so /usr/local/lib/mariadb/plugin/ && \
+    ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/dialog.so /usr/local/lib/mariadb/plugin/
     
 WORKDIR /srv/webstore/seafile-server
 COPY seadocker /usr/local/bin/seadocker
diff --git a/docker/seafile/README.md b/docker/seafile/README.md
index 492fd10..26d04e0 100644
--- a/docker/seafile/README.md
+++ b/docker/seafile/README.md
@@ -7,6 +7,7 @@ When upgrading, connect on a production server and run:
 
 ```bash
 nomad stop seafile
+sudo docker build -t superboum/amd64_seafile:v6 .
 
 sudo docker run -t -i \
   -v /mnt/glusterfs/seafile:/mnt/seafile-data \
@@ -23,3 +24,4 @@ sudo docker run -t -i \
 nomad start seafile.hcl
 ```
 
+when upgrading, change the command on start
diff --git a/nomad/chat.hcl b/nomad/chat.hcl
index 50c657b..a0c5397 100644
--- a/nomad/chat.hcl
+++ b/nomad/chat.hcl
@@ -29,7 +29,7 @@ job "chat" {
       }
       
       artifact {
-        source = "http://127.0.0.1:8500/v1/kv/configuration/chat/synapse/homeserver.yaml?raw&a=a"
+        source = "http://127.0.0.1:8500/v1/kv/configuration/chat/synapse/homeserver.yaml?raw"
         destination = "secrets/tpl/homeserver.yaml.tpl"
         mode = "file"
       }
@@ -37,6 +37,17 @@ job "chat" {
         source = "secrets/tpl/homeserver.yaml.tpl"
         destination = "secrets/conf/homeserver.yaml"
       }
+
+      artifact {
+        source = "http://127.0.0.1:8500/v1/kv/configuration/chat/fb2mx/registration.yaml?raw"
+        destination = "secrets/tpl/fb2mx_registration.yaml.tpl"
+        mode = "file"
+      }
+      template {
+        source = "secrets/tpl/fb2mx_registration.yaml.tpl"
+        destination = "secrets/conf/fb2mx_registration.yaml"
+      }
+
       template {
         data = "{{ key \"configuration/chat/synapse/log.yaml\" }}"
         destination = "secrets/conf/log.yaml"
diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl
index 574f6bc..c930396 100644
--- a/nomad/seafile.hcl
+++ b/nomad/seafile.hcl
@@ -12,7 +12,12 @@ job "seafile" {
     task "server" {
       driver = "docker"
       config {
-        image = "superboum/amd64_seafile:v4"
+        image = "superboum/amd64_seafile:v6"
+        
+        ## cmd + args are used for running an instance attachable for update
+        # command = "/bin/sleep"
+        # args = ["999999"]
+
         port_map {
           seahub_port = 8000
           seafdav_port = 8084