Merge remote-tracking branch 'famedly/master' into develop

2021-04-14 10:26:28 +02:00 · 2021-04-14 10:26:28 +02:00 · abddfc2d2a
commit abddfc2d2a
parent 5951294638 b427395648
10 changed files with 147 additions and 40 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,64 @@
-/target
-**/*.rs.bk
+# CMake
+cmake-build-*/

+# IntelliJ
+.idea/
+out/
+*.iml
+modules.xml
+*.ipr
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# Linux backup files
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+# Rust
+/target/
+
+### vscode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows shortcuts
+*.lnk
+
+# Conduit
 Rocket.toml
 conduit.toml
+
+# Etc.
+**/*.rs.bk
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,3 @@
+{
+    "rust-analyzer.procMacro.enable": true
+}
--- a/CROSS_COMPILE.md
+++ b/CROSS_COMPILE.md
@ -1,13 +1,10 @@
 Install docker:
-
+```
 $ sudo apt install docker
 $ sudo usermod -aG docker $USER
-
-Then log out and back in.
-
+$ exec sudo su -l $USER
 $ sudo systemctl start docker
-
 $ cargo install cross
 $ cross build --release --features tls_vendored --target armv7-unknown-linux-musleabihf
-
+```
 The cross-compiled binary is at target/armv7-unknown-linux-musleabihf/release/conduit
--- a/Cargo.toml
+++ b/Cargo.toml
@ -29,7 +29,7 @@ state-res = { git = "https://github.com/timokoesters/state-res", rev = "9bb46ae6
 # Used for long polling and federation sender, should be the same as rocket::tokio
 tokio = "1.2.0"
 # Used for storing data permanently
-sled = { version = "0.34.6", default-features = false, features = ["compression"] }
+sled = { version = "0.34.6", features = ["compression", "no_metrics"] }
 #sled = { git = "https://github.com/spacejam/sled.git", rev = "e4640e0773595229f398438886f19bca6f7326a2", features = ["compression"] }

 # Used for emitting log entries
--- a/DEPLOY.md
+++ b/DEPLOY.md
@ -18,6 +18,16 @@ $ sudo wget -O /usr/local/bin/matrix-conduit <url>
 $ sudo chmod +x /usr/local/bin/matrix-conduit
 ```

+## Adding a Conduit user
+
+While Conduit can run as any user it is usually better to use dedicated users for different services.
+This also allows you to make sure that the file permissions are correctly set up.
+
+In Debian you can use this command to create a Conduit user:
+
+```
+sudo adduser --system conduit --no-create-home
+```

 ## Setting up a systemd service

@ -33,8 +43,8 @@ After=network.target

 [Service]
 Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml"
-User=root
-Group=root
+User=conduit
+Group=nogroup
 Restart=always
 ExecStart=/usr/local/bin/matrix-conduit

@ -91,6 +101,22 @@ allow_federation = true
 address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy
 ```

+## Setting the correct file permissions
+
+As we are using a Conduit specific user we need to allow it to read the config.
+To do that you can run this command on Debian:
+
+```
+sudo chown -R conduit:nogroup /etc/matrix-conduit
+```
+
+If you use the default database path you also need to run this:
+
+```
+sudo mkdir -p /var/lib/matrix-conduit/conduit_db
+sudo chown -R conduit:nogroup /var/lib/matrix-conduit/conduit_db
+```
+

 ## Setting up the Reverse Proxy

@ -107,8 +133,8 @@ Listen 8448
 ServerName your.server.name # EDIT THIS

 AllowEncodedSlashes NoDecode
-ProxyPass /_matrix/ http://localhost:6167/
-ProxyPassReverse /_matrix/ http://localhost:6167/
+ProxyPass /_matrix/ http://localhost:6167/_matrix/
+ProxyPassReverse /_matrix/ http://localhost:6167/_matrix/

 Include /etc/letsencrypt/options-ssl-apache.conf
 SSLCertificateFile /etc/letsencrypt/live/your.server.name/fullchain.pem # EDIT THIS
--- a/README.md
+++ b/README.md
@ -1,25 +1,43 @@
 # Conduit
 ### A Matrix homeserver written in Rust

-[![Liberapay](https://img.shields.io/liberapay/receives/timokoesters?logo=liberapay)](https://liberapay.com/timokoesters)
-[![Matrix](https://img.shields.io/matrix/conduit:conduit.rs?server_fqdn=conduit.koesters.xyz)](https://matrix.to/#/#conduit:matrix.org)
-
 #### What is the goal?

 A fast Matrix homeserver that's easy to set up and just works. You can install
 it on a mini-computer like the Raspberry Pi to host Matrix for your family,
 friends or company.

+
 #### Can I try it out?

 Yes! Just open a Matrix client (<https://app.element.io> or Element Android for
 example) and register on the `https://conduit.koesters.xyz` homeserver.

+
+#### What is it build on?
+
+- [Ruma](https://www.ruma.io): Useful structures for endpoint requests and
+  responses that can be (de)serialized
+- [Sled](https://github.com/spacejam/sled): A simple (key, value) database with
+  good performance
+- [Rocket](https://rocket.rs): A flexible web framework
+
+
+#### What are the biggest things still missing?
+
+- Most federation features (invites, e2ee)
+- Push notifications on mobile
+- Notification settings
+- Lots of testing
+
+Check out the [Conduit 1.0 Release Milestone](https://gitlab.com/famedly/conduit/-/milestones/3).
+
+
 #### How can I deploy my own?

 ##### Deploy

-Download or compile a conduit binary and call it from somewhere like a systemd script. [Read
+Download or compile a Conduit binary, set up the config and call it from somewhere like a systemd script. [Read
 more](DEPLOY.md)

 ##### Deploy using Docker
@ -33,34 +51,23 @@ docker run -d -p 8448:8000 -v db:/srv/conduit/.local/share/conduit matrixconduit

 Or build and run it with docker or docker-compose. [Read more](docker/README.md)

-#### What is it build on?
-
- [Ruma](https://www.ruma.io): Useful structures for endpoint requests and
-  responses that can be (de)serialized
- [Sled](https://github.com/spacejam/sled): A simple (key, value) database with
-  good performance
- [Rocket](https://rocket.rs): A flexible web framework
-
-#### What are the biggest things still missing?
-
- Appservices (Bridges and Bots)
- Most federation features (invites, e2ee)
- Push notifications on mobile
- Notification settings
- Lots of testing
-
-Also check out the [milestones](https://git.koesters.xyz/timo/conduit/milestones).

 #### How can I contribute?

 1. Look for an issue you would like to work on and make sure it's not assigned
   to other users
 2. Ask someone to assign the issue to you (comment on the issue or chat in
-   #conduit:matrix.org)
-3. Fork the repo and work on the issue. #conduit:matrix.org is happy to help :)
-4. Submit a PR
+   #conduit:nordgedanken.dev)
+3. Fork the repo and work on the issue. #conduit:nordgedanken.dev is happy to help :)
+4. Submit a MR

 #### Donate

 Liberapay: <https://liberapay.com/timokoesters/>\
 Bitcoin: `bc1qnnykf986tw49ur7wx9rpw2tevpsztvar5x8w4n`
+
+
+#### Logo
+
+Lightning Bolt Logo: https://github.com/mozilla/fxemoji/blob/gh-pages/svgs/nature/u26A1-bolt.svg \
+Logo License: https://github.com/mozilla/fxemoji/blob/gh-pages/LICENSE.md
--- a/src/client_server/membership.rs
+++ b/src/client_server/membership.rs
@ -22,8 +22,7 @@ use ruma::{
    serde::{to_canonical_value, CanonicalJsonObject, Raw},
    EventId, RoomId, RoomVersionId, ServerName, UserId,
 };
-use std::sync::RwLock;
-use std::{collections::BTreeMap, convert::TryFrom};
+use std::{collections::BTreeMap, convert::TryFrom, sync::RwLock};

 #[cfg(feature = "conduit_bin")]
 use rocket::{get, post};
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,3 +1,4 @@
+#![allow(clippy::suspicious_else_formatting)]
 pub mod appservice_server;
 pub mod client_server;
 mod database;
--- a/src/main.rs
+++ b/src/main.rs
@ -1,4 +1,5 @@
 #![warn(rust_2018_idioms)]
+#![allow(clippy::suspicious_else_formatting)]

 pub mod appservice_server;
 pub mod client_server;
--- a/tests/Complement.Dockerfile
+++ b/tests/Complement.Dockerfile
@ -1,4 +1,19 @@
 # For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit
+FROM valkum/docker-rust-ci:latest as builder
+WORKDIR /workdir
+
+ARG RUSTC_WRAPPER
+ARG AWS_ACCESS_KEY_ID
+ARG AWS_SECRET_ACCESS_KEY
+ARG SCCACHE_BUCKET
+ARG SCCACHE_ENDPOINT
+ARG SCCACHE_S3_USE_SSL
+
+COPY . .
+RUN mkdir -p target/release
+RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release
+
+
 FROM valkum/docker-rust-ci:latest
 WORKDIR /workdir

@ -32,4 +47,3 @@ CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && t
    sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
    /workdir/caddy start --config caddy.json > /dev/null && \
    /workdir/conduit
-