Merge remote-tracking branch 'famedly/master' into appservices

next
Timo Kösters 2021-02-03 12:54:37 +01:00
commit fd3fb3a7ed
No known key found for this signature in database
GPG Key ID: 24DA7517711A2BA4
10 changed files with 278 additions and 11 deletions

View File

@ -77,3 +77,26 @@ required-features = ["conduit_bin"]
[lib] [lib]
name = "conduit" name = "conduit"
path = "src/lib.rs" path = "src/lib.rs"
[package.metadata.deb]
name = "matrix-conduit"
maintainer = "Paul van Tilburg <paul@luon.net>"
copyright = "2020, Timo Kösters <timo@koesters.xyz>"
license-file = ["LICENSE", "3"]
depends = "$auto, ca-certificates"
extended-description = """\
A fast Matrix homeserver that is optimized for smaller, personal servers, \
instead of a server that has high scalability."""
section = "net"
priority = "optional"
assets = [
["debian/env.local", "etc/matrix-conduit/local", "644"],
["debian/README.Debian", "usr/share/doc/matrix-conduit/", "644"],
["README.md", "usr/share/doc/matrix-conduit/", "644"],
["target/release/conduit", "usr/sbin/matrix-conduit", "755"],
]
conf-files = [
"/etc/matrix-conduit/local"
]
maintainer-scripts = "debian/"
systemd-units = { unit-name = "matrix-conduit" }

29
debian/README.Debian vendored Normal file
View File

@ -0,0 +1,29 @@
Conduit for Debian
==================
Configuration
-------------
When installed, Debconf handles the configuration of the homeserver (host)name,
the address and port it listens on. These configuration variables end up in
/etc/matrix-conduit/debian.
You can tweak more detailed settings by uncommenting and setting the variables
in /etc/matrix-conduit/local. This involves settings such as the maximum file
size for download/upload, enabling federation, etc.
Running
-------
The package uses the matrix-conduit.service systemd unit file to start and
stop Conduit. It loads the configuration files mentioned above to set up the
environment before running the server.
This package assumes by default that Conduit is placed behind a reverse proxy
such as Apache or nginx. This default deployment entails just listening on
127.0.0.1 and the free port 14004 and is reachable via a client using the URL
http://localhost:14004.
At a later stage this packaging may support also setting up TLS and running
stand-alone. In this case, however, you need to set up some certificates and
renewal, for it to work properly.

17
debian/config vendored Normal file
View File

@ -0,0 +1,17 @@
#!/bin/sh
set -e
# Source debconf library.
. /usr/share/debconf/confmodule
# Ask for the Matrix homeserver name, address and port.
db_input high matrix-conduit/hostname || true
db_go
db_input low matrix-conduit/address || true
db_go
db_input medium matrix-conduit/port || true
db_go
exit 0

33
debian/env.local vendored Normal file
View File

@ -0,0 +1,33 @@
# Conduit homeserver local configuration
#
# Conduit is an application based on the Rocket web framework.
# Configuration of Conduit happens via Debconf (see the resulting config in
# `/etc/matrix-conduit/debian`) and optionally by uncommenting and tweaking the
# variables in this file below.
# The maximum size of a Matrix HTTP requests in bytes.
#
# This mostly affects the size of files that can be downloaded/uploaded.
# It defaults to 20971520 (20MB).
#ROCKET_MAX_REQUEST_SIZE=20971520
# Whether user registration is allowed.
#
# User registration is not disabled by default.
#ROCKET_REGISTRATION_DISABLED=false
# Whether encryption is enabled.
#
# (End-to-end) encryption is not disabled by default.
#ROCKET_ENCRYPTION_DISABLED=false
# Whether federation with other Matrix servers is enabled.
#
# Federation is not enabled by default; it is still experimental.
#ROCKET_FEDERATION_ENABLED=false
# The log level of the homeserver.
#
# The log level is "critical" by default.
# Allowed values are: "off", "normal", "debug", "critical"
#ROCKET_LOG="critical"

49
debian/matrix-conduit.service vendored Normal file
View File

@ -0,0 +1,49 @@
[Unit]
Description=Conduit Matrix homeserver
After=network.target
[Service]
User=_matrix-conduit
Group=_matrix-conduit
Type=simple
AmbientCapabilities=
CapabilityBoundingSet=
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
StateDirectory=matrix-conduit
Environment="ROCKET_ENV=production"
Environment="ROCKET_DATABASE_PATH=/var/lib/matrix-conduit"
EnvironmentFile=/etc/matrix-conduit/debian
EnvironmentFile=/etc/matrix-conduit/local
ExecStart=/usr/sbin/matrix-conduit
Restart=on-failure
RestartSec=10
StartLimitInterval=1m
StartLimitBurst=5
[Install]
WantedBy=multi-user.target

73
debian/postinst vendored Normal file
View File

@ -0,0 +1,73 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
CONDUIT_CONFIG_PATH=/etc/matrix-conduit
CONDUIT_CONFIG_FILE="$CONDUIT_CONFIG_PATH/debian"
CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit
case "$1" in
configure)
# Create the `_matrix-conduit` user if it does not exist yet.
if ! getent passwd _matrix-conduit > /dev/null ; then
echo 'Adding system user for the Conduit Matrix homeserver' 1>&2
adduser --system --group --quiet \
--home $CONDUIT_DATABASE_PATH \
--disabled-login \
--force-badname \
_matrix-conduit
fi
# Create the database path if it does not exist yet.
if [ ! -d "$CONDUIT_DATABASE_PATH" ]; then
mkdir -p "$CONDUIT_DATABASE_PATH"
chown _matrix-conduit "$CONDUIT_DATABASE_PATH"
fi
# Write the debconf values in the config.
db_get matrix-conduit/hostname
ROCKET_SERVER_NAME="$RET"
db_get matrix-conduit/address
ROCKET_ADDRESS="$RET"
db_get matrix-conduit/port
ROCKET_PORT="$RET"
cat >"$CONDUIT_CONFIG_FILE" << EOF
# Conduit homeserver Debian configuration
#
# Conduit is an application based on the Rocket web framework.
# Configuration of Conduit happens via Debconf (of which the resulting config
# is in this file) and optionally by uncommenting and tweaking the variables in
# /etc/matrix-conduit/local.
# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN!
#
# Please make changes by running:
#
# \$ dpkg-reconfigure matrix-conduit
#
# or by providing overriding changes in /etc/matrix-conduit/local.
# The server (host)name of the Matrix homeserver.
#
# This is the hostname the homeserver will be reachable at via a client.
ROCKET_SERVER_NAME="$ROCKET_SERVER_NAME"
# The address the Matrix homeserver listens on.
#
# By default the server listens on address 0.0.0.0. Change this to 127.0.0.1 to
# only listen on the localhost when using a reverse proxy.
ROCKET_ADDRESS="$ROCKET_ADDRESS"
# The port of the Matrix homeserver.
#
# This port is could be any available port if accessed by a reverse proxy.
# By default the server listens on port 8000.
ROCKET_PORT="$ROCKET_PORT"
# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN!
EOF
;;
esac
#DEBHELPER#

22
debian/postrm vendored Normal file
View File

@ -0,0 +1,22 @@
#!/bin/sh
set -e
CONDUIT_CONFIG_PATH=/etc/matrix-conduit
CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit
case $1 in
purge)
# Per https://www.debian.org/doc/debian-policy/ch-files.html#behavior
# "configuration files must be preserved when the package is removed, and
# only deleted when the package is purged."
if [ -d "$CONDUIT_CONFIG_PATH" ]; then
rm -r "$CONDUIT_CONFIG_PATH"
fi
if [ -d "$CONDUIT_DATABASE_PATH" ]; then
rm -r "$CONDUIT_DATABASE_PATH"
fi
;;
esac
#DEBHELPER#

21
debian/templates vendored Normal file
View File

@ -0,0 +1,21 @@
Template: matrix-conduit/hostname
Type: string
Default: localhost
Description: The server (host)name of the Matrix homeserver
This is the hostname the homeserver will be reachable at via a client.
.
If set to "localhost", you can connect with a client locally and clients
from other hosts and also other homeservers will not be able to reach you!
Template: matrix-conduit/address
Type: string
Default: 127.0.0.1
Description: The listen address of the Matrix homeserver
This is the address the homeserver will listen on. Leave it set to 127.0.0.1
when using a reverse proxy.
Template: matrix-conduit/port
Type: string
Default: 14004
Description: The port of the Matrix homeserver
This port is most often just accessed by a reverse proxy.

View File

@ -584,16 +584,16 @@ pub async fn change_password_route(
db.users.set_password(&sender_user, &body.new_password)?; db.users.set_password(&sender_user, &body.new_password)?;
// TODO: Read logout_devices field when it's available and respect that, currently not supported in Ruma if body.logout_devices {
// See: https://github.com/ruma/ruma/issues/107 // Logout all devices except the current one
// Logout all devices except the current one for id in db
for id in db .users
.users .all_device_ids(&sender_user)
.all_device_ids(&sender_user) .filter_map(|id| id.ok())
.filter_map(|id| id.ok()) .filter(|id| id != sender_device)
.filter(|id| id != sender_device) {
{ db.users.remove_device(&sender_user, &id)?;
db.users.remove_device(&sender_user, &id)?; }
} }
db.flush().await?; db.flush().await?;

View File

@ -9,7 +9,7 @@ ARG SCCACHE_ENDPOINT
ARG SCCACHE_S3_USE_SSL ARG SCCACHE_S3_USE_SSL
COPY . . COPY . .
RUN cargo build RUN test -e target/release/cond_test || cargo build --release --offline
FROM valkum/docker-rust-ci:latest FROM valkum/docker-rust-ci:latest
WORKDIR /workdir WORKDIR /workdir