Implement use flags for subcommants

Optimize synapse pipeline
author: Filip Wandzio <contact@philw.dev> 2025-10-01 22:21:25 +0200
committer: Filip Wandzio <contact@philw.dev> 2025-10-01 22:21:25 +0200
commit: 37e65300245be45d4000797b3ada53c68022fc26 (patch)
tree: ae304da2869d2069b3359def36e36d29877fc7c8 /whiterabbit.sh
parent: 34fbb07af8de311a4d316325bcf574341f6be5dd (diff)
download: whiterabbit-37e65300245be45d4000797b3ada53c68022fc26.tar.gz
whiterabbit-37e65300245be45d4000797b3ada53c68022fc26.zip
1 files changed, 0 insertions, 417 deletions
diff --git a/whiterabbit.sh b/whiterabbit.sh
deleted file mode 100755
index f8eb350..0000000
--- a/whiterabbit.sh
+++ /dev/null
@@ -1,417 +0,0 @@
-#!/bin/sh
-set -eu
-BASE_DIR="/opt/matrix"
-# Detect docker compose binary
-DOCKER_COMPOSE=$(command -v docker-compose || command -v "docker" compose || true)
-if [ -z "$DOCKER_COMPOSE" ]; then
-    echo "[ERROR] docker-compose or docker compose not found" >&2
-    exit 1
-fi
-usage() {
-    cat <<'EOF'
-whiterabbit: auto-configure Matrix homeservers (Dendrite or Synapse)
-with a global Coturn instance and Nginx + Let's Encrypt proxy.
-Main actions:
-  turn       Install or configure the global Coturn server
-  dendrite   Add a new Matrix server (Dendrite)
-  synapse    Add a new Matrix server (Synapse)
-  list       Show all configured Matrix servers
-  remove     Remove a Matrix server by domain
-Notes:
-  • Coturn should be installed only once using 'turn'.
-  • All Matrix servers share the same Coturn (TURN domain/secret).
-  • TLS certificates are issued automatically using Let's Encrypt.
-  • Requirements: docker, docker-compose, nginx, certbot, coturn.
-EOF
-    exit 1
-}
-require_nonempty() {
-    VAR_NAME="$1"
-    VAR_VALUE="$2"
-    if [ -z "$VAR_VALUE" ]; then
-        echo "[ERROR] $VAR_NAME cannot be empty" >&2
-        exit 1
-    fi
-}
-list_servers() {
-    echo "=== Installed servers ==="
-    ls -1 "$BASE_DIR" 2>/dev/null || echo "No servers installed"
-}
-install_turn() {
-    echo "=== Installing global Coturn ==="
-    printf "TURN domain (eg. turn.example.com): "
-    read -r TURN_DOMAIN
-    require_nonempty TURN_DOMAIN "$TURN_DOMAIN"
-    printf "TURN IP (eg. 127.0.0.1): "
-    read -r TURN_SERVER_IP
-    require_nonempty TURN_SERVER_IP "$TURN_SERVER_IP"
-    printf "Listening device (eg. eth0): "
-    read -r TURN_LISTENING_DEVICE
-    require_nonempty TURN_LISTENING_DEVICE "$TURN_LISTENING_DEVICE"
-    printf "TURN shared secret: "
-    read -r TURN_SECRET
-    require_nonempty TURN_SECRET "$TURN_SECRET"
-    mkdir -p /etc/turn
-    cat <<EOF > /etc/turn/turnserver.conf
-listening-device=$TURN_LISTENING_DEVICE
-listening-port=3478
-tls-listening-port=5349
-listening-ip=$TURN_SERVER_IP
-min-port=49152
-max-port=65535
-use-auth-secret
-static-auth-secret=$TURN_SECRET
-realm=$TURN_DOMAIN
-syslog
-no-rfc5780
-no-stun-backward-compatibility
-response-origin-only-with-rfc5780
-EOF
-    echo "$TURN_DOMAIN" > /etc/turn/domain
-    echo "$TURN_SECRET" > /etc/turn/secret
-    if command -v systemctl >/dev/null; then
-        systemctl enable --now coturn || true
-    else
-        service coturn start || true
-    fi
-    echo "[OK] Global Coturn configured ($TURN_DOMAIN)"
-}
-common_prompts() {
-    printf "Matrix domain (eg. matrix.example.com): "
-    read -r MATRIX_DOMAIN
-    require_nonempty MATRIX_DOMAIN "$MATRIX_DOMAIN"
-    printf "Let's Encrypt certificate email: "
-    read -r EMAIL
-    require_nonempty EMAIL "$EMAIL"
-    printf "Postgres secret: "
-    read -r DB_PASS
-    require_nonempty DB_PASS "$DB_PASS"
-    printf "registration_shared_secret: "
-    read -r REG_SECRET
-    require_nonempty REG_SECRET "$REG_SECRET"
-    printf "MATRIX server IP (eg. 127.0.0.1): "
-    read -r MATRIX_SERVER_IP
-    require_nonempty MATRIX_SERVER_IP "$MATRIX_SERVER_IP"
-    TURN_DOMAIN=$(cat /etc/turn/domain)
-    TURN_SECRET=$(cat /etc/turn/secret)
-    # Generate unique port numbers from hash of domain
-    HASH=$(printf "%s" "$MATRIX_DOMAIN" | cksum | cut -d ' ' -f1)
-    PORT_BASE=$(( (HASH % 1000) + 8000 ))
-    PORT_HTTP=$PORT_BASE
-    PORT_HTTPS=$((PORT_BASE+1))
-}
-configure_nginx() {
-    DOMAIN="$1"
-    SERVICE_PORT="$2"
-    mkdir -p /etc/nginx/sites-available
-    mkdir -p /etc/nginx/sites-enabled
-    cat <<EOF > "/etc/nginx/sites-available/$DOMAIN"
-server {
-    listen 80;
-    server_name $DOMAIN;
-    location /.well-known/matrix/server {
-        default_type application/json;
-        return 200 '{ "m.server": "$DOMAIN:443" }';
-    }
-    location /.well-known/matrix/client {
-        default_type application/json;
-        return 200 '{
-            "m.homeserver": { "base_url": "https://$DOMAIN" },
-            "m.identity_server": { "base_url": "https://vector.im" }
-        }';
-    }
-    location / {
-        proxy_pass http://127.0.0.1:$SERVICE_PORT;
-        proxy_set_header Host \$host;
-        proxy_set_header X-Forwarded-For \$remote_addr;
-    }
-}
-EOF
-    ln -sf "/etc/nginx/sites-available/$DOMAIN" "/etc/nginx/sites-enabled/$DOMAIN"
-    nginx -t || { echo "[ERROR] Invalid nginx config"; exit 1; }
-    if command -v systemctl >/dev/null; then
-        systemctl reload nginx
-    else
-        nginx -s reload
-    fi
-    if command -v certbot >/dev/null; then
-        certbot --nginx --non-interactive --agree-tos -m "$EMAIL" -d "$DOMAIN" || {
-            echo "[WARN] Certbot failed for $DOMAIN"
-        }
-    else
-        echo "[WARN] Certbot not installed, skipping TLS setup"
-    fi
-    echo "[OK] Nginx and SSL certificate configured for $DOMAIN"
-}
-install_dendrite() {
-    echo "=== Installing Matrix Dendrite ==="
-    common_prompts
-    INSTALL_DIR="$BASE_DIR/$MATRIX_DOMAIN"
-    mkdir -p "$INSTALL_DIR/config"
-    cd "$INSTALL_DIR" || exit 1
-    cat <<EOF > .env
-POSTGRES_HOSTNAME=postgres
-POSTGRES_VERSION=15-alpine
-POSTGRES_USER=dendrite
-POSTGRES_PASSWORD=$DB_PASS
-POSTGRES_DB=dendrite
-MONOLITH_HOSTNAME=monolith
-MONOLITH_IMAGE=matrixdotorg/dendrite-monolith:latest
-MONOLITH_PORT_HTTP=$PORT_HTTP
-MONOLITH_PORT_HTTPS=$PORT_HTTPS
-EOF
-cat <<EOF > compose.yml
-services:
-  postgres:
-    hostname: \${POSTGRES_HOSTNAME:-postgres}
-    image: postgres:\${POSTGRES_VERSION:-15-alpine}
-    restart: always
-    volumes:
-      - ./dendrite_postgres_data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_PASSWORD: \${POSTGRES_PASSWORD:-$DB_PASS}
-      POSTGRES_USER: \${POSTGRES_USER:-dendrite}
-      POSTGRES_DB: \${POSTGRES_DB:-dendrite}
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U \${POSTGRES_USER:-dendrite}"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
-    networks:
-      - internal
-  monolith:
-    hostname: \${MONOLITH_HOSTNAME:-monolith}
-    image: \${MONOLITH_IMAGE:-matrixdotorg/dendrite-monolith:latest}
-    ports:
-      - \${MONOLITH_PORT_HTTP:-8008}:8008
-      - \${MONOLITH_PORT_HTTPS:-8448}:8448
-    volumes:
-      - ./config:/etc/dendrite
-      - ./dendrite_media:/var/dendrite/media
-      - ./dendrite_jetstream:/var/dendrite/jetstream
-      - ./dendrite_search_index:/var/dendrite/searchindex
-      - ./:/mnt
-    depends_on:
-      postgres:
-        condition: service_healthy
-    networks:
-      - internal
-    restart: unless-stopped
-networks:
-  internal:
-    attachable: true
-volumes:
-  dendrite_postgres_data:
-  dendrite_media:
-  dendrite_jetstream:
-  dendrite_search_index:
-EOF
-    # --- Plik konfiguracji Dendrite ---
-cat <<EOF > config/dendrite.yaml
-version: 2
-global:
-  server_name: $MATRIX_DOMAIN
-  private_key: /mnt/matrix_key.pem
-  tls_cert: /mnt/server.crt
-  tls_key: /mnt/server.key
-  old_private_keys: []
-  key_validity_period: 168h0m0s
-  database:
-    connection_string: postgresql://dendrite:$DB_PASS@postgres/dendrite?sslmode=disable
-    max_open_conns: 90
-    max_idle_conns: 5
-    conn_max_lifetime: -1
-  well_known_server_name: "$MATRIX_DOMAIN:443"
-  well_known_client_name: "https://$MATRIX_DOMAIN"
-  cache:
-    max_size_estimated: 1gb
-    max_age: 1h
-  trusted_third_party_id_servers:
-    - matrix.org
-    - vector.im
-  disable_federation: false
-  report_stats:
-    enabled: false
-client_api:
-  registration_disabled: true
-  registration_shared_secret: "$REG_SECRET"
-  turn:
-    turn_user_lifetime: "5m"
-    turn_uris:
-      - turn:$TURN_DOMAIN?transport=udp
-      - turn:$TURN_DOMAIN?transport=tcp
-    turn_shared_secret: "$TURN_SECRET"
-federation_api:
-  send_max_retries: 16
-  disable_tls_validation: false
-media_api:
-  base_path: ./media_store
-  max_file_size_bytes: 10485760
-sync_api:
-  search:
-    enabled: false
-    index_path: "./searchindex"
-user_api:
-  auto_join_rooms:
-    - "#main:$MATRIX_DOMAIN"
-logging:
-  - type: std
-    level: info
-  - type: file
-    level: info
-    params:
-      path: ./logs
-jetstream:
-  addresses: []
-  disable_tls_validation: false
-  storage_path: ./
-  topic_prefix: Dendrite
-metrics:
-  enabled: false
-  basic_auth:
-    username: metrics
-    password: metrics
-dns_cache:
-  enabled: false
-  cache_size: 256
-  cache_lifetime: "5m"
-EOF
-    # Generate necessary project directory
-    $DOCKER_COMPOSE up -d
-    $DOCKER_COMPOSE down
-    # --- Generowanie kluczy Dendrite + TLS jeśli nie istnieją ---
-        echo "[INFO] Generating Dendrite keys..."
-docker run --rm --entrypoint=""   -v $(pwd):/mnt   matrixdotorg/dendrite-monolith:latest   /usr/bin/generate-keys   -private-key /mnt/matrix_key.pem   -tls-cert /mnt/server.crt   -tls-key /mnt/server.key
-        echo "[OK] Keys generated in $PWD"
-    # --- Start kontenerów ---
-    $DOCKER_COMPOSE up -d
-    # --- Konfiguracja Nginx + SSL/TLS ---
-    configure_nginx "$MATRIX_DOMAIN" "$PORT_HTTP"
-    echo "[OK] Dendrite server ($MATRIX_DOMAIN) is running."
-}
-install_synapse() {
-    echo "=== Installing Matrix Synapse ==="
-    common_prompts
-    INSTALL_DIR="$BASE_DIR/$MATRIX_DOMAIN"
-    mkdir -p "$INSTALL_DIR"
-    cd "$INSTALL_DIR" || exit 1
-    cat <<EOF > docker-compose.yml
-version: '3.4'
-services:
-  db:
-    image: postgres:15-alpine
-    environment:
-      POSTGRES_USER: synapse
-      POSTGRES_PASSWORD: $DB_PASS
-      POSTGRES_DB: synapse
-    volumes:
-      - ./db:/var/lib/postgresql/data
-  synapse:
-    image: matrixdotorg/synapse:latest
-    depends_on: [ db ]
-    environment:
-      SYNAPSE_SERVER_NAME: $MATRIX_DOMAIN
-      SYNAPSE_REPORT_STATS: "yes"
-      POSTGRES_PASSWORD: $DB_PASS
-    ports:
-      - $PORT_HTTP:8008
-      - $PORT_HTTPS:8448
-    volumes:
-      - ./data:/data
-EOF
-    $DOCKER_COMPOSE up -d
-    cat <<EOF > data/homeserver-extra.yaml
-turn_uris: [ "turn:$TURN_DOMAIN?transport=udp", "turn:$TURN_DOMAIN?transport=tcp" ]
-turn_shared_secret: "$TURN_SECRET"
-turn_user_lifetime: "5m"
-EOF
-    configure_nginx "$MATRIX_DOMAIN" "$PORT_HTTP"
-    echo "[OK] Synapse server ($MATRIX_DOMAIN) is running."
-}
-remove_server() {
-    DOMAIN="$1"
-    [ -z "$DOMAIN" ] && usage
-    SERVER_DIR="$BASE_DIR/$DOMAIN"
-    case "$DOMAIN" in
-        ""|"/"|".") echo "[ERROR] Refusing to delete dangerous path ($DOMAIN)"; exit 1 ;;
-    esac
-    if [ -d "$SERVER_DIR" ]; then
-        (cd "$SERVER_DIR" && $DOCKER_COMPOSE down -v) || true
-        rm -rf "$SERVER_DIR"
-    fi
-    rm -f "/etc/nginx/sites-available/$DOMAIN" "/etc/nginx/sites-enabled/$DOMAIN"
-    nginx -t && (systemctl reload nginx 2>/dev/null || nginx -s reload)
-    echo "[OK] Server $DOMAIN removed."
-}
-# --- CLI router ---
-CMD="${1:-}"
-case "$CMD" in
-    turn) install_turn ;;
-    dendrite) install_dendrite ;;
-    synapse) install_synapse ;;
-    list) list_servers ;;
-    remove) remove_server "${2:-}" ;;
-    *) usage ;;
-esac
author	Filip Wandzio <contact@philw.dev>	2025-10-01 22:21:25 +0200
committer	Filip Wandzio <contact@philw.dev>	2025-10-01 22:21:25 +0200
commit	37e65300245be45d4000797b3ada53c68022fc26 (patch)
tree	ae304da2869d2069b3359def36e36d29877fc7c8 /whiterabbit.sh
parent	34fbb07af8de311a4d316325bcf574341f6be5dd (diff)
download	whiterabbit-37e65300245be45d4000797b3ada53c68022fc26.tar.gz whiterabbit-37e65300245be45d4000797b3ada53c68022fc26.zip

diff --git a/whiterabbit.sh b/whiterabbit.sh deleted file mode 100755 index f8eb350..0000000 --- a/whiterabbit.sh +++ /dev/null
@@ -1,417 +0,0 @@
1	#!/bin/sh
2	set -eu
3
4	BASE_DIR="/opt/matrix"
5
6	# Detect docker compose binary
7	DOCKER_COMPOSE=$(command -v docker-compose \|\| command -v "docker" compose \|\| true)
8	if [ -z "$DOCKER_COMPOSE" ]; then
9	echo "[ERROR] docker-compose or docker compose not found" >&2
10	exit 1
11	fi
12
13	usage() {
14	cat <<'EOF'
15	whiterabbit: auto-configure Matrix homeservers (Dendrite or Synapse)
16	with a global Coturn instance and Nginx + Let's Encrypt proxy.
17
18	Main actions:
19	turn Install or configure the global Coturn server
20	dendrite Add a new Matrix server (Dendrite)
21	synapse Add a new Matrix server (Synapse)
22	list Show all configured Matrix servers
23	remove Remove a Matrix server by domain
24
25	Notes:
26	• Coturn should be installed only once using 'turn'.
27	• All Matrix servers share the same Coturn (TURN domain/secret).
28	• TLS certificates are issued automatically using Let's Encrypt.
29	• Requirements: docker, docker-compose, nginx, certbot, coturn.
30	EOF
31	exit 1
32	}
33
34	require_nonempty() {
35	VAR_NAME="$1"
36	VAR_VALUE="$2"
37	if [ -z "$VAR_VALUE" ]; then
38	echo "[ERROR] $VAR_NAME cannot be empty" >&2
39	exit 1
40	fi
41	}
42
43	list_servers() {
44	echo "=== Installed servers ==="
45	ls -1 "$BASE_DIR" 2>/dev/null \|\| echo "No servers installed"
46	}
47
48	install_turn() {
49	echo "=== Installing global Coturn ==="
50	printf "TURN domain (eg. turn.example.com): "
51	read -r TURN_DOMAIN
52	require_nonempty TURN_DOMAIN "$TURN_DOMAIN"
53
54	printf "TURN IP (eg. 127.0.0.1): "
55	read -r TURN_SERVER_IP
56	require_nonempty TURN_SERVER_IP "$TURN_SERVER_IP"
57
58	printf "Listening device (eg. eth0): "
59	read -r TURN_LISTENING_DEVICE
60	require_nonempty TURN_LISTENING_DEVICE "$TURN_LISTENING_DEVICE"
61
62	printf "TURN shared secret: "
63	read -r TURN_SECRET
64	require_nonempty TURN_SECRET "$TURN_SECRET"
65
66	mkdir -p /etc/turn
67	cat <<EOF > /etc/turn/turnserver.conf
68	listening-device=$TURN_LISTENING_DEVICE
69	listening-port=3478
70	tls-listening-port=5349
71	listening-ip=$TURN_SERVER_IP
72	min-port=49152
73	max-port=65535
74	use-auth-secret
75	static-auth-secret=$TURN_SECRET
76	realm=$TURN_DOMAIN
77	syslog
78	no-rfc5780
79	no-stun-backward-compatibility
80	response-origin-only-with-rfc5780
81	EOF
82
83	echo "$TURN_DOMAIN" > /etc/turn/domain
84	echo "$TURN_SECRET" > /etc/turn/secret
85
86	if command -v systemctl >/dev/null; then
87	systemctl enable --now coturn \|\| true
88	else
89	service coturn start \|\| true
90	fi
91
92	echo "[OK] Global Coturn configured ($TURN_DOMAIN)"
93	}
94
95	common_prompts() {
96	printf "Matrix domain (eg. matrix.example.com): "
97	read -r MATRIX_DOMAIN
98	require_nonempty MATRIX_DOMAIN "$MATRIX_DOMAIN"
99
100	printf "Let's Encrypt certificate email: "
101	read -r EMAIL
102	require_nonempty EMAIL "$EMAIL"
103
104	printf "Postgres secret: "
105	read -r DB_PASS
106	require_nonempty DB_PASS "$DB_PASS"
107
108	printf "registration_shared_secret: "
109	read -r REG_SECRET
110	require_nonempty REG_SECRET "$REG_SECRET"
111
112	printf "MATRIX server IP (eg. 127.0.0.1): "
113	read -r MATRIX_SERVER_IP
114	require_nonempty MATRIX_SERVER_IP "$MATRIX_SERVER_IP"
115
116	TURN_DOMAIN=$(cat /etc/turn/domain)
117	TURN_SECRET=$(cat /etc/turn/secret)
118
119	# Generate unique port numbers from hash of domain
120	HASH=$(printf "%s" "$MATRIX_DOMAIN" \| cksum \| cut -d ' ' -f1)
121	PORT_BASE=$(( (HASH % 1000) + 8000 ))
122	PORT_HTTP=$PORT_BASE
123	PORT_HTTPS=$((PORT_BASE+1))
124	}
125
126	configure_nginx() {
127	DOMAIN="$1"
128	SERVICE_PORT="$2"
129
130	mkdir -p /etc/nginx/sites-available
131	mkdir -p /etc/nginx/sites-enabled
132
133	cat <<EOF > "/etc/nginx/sites-available/$DOMAIN"
134	server {
135	listen 80;
136	server_name $DOMAIN;
137
138	location /.well-known/matrix/server {
139	default_type application/json;
140	return 200 '{ "m.server": "$DOMAIN:443" }';
141	}
142
143	location /.well-known/matrix/client {
144	default_type application/json;
145	return 200 '{
146	"m.homeserver": { "base_url": "https://$DOMAIN" },
147	"m.identity_server": { "base_url": "https://vector.im" }
148	}';
149	}
150
151	location / {
152	proxy_pass http://127.0.0.1:$SERVICE_PORT;
153	proxy_set_header Host \$host;
154	proxy_set_header X-Forwarded-For \$remote_addr;
155	}
156	}
157	EOF
158
159	ln -sf "/etc/nginx/sites-available/$DOMAIN" "/etc/nginx/sites-enabled/$DOMAIN"
160	nginx -t \|\| { echo "[ERROR] Invalid nginx config"; exit 1; }
161	if command -v systemctl >/dev/null; then
162	systemctl reload nginx
163	else
164	nginx -s reload
165	fi
166
167	if command -v certbot >/dev/null; then
168	certbot --nginx --non-interactive --agree-tos -m "$EMAIL" -d "$DOMAIN" \|\| {
169	echo "[WARN] Certbot failed for $DOMAIN"
170	}
171	else
172	echo "[WARN] Certbot not installed, skipping TLS setup"
173	fi
174
175	echo "[OK] Nginx and SSL certificate configured for $DOMAIN"
176	}
177
178
179	install_dendrite() {
180	echo "=== Installing Matrix Dendrite ==="
181	common_prompts
182
183	INSTALL_DIR="$BASE_DIR/$MATRIX_DOMAIN"
184	mkdir -p "$INSTALL_DIR/config"
185	cd "$INSTALL_DIR" \|\| exit 1
186
187	cat <<EOF > .env
188	POSTGRES_HOSTNAME=postgres
189	POSTGRES_VERSION=15-alpine
190	POSTGRES_USER=dendrite
191	POSTGRES_PASSWORD=$DB_PASS
192	POSTGRES_DB=dendrite
193
194	MONOLITH_HOSTNAME=monolith
195	MONOLITH_IMAGE=matrixdotorg/dendrite-monolith:latest
196	MONOLITH_PORT_HTTP=$PORT_HTTP
197	MONOLITH_PORT_HTTPS=$PORT_HTTPS
198	EOF
199
200	cat <<EOF > compose.yml
201	services:
202	postgres:
203	hostname: \${POSTGRES_HOSTNAME:-postgres}
204	image: postgres:\${POSTGRES_VERSION:-15-alpine}
205	restart: always
206	volumes:
207	- ./dendrite_postgres_data:/var/lib/postgresql/data
208	environment:
209	POSTGRES_PASSWORD: \${POSTGRES_PASSWORD:-$DB_PASS}
210	POSTGRES_USER: \${POSTGRES_USER:-dendrite}
211	POSTGRES_DB: \${POSTGRES_DB:-dendrite}
212	healthcheck:
213	test: ["CMD-SHELL", "pg_isready -U \${POSTGRES_USER:-dendrite}"]
214	interval: 5s
215	timeout: 5s
216	retries: 5
217	networks:
218	- internal
219
220	monolith:
221	hostname: \${MONOLITH_HOSTNAME:-monolith}
222	image: \${MONOLITH_IMAGE:-matrixdotorg/dendrite-monolith:latest}
223	ports:
224	- \${MONOLITH_PORT_HTTP:-8008}:8008
225	- \${MONOLITH_PORT_HTTPS:-8448}:8448
226	volumes:
227	- ./config:/etc/dendrite
228	- ./dendrite_media:/var/dendrite/media
229	- ./dendrite_jetstream:/var/dendrite/jetstream
230	- ./dendrite_search_index:/var/dendrite/searchindex
231	- ./:/mnt
232	depends_on:
233	postgres:
234	condition: service_healthy
235	networks:
236	- internal
237	restart: unless-stopped
238
239	networks:
240	internal:
241	attachable: true
242	volumes:
243	dendrite_postgres_data:
244	dendrite_media:
245	dendrite_jetstream:
246	dendrite_search_index:
247	EOF
248
249	# --- Plik konfiguracji Dendrite ---
250
251	cat <<EOF > config/dendrite.yaml
252	version: 2
253	global:
254	server_name: $MATRIX_DOMAIN
255	private_key: /mnt/matrix_key.pem
256	tls_cert: /mnt/server.crt
257	tls_key: /mnt/server.key
258	old_private_keys: []
259	key_validity_period: 168h0m0s
260	database:
261	connection_string: postgresql://dendrite:$DB_PASS@postgres/dendrite?sslmode=disable
262	max_open_conns: 90
263	max_idle_conns: 5
264	conn_max_lifetime: -1
265	well_known_server_name: "$MATRIX_DOMAIN:443"
266	well_known_client_name: "https://$MATRIX_DOMAIN"
267	cache:
268	max_size_estimated: 1gb
269	max_age: 1h
270	trusted_third_party_id_servers:
271	- matrix.org
272	- vector.im
273	disable_federation: false
274	report_stats:
275	enabled: false
276	client_api:
277	registration_disabled: true
278	registration_shared_secret: "$REG_SECRET"
279	turn:
280	turn_user_lifetime: "5m"
281	turn_uris:
282	- turn:$TURN_DOMAIN?transport=udp
283	- turn:$TURN_DOMAIN?transport=tcp
284	turn_shared_secret: "$TURN_SECRET"
285	federation_api:
286	send_max_retries: 16
287	disable_tls_validation: false
288	media_api:
289	base_path: ./media_store
290	max_file_size_bytes: 10485760
291	sync_api:
292	search:
293	enabled: false
294	index_path: "./searchindex"
295	user_api:
296	auto_join_rooms:
297	- "#main:$MATRIX_DOMAIN"
298	logging:
299	- type: std
300	level: info
301	- type: file
302	level: info
303	params:
304	path: ./logs
305	jetstream:
306	addresses: []
307	disable_tls_validation: false
308	storage_path: ./
309	topic_prefix: Dendrite
310	metrics:
311	enabled: false
312	basic_auth:
313	username: metrics
314	password: metrics
315	dns_cache:
316	enabled: false
317	cache_size: 256
318	cache_lifetime: "5m"
319	EOF
320
321	# Generate necessary project directory
322	$DOCKER_COMPOSE up -d
323
324	$DOCKER_COMPOSE down
325
326	# --- Generowanie kluczy Dendrite + TLS jeśli nie istnieją ---
327	echo "[INFO] Generating Dendrite keys..."
328
329	docker run --rm --entrypoint="" -v $(pwd):/mnt matrixdotorg/dendrite-monolith:latest /usr/bin/generate-keys -private-key /mnt/matrix_key.pem -tls-cert /mnt/server.crt -tls-key /mnt/server.key
330	echo "[OK] Keys generated in $PWD"
331
332	# --- Start kontenerów ---
333	$DOCKER_COMPOSE up -d
334
335	# --- Konfiguracja Nginx + SSL/TLS ---
336	configure_nginx "$MATRIX_DOMAIN" "$PORT_HTTP"
337
338	echo "[OK] Dendrite server ($MATRIX_DOMAIN) is running."
339	}
340
341	install_synapse() {
342	echo "=== Installing Matrix Synapse ==="
343	common_prompts
344
345	INSTALL_DIR="$BASE_DIR/$MATRIX_DOMAIN"
346	mkdir -p "$INSTALL_DIR"
347	cd "$INSTALL_DIR" \|\| exit 1
348
349	cat <<EOF > docker-compose.yml
350	version: '3.4'
351	services:
352	db:
353	image: postgres:15-alpine
354	environment:
355	POSTGRES_USER: synapse
356	POSTGRES_PASSWORD: $DB_PASS
357	POSTGRES_DB: synapse
358	volumes:
359	- ./db:/var/lib/postgresql/data
360
361	synapse:
362	image: matrixdotorg/synapse:latest
363	depends_on: [ db ]
364	environment:
365	SYNAPSE_SERVER_NAME: $MATRIX_DOMAIN
366	SYNAPSE_REPORT_STATS: "yes"
367	POSTGRES_PASSWORD: $DB_PASS
368	ports:
369	- $PORT_HTTP:8008
370	- $PORT_HTTPS:8448
371	volumes:
372	- ./data:/data
373	EOF
374
375	$DOCKER_COMPOSE up -d
376
377	cat <<EOF > data/homeserver-extra.yaml
378	turn_uris: [ "turn:$TURN_DOMAIN?transport=udp", "turn:$TURN_DOMAIN?transport=tcp" ]
379	turn_shared_secret: "$TURN_SECRET"
380	turn_user_lifetime: "5m"
381	EOF
382
383	configure_nginx "$MATRIX_DOMAIN" "$PORT_HTTP"
384
385	echo "[OK] Synapse server ($MATRIX_DOMAIN) is running."
386	}
387
388	remove_server() {
389	DOMAIN="$1"
390	[ -z "$DOMAIN" ] && usage
391
392	SERVER_DIR="$BASE_DIR/$DOMAIN"
393	case "$DOMAIN" in
394	""\|"/"\|".") echo "[ERROR] Refusing to delete dangerous path ($DOMAIN)"; exit 1 ;;
395	esac
396
397	if [ -d "$SERVER_DIR" ]; then
398	(cd "$SERVER_DIR" && $DOCKER_COMPOSE down -v) \|\| true
399	rm -rf "$SERVER_DIR"
400	fi
401
402	rm -f "/etc/nginx/sites-available/$DOMAIN" "/etc/nginx/sites-enabled/$DOMAIN"
403	nginx -t && (systemctl reload nginx 2>/dev/null \|\| nginx -s reload)
404	echo "[OK] Server $DOMAIN removed."
405	}
406
407	# --- CLI router ---
408	CMD="${1:-}"
409
410	case "$CMD" in
411	turn) install_turn ;;
412	dendrite) install_dendrite ;;
413	synapse) install_synapse ;;
414	list) list_servers ;;
415	remove) remove_server "${2:-}" ;;
416	*) usage ;;
417	esac