Commit ddc3bcfb authored by Lars Kruse's avatar Lars Kruse
Browse files

feat(deb): initial packaging of Matrix integration

parent 39086203
......@@ -21,12 +21,14 @@ grouprise/locale/*/LC_MESSAGES/django.mo
makefilet
.pybuild/
debian/debhelper-build-stamp
debian/element-web-installer/
debian/grouprise/
debian/grouprise-dependencies/
debian/grouprise-doc/
debian/grouprise-db-postgresql/
debian/grouprise-db-sqlite/
debian/grouprise-lmtpd/
debian/grouprise-matrix/
debian/stadtgestalten/
debian/*.debhelper
debian/tmp
......
......@@ -153,6 +153,24 @@ Description: Web platform that enables social action and solidarity
pre-packaged python virtual environment (venv) for running the
grouprise application.
Package: grouprise-matrix
Architecture: all
Depends:
element-web-installer,
jq,
matrix-synapse,
moreutils,
# the package shipped in Buster does not support Django 2.0 or newer
python3-django-cas-server (>= 1.2),
# this package is not shipped in buster or buster-backports ("bullseye" is necessary)
python3-matrix-nio,
Description: Matrix integration for grouprise platform
Grouprise is a web-based platform providing tools for groups and
initiatives in a local context.
.
This package contains necessary services and files for configuring
a Matrix server to be used as a chat manager for grouprise.
Package: element-web-installer
Architecture: all
Depends:
......
# The following settings connect the matrix server to the grouprise instance.
# Most likely these settings do not require changes by local admins.
enable_registration: false
#cas_config:
# enabled: true
# server_url: "https://example.org/cas"
# service_url: "https://example.org:8448"
#
#sso:
# client_whitelist:
# - "https://example.org/stadt/chat/"
password_config:
enabled: false
password_providers:
- module: "grouprise.auth.matrix_synapse_auth_grouprise.GroupriseAuthProvider"
config:
enabled: true
settings_filename: /etc/grouprise/settings.py
# The following settings provide usable defaults for a matrix-synapse setup.
# These settings are not related to grouprise and may be adjusted by the local administrator.
listeners:
- port: 8008
tls: false
bind_addresses:
- '::'
- '0.0.0.0'
type: http
x_forwarded: true
resources:
# openid is required for matrix-dimension
- names: [client]
compress: true
- names: [federation]
compress: false
# the server is accessed via an SSL terminating proxy
no_tls: True
database:
name: psycopg2
args:
user: grouprise_matrix
password: secret_db_password
database: grouprise_matrix
host: localhost
cp_min: 5
cp_max: 10
# allow browsing the list of public rooms (e.g. via the element web interface)
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
enable_group_creation: true
# keep in sync with "client_max_body_size" in nginx site configuration
max_upload_size: "10M"
url_preview_enabled: true
url_preview_ip_range_blacklist: []
url_preview_ip_range_whitelist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
url_preview_accept_language:
- en
trusted_third_party_id_servers: []
location /stadt/chat/ {
alias /var/lib/element-web-installer/htdocs/;
}
server {
server_name example.org;
# for SSL: add "ssl http2"
listen 8448;
# for SSL: enable the certificate/key files
# for certbot: use "/etc/letsencrypt/live/" instead of "/var/lib/dehydrated/certs/"
#ssl_certificate /var/lib/dehydrated/certs/example.org/fullchain.pem;
#ssl_certificate_key /var/lib/dehydrated/certs/example.org/privkey.pem;
include snippets/grouprise-matrix.conf;
}
# matrix federation
location /_matrix {
proxy_pass http://localhost:8008;
include proxy_params;
client_max_body_size 10M;
}
#!/usr/bin/dh-exec
debian/grouprise-matrix.d/matrix-site.yaml => /etc/matrix-synapse/conf.d/grouprise-matrix-site.yaml
debian/grouprise-matrix.d/matrix-authentication.yaml => /etc/matrix-synapse/conf.d/grouprise-matrix-authentication.yaml
debian/grouprise-matrix.d/nginx-element.conf => /etc/nginx/snippets/grouprise-element.conf
debian/grouprise-matrix.d/nginx-matrix-site => /etc/nginx/sites-available/grouprise-matrix
debian/grouprise-matrix.d/nginx-matrix.conf => /etc/nginx/snippets/grouprise-matrix.conf
#!/bin/sh
set -e
GROUPRISE_CONFIG_FILE=/etc/grouprise/settings.py
ELEMENT_CONFIG_FILE=/etc/element-web/config.json
. /usr/share/debconf/confmodule
db_version 2.1
# debconf does not work with "set -u", thus we enable it after loading debconf
set -eu
ask_debconf_question() {
local question="$1"
local priority="$2"
local default_value="${3:-}"
local RET
if [ -n "$default_value" ] && ( ! db_get "$question" || [ -z "$RET" ] ); then
# the value is not configured via debconf, yet
db_set "$question" "$default_value"
fi
db_input "$priority" "$question" || true
# shellcheck disable=SC2119
db_go || true
db_get "$question" || true
printf '%s' "$RET"
}
configure_grouprise_matrix() {
local grouprise_domain webserver_type
grouprise_domain=$(ask_debconf_question "grouprise/domain" "high")
webserver_type=$(ask_debconf_question "grouprise/configure-webserver" "high")
case "$webserver_type" in
nginx)
for filename in grouprise-matrix.conf grouprise-element.conf; do
if ! grep -q "include snippets/$filename" /etc/nginx/sites-available/grouprise; then
sed -i "s|\(include snippets/grouprise.conf;\)|\1\n include snippets/$filename;|" \
/etc/nginx/sites-available/grouprise
fi
done
sed -i "s|server_name .*$|server_name $grouprise_domain;|g" /etc/nginx/sites-available/grouprise-matrix
sed -i "s|example\.org|$grouprise_domain|g" /etc/nginx/sites-available/grouprise-matrix
if [ ! -e "/etc/nginx/sites-enabled/grouprise-matrix" ]; then
mkdir -p /etc/nginx/sites-enabled/
ln -s ../sites-available/grouprise-matrix /etc/nginx/sites-enabled/
if [ -x /usr/sbin/nginx ]; then
service nginx reload || true
fi
fi
;;
none)
;;
*)
echo >&2 "Ignoring unknown webserver type for grouprise: $webserver_type"
;;
esac
sed -i "s|example\.org|$grouprise_domain|g" /etc/matrix-synapse/conf.d/grouprise-matrix-authentication.yaml
}
reconfigure_element() {
local arg="$1"
jq "$arg" <"$ELEMENT_CONFIG_FILE" | sponge "$ELEMENT_CONFIG_FILE"
}
configure_grouprise_element() {
# Probably this only works in the second run of this script, since the config file will be
# available only after element-web-installer finished its configuration.
if [ -e "$ELEMENT_CONFIG_FILE" ]; then
reconfigure_element '.brand |= "Grouprise Chat"'
reconfigure_element '.branding.welcomeBackgroundUrl = "/stadt/logos/square"'
reconfigure_element '.branding.authHeaderLogoUrl = "/stadt/logos/text"'
# bug reporting would require a "ragshake" server
reconfigure_element 'del (.bug_report_endpoint_url)'
reconfigure_element '.terms_and_conditions_links |= [{"url": "/stadt/privacy", "text": "Datenschutzhinweise"}]'
# reduce configurability and options
reconfigure_element '.disable_custom_urls = true'
reconfigure_element '.disable_guests = true'
reconfigure_element '.disable_login_language_selector = true'
reconfigure_element '.disable_3pid_login = true'
# disable various features, which are not usable due to our external account management
reconfigure_element '.settingDefaults["UIFeature.feedback"] = false'
reconfigure_element '.settingDefaults["UIFeature.identityServer"] = false'
reconfigure_element '.settingDefaults["UIFeature.thirdPartyId"] = false'
reconfigure_element '.settingDefaults["UIFeature.registration"] = false'
reconfigure_element '.settingDefaults["UIFeature.passwordReset"] = false'
reconfigure_element '.settingDefaults["UIFeature.deactivate"] = false'
# show "login" instead of "welcome" (hiding the registration button)
reconfigure_element '.embeddedPages = {"loginForWelcome": true}'
fi
}
configure_grouprise() {
# the file may not be empty, otherwise "sed '$afoo'" would not do anything (lacking a line)
[ -s "$GROUPRISE_CONFIG_FILE" ] || echo "$GROUPRISE_CONFIG_FILE"
if ! grep -q "cas_server" "$GROUPRISE_CONFIG_FILE"; then
# shellcheck disable=SC2016
sed -i '$aINSTALLED_APPS.extend(["cas_server", "grouprise.features.matrix_chat"])' "$GROUPRISE_CONFIG_FILE"
fi
if ! grep -q "MATRIX_CHAT" "$GROUPRISE_CONFIG_FILE"; then
# shellcheck disable=SC2016
sed -i '$aGROUPRISE["MATRIX_CHAT"] = {"ENABLED": True}' "$GROUPRISE_CONFIG_FILE"
fi
}
if [ "$1" = "configure" ]; then
configure_grouprise_matrix
configure_grouprise_element
configure_grouprise
grouprisectl matrix_chat_authentication add grouprise-matrix
fi
set +eu
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
#!/bin/sh
set -eu
if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
grouprisectl grouprisectl matrix_chat_authentication remove grouprise-matrix || true
fi
set +eu
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment