From 5373863a3e780469a3b6224d7364ab477e6c0b37 Mon Sep 17 00:00:00 2001
From: Tobias Reisinger <tobias@msrg.cc>
Date: Mon, 1 Aug 2022 23:42:11 +0200
Subject: [PATCH] Add synapse and tt-rss; Fix gitea, grafana and webdis

---
 gitea/.env                                 | 23 +++++++
 gitea/docker-compose.yml                   |  2 +-
 {grafana => monitoring}/.env               |  0
 {grafana => monitoring}/docker-compose.yml |  5 +-
 synapse/data/.gitignore                    |  2 +
 synapse/data/homeserver.yaml               | 74 ++++++++++++++++++++++
 synapse/data/msrg.cc.log.config            | 22 +++++++
 synapse/docker-compose.yml                 | 24 +++++++
 tt-rss/.env                                | 17 +++++
 tt-rss/docker-compose.yml                  | 35 ++++++++++
 webdis/docker-compose.yml                  |  2 +-
 webdis/{webis.json => webdis.json}         |  0
 12 files changed, 201 insertions(+), 5 deletions(-)
 rename {grafana => monitoring}/.env (100%)
 rename {grafana => monitoring}/docker-compose.yml (78%)
 create mode 100644 synapse/data/.gitignore
 create mode 100644 synapse/data/homeserver.yaml
 create mode 100644 synapse/data/msrg.cc.log.config
 create mode 100644 synapse/docker-compose.yml
 create mode 100644 tt-rss/.env
 create mode 100644 tt-rss/docker-compose.yml
 rename webdis/{webis.json => webdis.json} (100%)

diff --git a/gitea/.env b/gitea/.env
index 307127e..a117b48 100644
--- a/gitea/.env
+++ b/gitea/.env
@@ -4,12 +4,16 @@ GITEA__database__NAME="gitea"
 GITEA__database__USER="gitea"
 GITEA__database__PASSWD=""
 GITEA__database__SSL_MODE="verify-full"
+
 GITEA__repository__ENABLE_PUSH_CREATE_USER="true"
 GITEA__repository__ENABLE_PUSH_CREATE_ORG="true"
 GITEA__repository__DEFAULT_BRANCH="main"
+
 GITEA__cors__ENABLED="true"
 GITEA__cors__SCHEME="https"
+
 GITEA__ui__DEFAULT_THEME="arc-green"
+
 GITEA__server__DOMAIN="git.serguzim.me"
 GITEA__server__SSH_DOMAIN="git.serguzim.me"
 GITEA__server__SSH_PORT="22"
@@ -17,22 +21,41 @@ GITEA__server__ROOT_URL="https://git.serguzim.me/"
 GITEA__server__OFFLINE_MODE="true"
 GITEA__server__LFS_JWT_SECRET=""
 GITEA__server__LFS_START_SERVER="true"
+
 GITEA__security__INSTALL_LOCK="true"
 GITEA__security__INTERNAL_TOKEN=""
 GITEA__security__SECRET_KEY=""
+
 GITEA__openid__ENABLE_OPENID_SIGNUP="true"
 GITEA__openid__ENABLE_OPENID_SIGNIN="false"
+
 GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION="true"
 GITEA__service__ENABLE_BASIC_AUTHENTICATION="false"
 GITEA__service__NO_REPLY_ADDRESS="discard.msrg.cc"
+
 GITEA__webhook__DELIVER_TIMEOUT="60"
+
 GITEA__mailer__ENABLED="true"
 GITEA__mailer__HOST="mail.serguzim.me:587"
 GITEA__mailer__FROM="Gitea <git@serguzim.me>"
 GITEA__mailer__USER="git@serguzim.me"
 GITEA__mailer__PASSWD=""
 GITEA__mailer__SEND_AS_PLAIN_TEXT="true"
+
 GITEA__picture__DISABLE_GRAVATAR="true"
+
 GITEA__oauth2__JWT_SECRET=""
+
 GITEA__metrics__ENABLED="true"
 GITEA__metrics__TOKEN=""
+
+GITEA__storage__STORAGE_TYPE="minio"
+GITEA__storage__MINIO_ENDPOINT="sos-de-fra-1.exo.io"
+GITEA__storage__MINIO_ACCESS_KEY_ID=""
+GITEA__storage__MINIO_SECRET_ACCESS_KEY=""
+GITEA__storage__MINIO_BUCKET="git.serguzim.me"
+GITEA__storage__MINIO_LOCATION="de-fra-1"
+GITEA__storage__MINIO_USE_SSL="true"
+
+GITEA__OTHER__SHOW_FOOTER_BRANDING="true"
+GITEA__OTHER__SHOW_FOOTER_TEMPLATE_LOAD_TIME="false"
diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml
index f46bdfa..5ae4aea 100644
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3"
 
 services:
   server:
-    image: gitea/gitea:1.16
+    image: gitea/gitea:1.17
     container_name: gitea
     env_file:
     - .env
diff --git a/grafana/.env b/monitoring/.env
similarity index 100%
rename from grafana/.env
rename to monitoring/.env
diff --git a/grafana/docker-compose.yml b/monitoring/docker-compose.yml
similarity index 78%
rename from grafana/docker-compose.yml
rename to monitoring/docker-compose.yml
index a06b630..1d6e177 100644
--- a/grafana/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@@ -8,10 +8,9 @@ services:
       - .env
       - .secret.env
     volumes:
-      - data:/var/lib/grafana/
+      - grafana-data:/var/lib/grafana/
     user: "104"
     ports:
       - 3001:3000/tcp
-
 volumes:
-  data:
+  grafana-data:
diff --git a/synapse/data/.gitignore b/synapse/data/.gitignore
new file mode 100644
index 0000000..9e4812d
--- /dev/null
+++ b/synapse/data/.gitignore
@@ -0,0 +1,2 @@
+/secrets.yaml
+msrg.cc.signing.key
diff --git a/synapse/data/homeserver.yaml b/synapse/data/homeserver.yaml
new file mode 100644
index 0000000..740b89a
--- /dev/null
+++ b/synapse/data/homeserver.yaml
@@ -0,0 +1,74 @@
+# https://matrix-org.github.io/synapse/latest/usage/configuration/index.html
+
+server_name: "msrg.cc"
+pid_file: /data/homeserver.pid
+public_baseurl: https://matrix.msrg.cc/
+allow_public_rooms_without_auth: true
+allow_public_rooms_over_federation: true
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names:
+        - client
+        - federation
+        - metrics
+        compress: false
+
+admin_contact: "mailto:tobias@msrg.cc"
+
+acme:
+    enabled: false
+
+database:
+ name: "psycopg2"
+ args:
+   user: "synapse"
+   #password: ""
+   database: "synapse"
+   host: "node002.serguzim.me"
+   cp_min: 5
+   cp_max: 10
+
+log_config: "/data/msrg.cc.log.config"
+media_store_path: "/media_store"
+max_upload_size: 500M
+enable_registration: false
+enable_metrics: true
+report_stats: true
+
+#macaroon_secret_key: ""
+#form_secret: ""
+signing_key_path: "/data/msrg.cc.signing.key"
+
+trusted_key_servers:
+  - server_name: "matrix.org"
+suppress_key_server_warning: true
+
+oidc_providers:
+  - idp_id: "auth_serguzim_me"
+    idp_name: "auth.serguzim.me"
+    issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
+    #client_id: ""
+    #client_secret: ""
+    scopes:
+      - "openid"
+      - "profile"
+      - "email"
+    user_mapping_provider:
+      config:
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.name }}"
+
+email:
+  smtp_host: mail.serguzim.me
+  smtp_port: 587
+  smtp_user: "matrix@serguzim.me"
+  #smtp_pass: ""
+  require_transport_security: true
+  notif_from: "Matrix <matrix@serguzim.me>"
+
+# vim:ft=yaml
diff --git a/synapse/data/msrg.cc.log.config b/synapse/data/msrg.cc.log.config
new file mode 100644
index 0000000..03a08cb
--- /dev/null
+++ b/synapse/data/msrg.cc.log.config
@@ -0,0 +1,22 @@
+version: 1
+
+formatters:
+  precise:
+   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+loggers:
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+
+root:
+    level: INFO
+    handlers: [console]
+
+disable_existing_loggers: false
\ No newline at end of file
diff --git a/synapse/docker-compose.yml b/synapse/docker-compose.yml
new file mode 100644
index 0000000..da02808
--- /dev/null
+++ b/synapse/docker-compose.yml
@@ -0,0 +1,24 @@
+version: '3'
+
+services:
+
+  synapse:
+    image: docker.io/matrixdotorg/synapse:latest
+    restart: always
+    environment:
+      - SYNAPSE_CONFIG_PATH=/data/
+    volumes:
+      - ./data:/data
+      - media_store:/media_store
+    ports:
+      - 8008:8008/tcp
+
+  synapse-admin:
+    image: awesometechnologies/synapse-admin:latest
+    restart: always
+    ports:
+      - "8009:80"
+    restart: always
+
+volumes:
+  media_store:
diff --git a/tt-rss/.env b/tt-rss/.env
new file mode 100644
index 0000000..5762018
--- /dev/null
+++ b/tt-rss/.env
@@ -0,0 +1,17 @@
+TTRSS_DB_USER=tinytinyrss
+TTRSS_DB_NAME=tinytinyrss
+TTRSS_DB_PASS=
+TTRSS_DB_TYPE=pgsql
+TTRSS_DB_HOST=db.serguzim.me
+
+TTRSS_SELF_URL_PATH=https://rss.serguzim.me/tt-rss/
+
+# You can customize other config.php defines by setting overrides here.
+# See app/Dockerfile for complete list. Examples:
+# TTRSS_PLUGINS=auth_remote
+# TTRSS_SINGLE_USER_MODE=true
+# TTRSS_SESSION_COOKIE_LIFETIME=2592000
+# TTRSS_FORCE_ARTICLE_PURGE=30
+# etc, etc.
+
+HTTP_PORT=8280
diff --git a/tt-rss/docker-compose.yml b/tt-rss/docker-compose.yml
new file mode 100644
index 0000000..5cd6779
--- /dev/null
+++ b/tt-rss/docker-compose.yml
@@ -0,0 +1,35 @@
+version: '3'
+
+services:
+  app:
+    image: cthulhoo/ttrss-fpm-pgsql-static
+    restart: always
+    env_file:
+      - .env
+      - .secret.env
+    volumes:
+      - app:/var/www/html
+
+  updater:
+    image: cthulhoo/ttrss-fpm-pgsql-static
+    restart: always
+    env_file:
+      - .env
+    volumes:
+      - app:/var/www/html
+    depends_on:
+      - app
+    command: /opt/tt-rss/updater.sh
+
+  web-nginx:
+    image: cthulhoo/ttrss-web-nginx
+    restart: always
+    ports:
+      - ${HTTP_PORT}:80
+    volumes:
+      - app:/var/www/html:ro
+    depends_on:
+      - app
+
+volumes:
+  app:
diff --git a/webdis/docker-compose.yml b/webdis/docker-compose.yml
index bac78d5..b2f02a5 100644
--- a/webdis/docker-compose.yml
+++ b/webdis/docker-compose.yml
@@ -4,7 +4,7 @@ services:
     restart: always
     command: /usr/local/bin/webdis /config/webdis.json
     volumes:
-      - ./:/config
+      - ./webdis.json:/config/webdis.json
     networks:
       - shared
     depends_on:
diff --git a/webdis/webis.json b/webdis/webdis.json
similarity index 100%
rename from webdis/webis.json
rename to webdis/webdis.json