diff --git a/Cargo.toml b/Cargo.toml index 4b871996..0f07ebba 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,3 +77,26 @@ required-features = ["conduit_bin"] [lib] name = "conduit" path = "src/lib.rs" + +[package.metadata.deb] +name = "matrix-conduit" +maintainer = "Paul van Tilburg " +copyright = "2020, Timo Kösters " +license-file = ["LICENSE", "3"] +depends = "$auto, ca-certificates" +extended-description = """\ +A fast Matrix homeserver that is optimized for smaller, personal servers, \ +instead of a server that has high scalability.""" +section = "net" +priority = "optional" +assets = [ + ["debian/env.local", "etc/matrix-conduit/local", "644"], + ["debian/README.Debian", "usr/share/doc/matrix-conduit/", "644"], + ["README.md", "usr/share/doc/matrix-conduit/", "644"], + ["target/release/conduit", "usr/sbin/matrix-conduit", "755"], +] +conf-files = [ + "/etc/matrix-conduit/local" +] +maintainer-scripts = "debian/" +systemd-units = { unit-name = "matrix-conduit" } diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 00000000..69fb9757 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,29 @@ +Conduit for Debian +================== + +Configuration +------------- + +When installed, Debconf handles the configuration of the homeserver (host)name, +the address and port it listens on. These configuration variables end up in +/etc/matrix-conduit/debian. + +You can tweak more detailed settings by uncommenting and setting the variables +in /etc/matrix-conduit/local. This involves settings such as the maximum file +size for download/upload, enabling federation, etc. + +Running +------- + +The package uses the matrix-conduit.service systemd unit file to start and +stop Conduit. It loads the configuration files mentioned above to set up the +environment before running the server. + +This package assumes by default that Conduit is placed behind a reverse proxy +such as Apache or nginx. This default deployment entails just listening on +127.0.0.1 and the free port 14004 and is reachable via a client using the URL +http://localhost:14004. + +At a later stage this packaging may support also setting up TLS and running +stand-alone. In this case, however, you need to set up some certificates and +renewal, for it to work properly. diff --git a/debian/config b/debian/config new file mode 100644 index 00000000..8710ef97 --- /dev/null +++ b/debian/config @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +# Ask for the Matrix homeserver name, address and port. +db_input high matrix-conduit/hostname || true +db_go + +db_input low matrix-conduit/address || true +db_go + +db_input medium matrix-conduit/port || true +db_go + +exit 0 diff --git a/debian/env.local b/debian/env.local new file mode 100644 index 00000000..cd552de2 --- /dev/null +++ b/debian/env.local @@ -0,0 +1,33 @@ +# Conduit homeserver local configuration +# +# Conduit is an application based on the Rocket web framework. +# Configuration of Conduit happens via Debconf (see the resulting config in +# `/etc/matrix-conduit/debian`) and optionally by uncommenting and tweaking the +# variables in this file below. + +# The maximum size of a Matrix HTTP requests in bytes. +# +# This mostly affects the size of files that can be downloaded/uploaded. +# It defaults to 20971520 (20MB). +#ROCKET_MAX_REQUEST_SIZE=20971520 + +# Whether user registration is allowed. +# +# User registration is not disabled by default. +#ROCKET_REGISTRATION_DISABLED=false + +# Whether encryption is enabled. +# +# (End-to-end) encryption is not disabled by default. +#ROCKET_ENCRYPTION_DISABLED=false + +# Whether federation with other Matrix servers is enabled. +# +# Federation is not enabled by default; it is still experimental. +#ROCKET_FEDERATION_ENABLED=false + +# The log level of the homeserver. +# +# The log level is "critical" by default. +# Allowed values are: "off", "normal", "debug", "critical" +#ROCKET_LOG="critical" diff --git a/debian/matrix-conduit.service b/debian/matrix-conduit.service new file mode 100644 index 00000000..5ab79173 --- /dev/null +++ b/debian/matrix-conduit.service @@ -0,0 +1,49 @@ +[Unit] +Description=Conduit Matrix homeserver +After=network.target + +[Service] +User=_matrix-conduit +Group=_matrix-conduit +Type=simple + +AmbientCapabilities= +CapabilityBoundingSet= +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +PrivateDevices=yes +PrivateMounts=yes +PrivateTmp=yes +PrivateUsers=yes +RemoveIPC=yes +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM +StateDirectory=matrix-conduit + +Environment="ROCKET_ENV=production" +Environment="ROCKET_DATABASE_PATH=/var/lib/matrix-conduit" +EnvironmentFile=/etc/matrix-conduit/debian +EnvironmentFile=/etc/matrix-conduit/local + +ExecStart=/usr/sbin/matrix-conduit +Restart=on-failure +RestartSec=10 +StartLimitInterval=1m +StartLimitBurst=5 + +[Install] +WantedBy=multi-user.target diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 00000000..bd7fb85e --- /dev/null +++ b/debian/postinst @@ -0,0 +1,73 @@ +#!/bin/sh +set -e + +. /usr/share/debconf/confmodule + +CONDUIT_CONFIG_PATH=/etc/matrix-conduit +CONDUIT_CONFIG_FILE="$CONDUIT_CONFIG_PATH/debian" +CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit + +case "$1" in + configure) + # Create the `_matrix-conduit` user if it does not exist yet. + if ! getent passwd _matrix-conduit > /dev/null ; then + echo 'Adding system user for the Conduit Matrix homeserver' 1>&2 + adduser --system --group --quiet \ + --home $CONDUIT_DATABASE_PATH \ + --disabled-login \ + --force-badname \ + _matrix-conduit + fi + + # Create the database path if it does not exist yet. + if [ ! -d "$CONDUIT_DATABASE_PATH" ]; then + mkdir -p "$CONDUIT_DATABASE_PATH" + chown _matrix-conduit "$CONDUIT_DATABASE_PATH" + fi + + # Write the debconf values in the config. + db_get matrix-conduit/hostname + ROCKET_SERVER_NAME="$RET" + db_get matrix-conduit/address + ROCKET_ADDRESS="$RET" + db_get matrix-conduit/port + ROCKET_PORT="$RET" + cat >"$CONDUIT_CONFIG_FILE" << EOF +# Conduit homeserver Debian configuration +# +# Conduit is an application based on the Rocket web framework. +# Configuration of Conduit happens via Debconf (of which the resulting config +# is in this file) and optionally by uncommenting and tweaking the variables in +# /etc/matrix-conduit/local. + +# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN! +# +# Please make changes by running: +# +# \$ dpkg-reconfigure matrix-conduit +# +# or by providing overriding changes in /etc/matrix-conduit/local. + +# The server (host)name of the Matrix homeserver. +# +# This is the hostname the homeserver will be reachable at via a client. +ROCKET_SERVER_NAME="$ROCKET_SERVER_NAME" + +# The address the Matrix homeserver listens on. +# +# By default the server listens on address 0.0.0.0. Change this to 127.0.0.1 to +# only listen on the localhost when using a reverse proxy. +ROCKET_ADDRESS="$ROCKET_ADDRESS" + +# The port of the Matrix homeserver. +# +# This port is could be any available port if accessed by a reverse proxy. +# By default the server listens on port 8000. +ROCKET_PORT="$ROCKET_PORT" + +# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN! +EOF + ;; +esac + +#DEBHELPER# diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 00000000..04ca3254 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +CONDUIT_CONFIG_PATH=/etc/matrix-conduit +CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit + +case $1 in + purge) + # Per https://www.debian.org/doc/debian-policy/ch-files.html#behavior + # "configuration files must be preserved when the package is removed, and + # only deleted when the package is purged." + if [ -d "$CONDUIT_CONFIG_PATH" ]; then + rm -r "$CONDUIT_CONFIG_PATH" + fi + + if [ -d "$CONDUIT_DATABASE_PATH" ]; then + rm -r "$CONDUIT_DATABASE_PATH" + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/templates b/debian/templates new file mode 100644 index 00000000..a408f840 --- /dev/null +++ b/debian/templates @@ -0,0 +1,21 @@ +Template: matrix-conduit/hostname +Type: string +Default: localhost +Description: The server (host)name of the Matrix homeserver + This is the hostname the homeserver will be reachable at via a client. + . + If set to "localhost", you can connect with a client locally and clients + from other hosts and also other homeservers will not be able to reach you! + +Template: matrix-conduit/address +Type: string +Default: 127.0.0.1 +Description: The listen address of the Matrix homeserver + This is the address the homeserver will listen on. Leave it set to 127.0.0.1 + when using a reverse proxy. + +Template: matrix-conduit/port +Type: string +Default: 14004 +Description: The port of the Matrix homeserver + This port is most often just accessed by a reverse proxy. diff --git a/src/client_server/account.rs b/src/client_server/account.rs index 12c7f7e2..75544b78 100644 --- a/src/client_server/account.rs +++ b/src/client_server/account.rs @@ -584,16 +584,16 @@ pub async fn change_password_route( db.users.set_password(&sender_user, &body.new_password)?; - // TODO: Read logout_devices field when it's available and respect that, currently not supported in Ruma - // See: https://github.com/ruma/ruma/issues/107 - // Logout all devices except the current one - for id in db - .users - .all_device_ids(&sender_user) - .filter_map(|id| id.ok()) - .filter(|id| id != sender_device) - { - db.users.remove_device(&sender_user, &id)?; + if body.logout_devices { + // Logout all devices except the current one + for id in db + .users + .all_device_ids(&sender_user) + .filter_map(|id| id.ok()) + .filter(|id| id != sender_device) + { + db.users.remove_device(&sender_user, &id)?; + } } db.flush().await?; diff --git a/tests/Complement.Dockerfile b/tests/Complement.Dockerfile index 306105a7..0ef8f90c 100644 --- a/tests/Complement.Dockerfile +++ b/tests/Complement.Dockerfile @@ -9,7 +9,7 @@ ARG SCCACHE_ENDPOINT ARG SCCACHE_S3_USE_SSL COPY . . -RUN cargo build +RUN test -e target/release/cond_test || cargo build --release --offline FROM valkum/docker-rust-ci:latest WORKDIR /workdir