Failed experiment for local development

docker/README.md

@@ -20,3 +20,13 @@ Add synapse in /etc/hosts as localhost alias.
 
 ## Inspect containter
 `docker exec -t -i synapse /bin/bash`
+
+## Setup using Docker Compose
+docker-compose run --rm synapse generate
+
+https://github.com/matrix-org/synapse/blob/master/docs/openid.md
+
+504 Error 
+https://okupamicoche-keycloak:8443/auth/realms/okupamicoche/.well-known/openid-configuration
+
+/usr/local/share/ca-certificates

docker/cert/ca.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy
+b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC
+Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj
+2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v
+wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5
+Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY
+J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb
+UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0
+HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV
+HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa
+MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4
+xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks
+Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9
+ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6
+5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA
+BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT
+-----END CERTIFICATE-----

docker/cert/create_dev_cert.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+rm *.jks 2> /dev/null
+rm *.pem 2> /dev/null
+
+echo "===================================================="
+echo "Creating fake third-party chain root -> ca"
+echo "===================================================="
+
+# generate private keys (for root and ca)
+
+keytool -genkeypair -alias root -dname cn=root -validity 10000 -keyalg RSA -keysize 2048 -ext bc:c -keystore root.jks -keypass password -storepass password
+keytool -genkeypair -alias ca -dname cn=ca -validity 10000 -keyalg RSA -keysize 2048 -ext bc:c -keystore ca.jks -keypass password -storepass password
+
+# generate root certificate
+
+keytool -exportcert -rfc -keystore root.jks -alias root -storepass password > root.pem
+
+# generate a certificate for ca signed by root (root -> ca)
+
+keytool -keystore ca.jks -storepass password -certreq -alias ca \
+| keytool -keystore root.jks -storepass password -gencert -alias root -ext bc=0 -ext san=dns:ca -rfc > ca.pem
+
+# import ca cert chain into ca.jks
+
+keytool -keystore ca.jks -storepass password -importcert -trustcacerts -noprompt -alias root -file root.pem
+keytool -keystore ca.jks -storepass password -importcert -alias ca -file ca.pem
+
+echo  "===================================================================="
+echo  "Fake third-party chain generated. Now generating my-keystore.jks ..."
+echo  "===================================================================="
+
+# generate private keys (for server)
+
+keytool -genkeypair -alias keycloak -dname cn=keycloak -validity 10000 -keyalg RSA -keysize 2048 -keystore keycloak-keystore.jks -keypass password -storepass password
+keytool -genkeypair -alias synapse -dname cn=synapse -validity 10000 -keyalg RSA -keysize 2048 -keystore synapse-keystore.jks -keypass password -storepass password
+
+# generate a certificate for server signed by ca (root -> ca -> server)
+
+keytool -keystore keycloak-keystore.jks -storepass password -certreq -alias keycloak \
+| keytool -keystore ca.jks -storepass password -gencert -alias ca -ext ku:c=dig,keyEnc -ext san=dns:okupamicoche-keycloak -ext eku=sa,ca -rfc > keycloak.pem
+
+keytool -keystore synapse-keystore.jks -storepass password -certreq -alias synapse \
+| keytool -keystore ca.jks -storepass password -gencert -alias ca -ext ku:c=dig,keyEnc -ext san=dns:okupamicoche-synapse -ext eku=sa,ca -rfc > synapse.pem
+
+
+echo "================================================="
+echo "Keystore generated. Now generating truststore ..."
+echo "================================================="
+
+# import server cert chain into my-truststore.jks
+
+keytool -keystore my-truststore.jks -storepass password -importcert -trustcacerts -noprompt -alias root -file root.pem
+keytool -keystore my-truststore.jks -storepass password -importcert -alias ca -file ca.pem
+keytool -keystore my-truststore.jks -storepass password -importcert -alias keycloak -file keycloak.pem
+keytool -keystore my-truststore.jks -storepass password -importcert -alias synapse -file synapse.pem
+
+# Create keycloak.crt and keycloak.key file
+keytool -export -alias keycloak -file keycloak.der -keystore keycloak-keystore.jks -keypass password -storepass password
+keytool -importkeystore -srckeystore keycloak-keystore.jks -destkeystore keycloak.p12 -deststoretype PKCS12 -srcstorepass password -deststorepass password
+openssl pkcs12 -in keycloak.p12  -nodes -nocerts -out keycloak.key
+
+# Create synapse.key file
+keytool -importkeystore -srckeystore synapse-keystore.jks -destkeystore synapse.p12 -deststoretype PKCS12 -srcstorepass password -deststorepass password
+openssl pkcs12 -in synapse.p12  -nodes -nocerts -out synapse.key

docker/cert/keycloak.key

@@ -0,0 +1,32 @@
+Bag Attributes
+    friendlyName: keycloak
+    localKeyID: 54 69 6D 65 20 31 36 31 39 31 31 30 39 34 33 35 33 33 
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+Jc0fg4GM0ZT
+0vQmmDdr5aqmLJcXEuibyl75BMTSlXKOAAw5IGdNoElTCEWRiMIio/aG9NY9Rglf
+0rShNt8+nhCF5WI1i8NnWzP+dpQBeV5NiGBK4+pPPBJniTx/7FAdYrUQIvcmaQjV
+zMncsSM0qvJYgthu+zKgbUeZspwhkgrNQq+uCoL1IgSprTCVm0L4BKLXomq/WQIO
+0ZNzaBw2Z651ABJ8OptiI8upd5zUZZdJWJ7OHAE7SauzU0Ro3zzXSHc9FENaSEJ1
+mKMKO8sLoCq1lGN0d/ubcKK3qTMnnSrbsI4Y23AJVVoW604kKIyM1yyM+HwcPVy6
+7IjlD9KdAgMBAAECggEAeci1fAhYR93LbUHHqUyGAQm8iBp5hTUdIP+MUNBIHB0j
+XGQcBVldxZjgfLMSF3sH61wBdkn+aGlNOOuR47WLCpq39mZDdtsb0uG0c3BseKj6
+tE6Tv5dPErlX8AvNliYkxDM9ioZOQtC7rurnlG7rT0TCdLTYSgj9wfv0Pq8PIeQv
+LwtnOjZsG1p6LYEMPCWyNHolbV0saRf5ZEowvE7EPoGrFucOcxWYgnIC8Qa83ODD
+02vBSI/MMXEn/HdcwwyRDALTd8pGvIsheIHnaKtZxG0KBRuXrJ2OzLaDfYFk9QEg
+fH+iB3lcX1+tftD0Q68m4+Uti+GpJTwpj9xE4/yH4QKBgQDOAS6B+aKlLY15tJAE
+UFVrMj/n5qRjoYXMK8MUi0qOi4Ytzs63u8MR/owuZ7KstUpEGmgkSTJUCWy6C5gn
+iOW80wFheWMG9ZqUYFEx79a1Yna46SIEpowM+gunEqW0NIUHeuiOsgkZn3slnaxA
+lNT5s81nZvWHZRmnc9xy7pT0xQKBgQCxqzXCQMJS09qIZhHAQblIfDA4iwCUGZAn
+wcsfI9e4CxJ4m5SnJTTpe8G9680xXpR2tVhl2FrarNxWMMZUGWxqBn0Ug6dDmSwX
+SpBZ5q/bpbphRoRQvlVjkhX0prX+lB9yFcyH0qnDchoW/CPgnKaYndE+eBPMnjSO
+n8ZuM2iz+QKBgAC96Fj3eSp3G4dQqyQY1fXo3GoNXpItRroRfkZYqhARWI5ZrEzl
+FDLAY+jW3sHYdUgBgFaBHPlIf2e8GvQpfgpMCDk9oqmnwMLABgrT/kXw8NSBomm5
+3888J0aWvpoDhmccfjHlWjsJY/wisTgaURoFF7xDlqbCKnF77VNMoKSxAoGBAIef
+JONKocuuMlQKbiRvRytguUKAQQnMVbEzioUTzDiOIyRzxs6sZS6RrLv4QuMbyoKv
+PXJI7FmeuHcGtm4+Ffb9Sv+c29KLGxAQeA5YPQeTA6n7tUcZc38VZbMiiyxxD2v7
+3ewUUEiEUgwXnp93lOhNGAvyh1KbtYzlxAgdMCCpAoGABEqs4vSc2vmaUKf6uek6
+M1r3Qv6/NW3IBTY/eSaihszTxG3uVaZUK8iiORd3ELFiMWZKDk3kCW8PcmFIu96k
+VNoaawwZY7+AQzTg7pN2uF8CqQaMNjAi9MxcJK6cdXj9T4uP8yxahlt6TveoMGRd
+Y3uBGHr9qoVnbFnvr71DF0s=
+-----END PRIVATE KEY-----

docker/cert/keycloak.pem

@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAhugAwIBAgIEJ7Mx8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj
+YTAeFw0yMTA0MjIxNjI1MjlaFw0yMTA3MjExNjI1MjlaMBMxETAPBgNVBAMTCGtl
+eWNsb2FrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjviXNH4OBjNG
+U9L0Jpg3a+WqpiyXFxLom8pe+QTE0pVyjgAMOSBnTaBJUwhFkYjCIqP2hvTWPUYJ
+X9K0oTbfPp4QheViNYvDZ1sz/naUAXleTYhgSuPqTzwSZ4k8f+xQHWK1ECL3JmkI
+1czJ3LEjNKryWILYbvsyoG1HmbKcIZIKzUKvrgqC9SIEqa0wlZtC+ASi16Jqv1kC
+DtGTc2gcNmeudQASfDqbYiPLqXec1GWXSViezhwBO0mrs1NEaN8810h3PRRDWkhC
+dZijCjvLC6AqtZRjdHf7m3Cit6kzJ50q27COGNtwCVVaFutOJCiMjNcsjPh8HD1c
+uuyI5Q/SnQIDAQABo4GUMIGRMB0GA1UdDgQWBBTNiaKtvdBOTQo+6N/SrVQ3lPA/
+vzAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0RBBkwF4IVb2t1cGFtaWNvY2hlLWtleWNs
+b2FrMB8GA1UdIwQYMBaAFAPs8gs/h4KDpMOESTBnAuI0Bv2DMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAMBi43gTMU/Sp
+No++b4CQt5HlMXw3tKScKEUvMB6iFm7L25tkDHB/Kq+UG57GMAsOloTqq41a+u7x
+RGXGkOZxM12X7RTntU+6bheDkftuLD44eaAsfBhV+ZL7tU1gyx+qQ6xqgRWwilji
++hR/ycrjDSoozkJknIpNBM2puUc4ahAKo68rPufGrrnWSCs/EDre2peAnhi3qqVI
+6wqVJp3gdY5F4q96pDVdY5DBkOqdOFdE/Sp12Ybkt9EID0CyZFBF7eefVbS7IVpu
+aSfHe8z9GjJz1Yh/iHX8ERsSDt+YnaXk4J/Si0G5xVzd/ApPc7XpEwKXU9CcQdkg
+WxsaAmyUfg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy
+b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC
+Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj
+2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v
+wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5
+Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY
+J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb
+UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0
+HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV
+HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa
+MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4
+xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks
+Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9
+ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6
+5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA
+BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT
+-----END CERTIFICATE-----

docker/cert/root.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAgIEe23PhzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy
+b290MB4XDTIxMDQyMjE2MjUxN1oXDTQ4MDkwNzE2MjUxN1owDzENMAsGA1UEAxME
+cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJQVKfh+JUYHcrfn
++LJb04FBxnAVaHzbJmEgRtZhSPyF45JtjEsepj7R6IDnd2hymyISh8JPO2W35kwE
+7wRTMOiqim/BoInS7iRbc7GZaSXFyF/tCWdaYE4mQVDkttMZIlZxVoqGI9/JupSW
+Shk8rX3h3Eg4RHK0Jxjygo5UtzdWM3LpQkdioXZ+ixBS9f1RP+wZEyuWGJvM6kUq
+599ntFOUN0RZ4ZCq1MxfFGzGhtyPMBCPAA7IVdlhQXz+2dkkttcuGDXDCEh3KvT/
+FjkwCahTJmCBEO0gVFI+3TkBrbmQbD0mpEYP2ba2wBn8avajF1L/HjS5mHvfbQIr
+jyiM8JECAwEAAaMyMDAwHQYDVR0OBBYEFORJiEeDfjQaMvoMZkmv3bWw8/8NMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFyfKpi1PteOgPYM5nmx
+PtmSE7EUuPD3COPRlZKX3Tr1dNj1oXgSSFxeDRtNc603Mbhyb/vT5mGmll6SI9Wn
+OHZtzeU94MkDZwa0+4PdBe5sSwBF8kIJBn05H8Iy75AY/9uD0pFII+wMXuNgGPQU
+lm+WXdPAoqc34W/IkCl0L9vrW/ZKE46PmEmHDrwcQ3FI+N8aAx34YyUzmarJGHYS
+G9XrHtaO8eJf7dfmY/fkBFxdw8aYS3uoOEu/AD0gsryQ0rEk3t1uSiBZMJ7LCap+
+vwAQH2Y8S2IF1skz4NQSHtMY4i7Y/SILFEIg5dj00+0qU4r+Ea0S51IrVu92wOjL
+GaA=
+-----END CERTIFICATE-----

docker/cert/synapse.key

@@ -0,0 +1,32 @@
+Bag Attributes
+    friendlyName: synapse
+    localKeyID: 54 69 6D 65 20 31 36 31 39 31 30 39 39 34 34 39 39 39 
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCc1B6qv7o9TRyZ
+jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+
+p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0
+sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t
+8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L
+8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6
+bONSkKdPAgMBAAECggEAJYseQFAfvJceNqCj6qGSGusniW0QDebbNrOMoO3Ib8Bz
+6FrMsUQELMJs89RdoMpd13H8qqerbhAWoYPbn8dxOSEyyb/3Ra+3kpSaDJGe/o2m
+KYFotbE9p3F/d0PDe8W9MntDpYpaszPu47IMyXBIFwcBjVLVC6CMP2LRPqpTFYqg
+7HURQol4Q9K7GQQqTLHJECnrY60FHVqg+3A9VWOulwF7qXRrG9mrUiujfmwgX/st
+CiCUIXvhWqi52mx6z+X4yclSVqAAqkxvgZSB4haZ2yIe+4B9++ayXmiN5jtY7bgq
+/hiZjTuec9XQK0LXnOEdf3zQF1jH38WuaHlA4x29WQKBgQDRw10CDjvhOQoHmz2z
+s0MtHT6uPRBlID0nNpylg/LVL7PjMxyXIjYJZxH070fzDC2+IFP01bRPa+Ffxxnv
+UZrLfXu0IpkOQDFyUAXE3K8ODEl9j+HYzZPqY0xsM6J9uH6MwJie9LvdwQJw7sJw
+bgOyuGlrUeC7vgQQqlhFykbrewKBgQC/ZbwvqJKj+CTksnL3qylDPufGnaaXDIn6
+YAKJK9o8o5bUwp7pNs+obtbVq4kqjxcA8nJYlr9KxF3yEj3hffNmoL8P0ADomxgO
+t94pW/F+QWQn+C6Z3pIzZcQGK+wjdLSQUStPStLhvEkGc8GV97Zeg9qKTp3hPMph
+p8lnVkgxPQKBgFAyQPzoNDyHci42TADIKIa3B5/V+M6w5LB5UKp3KAAZnMzgXa3q
+hn5Ryau7T+a8YUCvW2nfynAS7rePh3rX2Da0YvcbwyiPolfyAEKjnMniKLa4q8AX
+2NVj4XP8ycMHJlrpx2/+YVUG1cgXgH87kG5j0uoVA7bDjwpQFi+YhkTBAoGAG7BT
+Fi3z8OawJ6mtOik30fOiwjgCZq24tFD5bPC8JLOh2WvCY4i7Z+mJCOZE9LQ4prls
+U2aTi/R2htOewiVfdgRhP59e0kfFpjNxX1heyl4ZaDLeQwJQ8kCRqDbodYSnro0f
+j9wKP//mLJnIcrKgXnICxqly66fIu3HzkBCKZx0CgYEAi/LBqSsBCenij7tN/GhY
+rBiQo3mxmlAgA38jvh7d21JpIH/8PPgO/kI1bIfVWajTvv1mDxIB4Ieq/w56/ZKC
+2ziOPF2olA59DKD0yzMk064iwIYo1+7NYziU2uUhR2BTCzM7iOOngR69HJrG9lrN
+ZHrnOmSv8EnT+uI+mCykAKk=
+-----END PRIVATE KEY-----

docker/cert/synapse.pem

@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIEepUKBTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj
+YTAeFw0yMTA0MjIxNjI1MzFaFw0yMTA3MjExNjI1MzFaMBIxEDAOBgNVBAMTB3N5
+bmFwc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc1B6qv7o9TRyZ
+jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+
+p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0
+sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t
+8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L
+8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6
+bONSkKdPAgMBAAGjgZMwgZAwHQYDVR0OBBYEFFtgp2h3pbJNqKA21hfFHk1+2nno
+MA4GA1UdDwEB/wQEAwIFoDAfBgNVHREEGDAWghRva3VwYW1pY29jaGUtc3luYXBz
+ZTAfBgNVHSMEGDAWgBQD7PILP4eCg6TDhEkwZwLiNAb9gzAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAFaxdcpju5n52d4R
+ePIrwJYwU/HqukDw+4KNcKH629LjzuIaHnkGmlUDZ+1uvHQgJ0776oqF84S0Oa85
+gH3wcgluO7dF2bR8TKn4WEDij5I8MDZGuVctrfxLmP129d7aqei3bXp+LzokfbVi
+I3PE8U3blYQF3gevcopulz2DK5WvRDsG9PrMHs/GRl6X1RdhKXV18Q5UIkJUJrJR
+BdcdKvggK4+gdN5mWuHJ3w3zqpeQbCrRz5D7/CTjS7NFpHSZydfpkdTsrnymSNW/
+M9cPtWrGbtfeCO5usKc/4Iy3QA0HmRBxLWsDweXaub1lZwgoF5duS91O/yEwskcW
+gDlPzcI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy
+b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC
+Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj
+2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v
+wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5
+Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY
+J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb
+UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0
+HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV
+HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa
+MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4
+xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks
+Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9
+ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6
+5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA
+BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT
+-----END CERTIFICATE-----

docker/full/docker-compose.yml

@@ -1,32 +0,0 @@
-version: '3'
-
-services:
-  keycloak:
-    image: quay.io/keycloak/keycloak:12.0.4
-    container_name: keycloak
-    environment:
-      KEYCLOAK_USER: admin
-      KEYCLOAK_PASSWORD: admin
-    ports:
-      - "8080:8080"
-    networks:
-      - okupamicoche
-  synapse:
-    image: matrixdotorg/synapse:latest
-    container_name: synapse
-    ports:
-      - "8008:8008"
-    volumes:
-      - ./synapse-data:/data
-    networks:
-      - okupamicoche
-    depends_on:
-      - keycloak
-
-volumes:
-  synapse-data:
-      driver: local
-
-networks:
-  okupamicoche:
-    external: true

docker/full/https/tls.crt

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIURQQZKTG7wENaPp3bnAVLUMhkBJEwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTAzMTQxNzE0MTZaFw0yMjAz
-MTQxNzE0MTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQD4RoutMqZ9zzuowIZ02N5DneNdTUPp8KTP3ewCTp5B
-pQB2ht06pEgb7AY0xjlxfwt+lEXc4aeN/B741frLDe6buts8IsedfL0Ub2KHfoqo
-o3qAimn9+fgoHwZYsls3OJK+fKbPNefp+m65SkZHz4ufQhg2TSLsW0BWATnxnbd8
-OQIXrCxtV/UKE2iaXfrlmaVSCqFeL4z7Rr+PJ8LiwOFMDLleLMsPiIo8CtR7u/lg
-65zWI34rhdjwMq9tYXmZtq5sSpS83L/3InQDOvyhNt8vdNS8qL+v7tNhpHldBYqt
-WJaC/QPeRGXQfa89qYZssZ+k32/i7del2raF8RxkcyVtAgMBAAGjUzBRMB0GA1Ud
-DgQWBBREbPhToZrilLuC26iiFNj8t+K0hDAfBgNVHSMEGDAWgBREbPhToZrilLuC
-26iiFNj8t+K0hDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAF
-NtdTjLsVLhfS0q5tVKQFZ6Ek1CcuyUVeAvTxWDinZVfXzuNFdF1DeDlMwP3gKufz
-RIAI//k3ISFMwXN0TzgETC86ck4edxpB08E5RKpBZhOrm7PZtoQ5h4hPpOgSG1pp
-gPvzIzCEtC8Uaf0zpr+2AAm/2+DLgTDzdnO/cxN3UloydW9BslFM1PTeZ7TphT8X
-3PgDzDBa/IACdTwIhh6RH03l7BhzvKbp5uXnwRSWrf/q1R3mErrsjq9Awx6GECWu
-Y6YLsHjm05ELHs8r7STQC5Wq+vtfut/iDUNgnNFHmpiaedC1Md3qdnIIMeYrjBjo
-ru7ot2RLcptsr9w7qd7C
------END CERTIFICATE-----

docker/full/https/tls.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA+EaLrTKmfc87qMCGdNjeQ53jXU1D6fCkz93sAk6eQaUAdobd
-OqRIG+wGNMY5cX8LfpRF3OGnjfwe+NX6yw3um7rbPCLHnXy9FG9ih36KqKN6gIpp
-/fn4KB8GWLJbNziSvnymzzXn6fpuuUpGR8+Ln0IYNk0i7FtAVgE58Z23fDkCF6ws
-bVf1ChNoml365ZmlUgqhXi+M+0a/jyfC4sDhTAy5XizLD4iKPArUe7v5YOuc1iN+
-K4XY8DKvbWF5mbaubEqUvNy/9yJ0Azr8oTbfL3TUvKi/r+7TYaR5XQWKrViWgv0D
-3kRl0H2vPamGbLGfpN9v4u3Xpdq2hfEcZHMlbQIDAQABAoIBACTQoSmflxyUvC37
-znRJLDwuj2ZobKel7Wp9Z9+3tLPbOcRZnzhw39h0GT9+HUp9IkE0z18/fs8JEbao
-VDYD7Nvey1+RcLQjqQ38rkmVNA5pn2KsI6drh6a7Yv+IAwqfMvNYHIwhXDBP2FdV
-cjJ3ziZhcKGssn8F0PZv3B2921Vp++brFuVtDxvFdhRSSLtcwKI7L5SaOKsA8j2f
-8Yspq1eigkgCTYTFn1+wdjn3FxyndCV7IFs2BvgdHDBTcB/o6DipXVvK+Px1B3Cp
-g+ioAHiqn4EkxFkz/ceiscjpUZuITPS+e6aF5Qar7xO5VmeThhNlmsoCFW1nwaea
-wjwH6CkCgYEA/DxBU1N0o0ZObOnt1eb/LvrSRmxiNH8RKIbb8QL9gQ9Hx1GbP+5N
-JN5rayBNEg8UAtr0tvbil+ofoxpwlpSGFsFBG5NRcH1LIIHD1Sf0gkGc78ojdCT8
-O4PcWnCWjLtLIgZCVBxTupa1vsWmUMBzqTxdxn92ECLcPFvo21SRIYsCgYEA+/sp
-J2Do1lpUjkRDwWAIauHJ01ZHcA5epu2vXXZOnGw+OvPX8a493kwwJDjjrfOgDLTC
-1FDDBMzbCQUHUa1w3ZfsSOyheHr/8xlVUJ3gz98q+aizaJLJ8lZraL8lvsC9uogf
-x7P9iTp+SpIHQ1jXp+9WdFgeEgXVkK2GY1bzw+cCgYBiVOcuodFNuaHnSccDZZtD
-6FpDRAuA5ax9vR1PNtg3EQrthD3ezXrbja4YxC3nhWNKvas7DMJHcOlGf4821M31
-Xv+PzX2pOd8o3A3JMlta0FNrE8WAiM6gMQadZ1j5oiZnLEN9YNGvYwOVTJ5KyswM
-RNFWCeiv37c1/Kqpnq05gwKBgGys2QXzxNfV44vsIzC+Y0L9mFb+ahcJC4eBEVYE
-1UifYoN4cVT5qhM61rR4mLGIVinEuBZrsoBafck5EvwGCpx3jl+xNr7IhaTp8yKu
-xKvCez1rpdzfGhvba72kWvoXFHzjgplVpm5N/PPaYSmJopD6J1ZMPsPVIlOgk0o6
-0S1XAoGBALm8/9Gyer2jtfL/WZDILEeOV/rG13ELspTIx0pcbHkvZKFXrddu27E0
-e89SqTCIXhn3nFLvk4pdWjJbE2QA4uS99vV5HXIpvvEBgwzid5hyqxE3b7xuQwl6
-bAJld+V2lh5e1tQuaX/bF7B87k4ODlZFatCzhrOXBKMdRm4SkzSk
------END RSA PRIVATE KEY-----

docker/full/https/trb.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA+EaLrTKmfc87qMCGdNjeQ53jXU1D6fCkz93sAk6eQaUAdobd
-OqRIG+wGNMY5cX8LfpRF3OGnjfwe+NX6yw3um7rbPCLHnXy9FG9ih36KqKN6gIpp
-/fn4KB8GWLJbNziSvnymzzXn6fpuuUpGR8+Ln0IYNk0i7FtAVgE58Z23fDkCF6ws
-bVf1ChNoml365ZmlUgqhXi+M+0a/jyfC4sDhTAy5XizLD4iKPArUe7v5YOuc1iN+
-K4XY8DKvbWF5mbaubEqUvNy/9yJ0Azr8oTbfL3TUvKi/r+7TYaR5XQWKrViWgv0D
-3kRl0H2vPamGbLGfpN9v4u3Xpdq2hfEcZHMlbQIDAQABAoIBACTQoSmflxyUvC37
-znRJLDwuj2ZobKel7Wp9Z9+3tLPbOcRZnzhw39h0GT9+HUp9IkE0z18/fs8JEbao
-VDYD7Nvey1+RcLQjqQ38rkmVNA5pn2KsI6drh6a7Yv+IAwqfMvNYHIwhXDBP2FdV
-cjJ3ziZhcKGssn8F0PZv3B2921Vp++brFuVtDxvFdhRSSLtcwKI7L5SaOKsA8j2f
-8Yspq1eigkgCTYTFn1+wdjn3FxyndCV7IFs2BvgdHDBTcB/o6DipXVvK+Px1B3Cp
-g+ioAHiqn4EkxFkz/ceiscjpUZuITPS+e6aF5Qar7xO5VmeThhNlmsoCFW1nwaea
-wjwH6CkCgYEA/DxBU1N0o0ZObOnt1eb/LvrSRmxiNH8RKIbb8QL9gQ9Hx1GbP+5N
-JN5rayBNEg8UAtr0tvbil+ofoxpwlpSGFsFBG5NRcH1LIIHD1Sf0gkGc78ojdCT8
-O4PcWnCWjLtLIgZCVBxTupa1vsWmUMBzqTxdxn92ECLcPFvo21SRIYsCgYEA+/sp
-J2Do1lpUjkRDwWAIauHJ01ZHcA5epu2vXXZOnGw+OvPX8a493kwwJDjjrfOgDLTC
-1FDDBMzbCQUHUa1w3ZfsSOyheHr/8xlVUJ3gz98q+aizaJLJ8lZraL8lvsC9uogf
-x7P9iTp+SpIHQ1jXp+9WdFgeEgXVkK2GY1bzw+cCgYBiVOcuodFNuaHnSccDZZtD
-6FpDRAuA5ax9vR1PNtg3EQrthD3ezXrbja4YxC3nhWNKvas7DMJHcOlGf4821M31
-Xv+PzX2pOd8o3A3JMlta0FNrE8WAiM6gMQadZ1j5oiZnLEN9YNGvYwOVTJ5KyswM
-RNFWCeiv37c1/Kqpnq05gwKBgGys2QXzxNfV44vsIzC+Y0L9mFb+ahcJC4eBEVYE
-1UifYoN4cVT5qhM61rR4mLGIVinEuBZrsoBafck5EvwGCpx3jl+xNr7IhaTp8yKu
-xKvCez1rpdzfGhvba72kWvoXFHzjgplVpm5N/PPaYSmJopD6J1ZMPsPVIlOgk0o6
-0S1XAoGBALm8/9Gyer2jtfL/WZDILEeOV/rG13ELspTIx0pcbHkvZKFXrddu27E0
-e89SqTCIXhn3nFLvk4pdWjJbE2QA4uS99vV5HXIpvvEBgwzid5hyqxE3b7xuQwl6
-bAJld+V2lh5e1tQuaX/bF7B87k4ODlZFatCzhrOXBKMdRm4SkzSk
------END RSA PRIVATE KEY-----

docker/full/synapse-data/matrixdev.signing.key

@@ -1 +0,0 @@
-ed25519 a_IyNs PQ0dHIEEsxnfN6pnfBoXEkwNciqCvWAJJf4B2y88tvc

docker/keycloak/docker-compose.yml

@@ -0,0 +1,20 @@
+version: '3'
+
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:12.0.4
+    container_name: okupamicoche-keycloak
+    environment:
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+    ports:
+      - "8080:8080"
+      - "8443:8443"
+    volumes:
+      - ./https:/etc/x509/https
+    networks:
+      - okupamicoche
+
+networks:
+  okupamicoche:
+    external: true

docker/keycloak/https/tls.crt

@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAhugAwIBAgIEJ7Mx8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj
+YTAeFw0yMTA0MjIxNjI1MjlaFw0yMTA3MjExNjI1MjlaMBMxETAPBgNVBAMTCGtl
+eWNsb2FrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjviXNH4OBjNG
+U9L0Jpg3a+WqpiyXFxLom8pe+QTE0pVyjgAMOSBnTaBJUwhFkYjCIqP2hvTWPUYJ
+X9K0oTbfPp4QheViNYvDZ1sz/naUAXleTYhgSuPqTzwSZ4k8f+xQHWK1ECL3JmkI
+1czJ3LEjNKryWILYbvsyoG1HmbKcIZIKzUKvrgqC9SIEqa0wlZtC+ASi16Jqv1kC
+DtGTc2gcNmeudQASfDqbYiPLqXec1GWXSViezhwBO0mrs1NEaN8810h3PRRDWkhC
+dZijCjvLC6AqtZRjdHf7m3Cit6kzJ50q27COGNtwCVVaFutOJCiMjNcsjPh8HD1c
+uuyI5Q/SnQIDAQABo4GUMIGRMB0GA1UdDgQWBBTNiaKtvdBOTQo+6N/SrVQ3lPA/
+vzAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0RBBkwF4IVb2t1cGFtaWNvY2hlLWtleWNs
+b2FrMB8GA1UdIwQYMBaAFAPs8gs/h4KDpMOESTBnAuI0Bv2DMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAMBi43gTMU/Sp
+No++b4CQt5HlMXw3tKScKEUvMB6iFm7L25tkDHB/Kq+UG57GMAsOloTqq41a+u7x
+RGXGkOZxM12X7RTntU+6bheDkftuLD44eaAsfBhV+ZL7tU1gyx+qQ6xqgRWwilji
++hR/ycrjDSoozkJknIpNBM2puUc4ahAKo68rPufGrrnWSCs/EDre2peAnhi3qqVI
+6wqVJp3gdY5F4q96pDVdY5DBkOqdOFdE/Sp12Ybkt9EID0CyZFBF7eefVbS7IVpu
+aSfHe8z9GjJz1Yh/iHX8ERsSDt+YnaXk4J/Si0G5xVzd/ApPc7XpEwKXU9CcQdkg
+WxsaAmyUfg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy
+b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC
+Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj
+2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v
+wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5
+Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY
+J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb
+UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0
+HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV
+HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa
+MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4
+xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks
+Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9
+ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6
+5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA
+BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT
+-----END CERTIFICATE-----

docker/keycloak/https/tls.key

@@ -0,0 +1,32 @@
+Bag Attributes
+    friendlyName: keycloak
+    localKeyID: 54 69 6D 65 20 31 36 31 39 31 31 30 39 34 33 35 33 33 
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+Jc0fg4GM0ZT
+0vQmmDdr5aqmLJcXEuibyl75BMTSlXKOAAw5IGdNoElTCEWRiMIio/aG9NY9Rglf
+0rShNt8+nhCF5WI1i8NnWzP+dpQBeV5NiGBK4+pPPBJniTx/7FAdYrUQIvcmaQjV
+zMncsSM0qvJYgthu+zKgbUeZspwhkgrNQq+uCoL1IgSprTCVm0L4BKLXomq/WQIO
+0ZNzaBw2Z651ABJ8OptiI8upd5zUZZdJWJ7OHAE7SauzU0Ro3zzXSHc9FENaSEJ1
+mKMKO8sLoCq1lGN0d/ubcKK3qTMnnSrbsI4Y23AJVVoW604kKIyM1yyM+HwcPVy6
+7IjlD9KdAgMBAAECggEAeci1fAhYR93LbUHHqUyGAQm8iBp5hTUdIP+MUNBIHB0j
+XGQcBVldxZjgfLMSF3sH61wBdkn+aGlNOOuR47WLCpq39mZDdtsb0uG0c3BseKj6
+tE6Tv5dPErlX8AvNliYkxDM9ioZOQtC7rurnlG7rT0TCdLTYSgj9wfv0Pq8PIeQv
+LwtnOjZsG1p6LYEMPCWyNHolbV0saRf5ZEowvE7EPoGrFucOcxWYgnIC8Qa83ODD
+02vBSI/MMXEn/HdcwwyRDALTd8pGvIsheIHnaKtZxG0KBRuXrJ2OzLaDfYFk9QEg
+fH+iB3lcX1+tftD0Q68m4+Uti+GpJTwpj9xE4/yH4QKBgQDOAS6B+aKlLY15tJAE
+UFVrMj/n5qRjoYXMK8MUi0qOi4Ytzs63u8MR/owuZ7KstUpEGmgkSTJUCWy6C5gn
+iOW80wFheWMG9ZqUYFEx79a1Yna46SIEpowM+gunEqW0NIUHeuiOsgkZn3slnaxA
+lNT5s81nZvWHZRmnc9xy7pT0xQKBgQCxqzXCQMJS09qIZhHAQblIfDA4iwCUGZAn
+wcsfI9e4CxJ4m5SnJTTpe8G9680xXpR2tVhl2FrarNxWMMZUGWxqBn0Ug6dDmSwX
+SpBZ5q/bpbphRoRQvlVjkhX0prX+lB9yFcyH0qnDchoW/CPgnKaYndE+eBPMnjSO
+n8ZuM2iz+QKBgAC96Fj3eSp3G4dQqyQY1fXo3GoNXpItRroRfkZYqhARWI5ZrEzl
+FDLAY+jW3sHYdUgBgFaBHPlIf2e8GvQpfgpMCDk9oqmnwMLABgrT/kXw8NSBomm5
+3888J0aWvpoDhmccfjHlWjsJY/wisTgaURoFF7xDlqbCKnF77VNMoKSxAoGBAIef
+JONKocuuMlQKbiRvRytguUKAQQnMVbEzioUTzDiOIyRzxs6sZS6RrLv4QuMbyoKv
+PXJI7FmeuHcGtm4+Ffb9Sv+c29KLGxAQeA5YPQeTA6n7tUcZc38VZbMiiyxxD2v7
+3ewUUEiEUgwXnp93lOhNGAvyh1KbtYzlxAgdMCCpAoGABEqs4vSc2vmaUKf6uek6
+M1r3Qv6/NW3IBTY/eSaihszTxG3uVaZUK8iiORd3ELFiMWZKDk3kCW8PcmFIu96k
+VNoaawwZY7+AQzTg7pN2uF8CqQaMNjAi9MxcJK6cdXj9T4uP8yxahlt6TveoMGRd
+Y3uBGHr9qoVnbFnvr71DF0s=
+-----END PRIVATE KEY-----

docker/synapse/docker-compose.yml

@@ -1,13 +1,21 @@
-version: '3.3'
+version: '3'
+
 services:
-  matrix-synapse:
+  synapse:
     image: matrixdotorg/synapse:latest
-    container_name: synapse
-    volumes:
-      - ./synapse_data:/data
-    environment:
-      - SYNAPSE_REPORT_STATS=false
-      - UID=1000
-      - GID=1000
+    container_name: okupamicoche-synapse
     ports:
-      - 8008:8008
+      - "8008:8008"
+      - "8448:8448"
+    volumes:
+      - ./synapse-data:/data
+      - ./https:/https
+    networks:
+      - okupamicoche
+    environment:
+      SYNAPSE_SERVER_NAME: "okupamicoche-synapse"
+      SYNAPSE_REPORT_STATS: "no"
+
+networks:
+  okupamicoche:
+    external: true

docker/synapse/homeserver.yaml

@@ -26,7 +26,7 @@
 # lowercase and may contain an explicit port.
 # Examples: matrix.org, localhost:8080
 #
-server_name: "synapse"
+server_name: "okupamicoche-synapse"
 
 # When running as a daemon, the file to store the pid in
 #
@@ -49,7 +49,7 @@ pid_file: /data/homeserver.pid
 # Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
 # 'listeners' below).
 #
-#public_baseurl: https://example.com/
+public_baseurl: https://okupamicoche-synapse:8448/
 
 # Set the soft limit on the number of file descriptors synapse can use
 # Zero is used to indicate synapse should set the soft limit to the
@@ -232,11 +232,11 @@ listeners:
   # will also need to give Synapse a TLS key and certificate: see the TLS section
   # below.)
   #
-  #- port: 8448
-  #  type: http
-  #  tls: true
-  #  resources:
-  #    - names: [client, federation]
+  - port: 8448
+    type: http
+    tls: true
+    resources:
+      - names: [client, federation]
 
   # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
   # that unwraps TLS.
@@ -498,11 +498,11 @@ retention:
 # instance, if using certbot, use `fullchain.pem` as your certificate,
 # not `cert.pem`).
 #
-#tls_certificate_path: "/data/matrixdev.tls.crt"
+tls_certificate_path: "/data/synapse.pem"
 
 # PEM-encoded private key for TLS
 #
-#tls_private_key_path: "/data/matrixdev.tls.key"
+tls_private_key_path: "/data/synapse.key"
 
 # Whether to verify TLS server certificates for outbound federation requests.
 #
@@ -542,8 +542,8 @@ retention:
 # Note that this list will replace those that are provided by your
 # operating environment. Certificates must be in PEM format.
 #
-#federation_custom_ca_list:
-#  - myCA1.pem
+federation_custom_ca_list:
+  - ca.pem
 #  - myCA2.pem
 #  - myCA3.pem
 
@@ -768,7 +768,7 @@ database:
 # A yaml python logging config file as described by
 # https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
 #
-log_config: "/data/matrixdev.log.config"
+log_config: "/data/okupamicoche-synapse.log.config"
 
 
 ## Ratelimiting ##
@@ -1450,7 +1450,7 @@ form_secret: "FM,2TSq++sZ@Tl0atcQP#m:XP-wI=+z6Gxc.P:SXLV3CkueDDq"
 
 # Path to the signing key to sign messages with
 #
-signing_key_path: "/data/matrixdev.signing.key"
+signing_key_path: "/data/okupamicoche-synapse.signing.key"
 
 # The keys that the server used to sign messages with but won't use
 # to sign new messages.
@@ -1852,7 +1852,7 @@ oidc_providers:
   #
   - idp_id: keycloak
     idp_name: Keycloak
-    issuer: "https://172.18.0.2:8443/auth/realms/okupamicoche"
+    issuer: "https://okupamicoche-keycloak:8443/auth/realms/okupamicoche"
     client_id: "synapse"
     client_secret: "5b3992a1-d662-487b-b342-db642f966340"
     scopes: ["openid", "profile"]

docker/synapse/synapse-data/ca.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy
+b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC
+Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj
+2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v
+wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5
+Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY
+J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb
+UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0
+HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV
+HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa
+MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4
+xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks
+Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9
+ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6
+5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA
+BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT
+-----END CERTIFICATE-----

docker/synapse/synapse-data/homeserver.yaml

@@ -26,7 +26,7 @@
 # lowercase and may contain an explicit port.
 # Examples: matrix.org, localhost:8080
 #
-server_name: "synapse"
+server_name: "okupamicoche-synapse"
 
 # When running as a daemon, the file to store the pid in
 #
@@ -49,7 +49,7 @@ pid_file: /data/homeserver.pid
 # Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
 # 'listeners' below).
 #
-public_baseurl: http://synapse:8008/
+public_baseurl: https://okupamicoche-synapse:8448/
 
 # Set the soft limit on the number of file descriptors synapse can use
 # Zero is used to indicate synapse should set the soft limit to the
@@ -232,11 +232,11 @@ listeners:
   # will also need to give Synapse a TLS key and certificate: see the TLS section
   # below.)
   #
-  #- port: 8448
-  #  type: http
-  #  tls: true
-  #  resources:
-  #    - names: [client, federation]
+  - port: 8448
+    type: http
+    tls: true
+    resources:
+      - names: [client, federation]
 
   # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
   # that unwraps TLS.
@@ -498,11 +498,11 @@ retention:
 # instance, if using certbot, use `fullchain.pem` as your certificate,
 # not `cert.pem`).
 #
-#tls_certificate_path: "/data/keycloak.crt"
+tls_certificate_path: "/data/synapse.pem"
 
 # PEM-encoded private key for TLS
 #
-#tls_private_key_path: "/data/keycloak.key"
+tls_private_key_path: "/data/synapse.key"
 
 # Whether to verify TLS server certificates for outbound federation requests.
 #
@@ -542,8 +542,8 @@ retention:
 # Note that this list will replace those that are provided by your
 # operating environment. Certificates must be in PEM format.
 #
-#federation_custom_ca_list:
-#  - myCA1.pem
+federation_custom_ca_list:
+  - /data/ca.pem
 #  - myCA2.pem
 #  - myCA3.pem
 
@@ -768,7 +768,7 @@ database:
 # A yaml python logging config file as described by
 # https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
 #
-log_config: "/data/synapse.log.config"
+log_config: "/data/okupamicoche-synapse.log.config"
 
 
 ## Ratelimiting ##
@@ -1220,7 +1220,7 @@ account_validity:
 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
 #
-registration_shared_secret: "uBS~a~=H9fEV^^exB#dZYq4N&Ibiv~RDGxyEcvNG^=qJ7PJCXz"
+registration_shared_secret: "Y_XNuno*Dh,T2IpHA;i,bWF^fg&x.*t=iEz*@:y5REBMhgCA63"
 
 # Set the number of bcrypt rounds used to generate password hash.
 # Larger numbers increase the work factor needed to generate the hash.
@@ -1424,8 +1424,9 @@ report_stats: false
 
 # A list of application service config files to use
 #
-app_service_config_files:
-  - /data/okupamicoche-appservice.yaml
+#app_service_config_files:
+#  - app_service_1.yaml
+#  - app_service_2.yaml
 
 # Uncomment to enable tracking of application service IP addresses. Implicitly
 # enables MAU tracking for application service users.
@@ -1437,19 +1438,19 @@ app_service_config_files:
 # the registration_shared_secret is used, if one is given; otherwise,
 # a secret key is derived from the signing key.
 #
-macaroon_secret_key: "pd;pO.aXMBLEOu5@,Dzhhi^kQO@*QBL*T&GFO5&j.C;7n95gV5"
+macaroon_secret_key: "6VvBQj_TedGcDDB_z,-qXV1W3:.CXrRG6AWF&4p:~iGNguy&_h"
 
 # a secret which is used to calculate HMACs for form values, to stop
 # falsification of values. Must be specified for the User Consent
 # forms to work.
 #
-form_secret: ",fwjZdkUbfv8yjxV_rUJ=R4Xsnv,o*PJZmR5xgZfnv-kkrsltI"
+form_secret: "FM,2TSq++sZ@Tl0atcQP#m:XP-wI=+z6Gxc.P:SXLV3CkueDDq"
 
 ## Signing Keys ##
 
 # Path to the signing key to sign messages with
 #
-signing_key_path: "/data/synapse.signing.key"
+signing_key_path: "/data/okupamicoche-synapse.signing.key"
 
 # The keys that the server used to sign messages with but won't use
 # to sign new messages.
@@ -1514,7 +1515,6 @@ old_signing_keys:
 #
 trusted_key_servers:
   - server_name: "matrix.org"
-#    accept_keys_insecurely: true
 
 # Uncomment the following to disable the warning that is emitted when the
 # trusted_key_servers include 'matrix.org'. See above.
@@ -1852,14 +1852,10 @@ oidc_providers:
   #
   - idp_id: keycloak
     idp_name: Keycloak
-    issuer: "https://auth.fosil.eu/auth/realms/test"
+    issuer: "https://okupamicoche-keycloak:8443/auth/realms/okupamicoche"
     client_id: "synapse"
-    client_secret: "ab91d04e-40ec-4bb8-ad0c-da54bf8e7e14"
+    client_secret: "70ea1689-efba-4023-9a1a-c8ae3df46159"
     scopes: ["openid", "profile"]
-    user_mapping_provider:
-      config:
-        localpart_template: "{{ user.preferred_username }}"
-        display_name_template: "{{ user.name }}"
 
   # For use with Github
   #
@@ -1930,8 +1926,7 @@ sso:
     #
     # By default, this list is empty.
     #
-    client_whitelist:
-        - http://localhost:4200/
+    #client_whitelist:
     #  - https://riot.im/develop
     #  - https://my.custom.client/
 

docker/synapse/synapse-data/okupamicoche-synapse.signing.key

@@ -0,0 +1 @@
+ed25519 a_wHOw oPhC2svbw0sto3M6HmnKQFNWfM8DkY+ZfDJfHxxjHXg

docker/synapse/synapse-data/synapse.key

@@ -0,0 +1,32 @@
+Bag Attributes
+    friendlyName: synapse
+    localKeyID: 54 69 6D 65 20 31 36 31 39 31 30 39 39 34 34 39 39 39 
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCc1B6qv7o9TRyZ
+jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+
+p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0
+sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t
+8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L
+8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6
+bONSkKdPAgMBAAECggEAJYseQFAfvJceNqCj6qGSGusniW0QDebbNrOMoO3Ib8Bz
+6FrMsUQELMJs89RdoMpd13H8qqerbhAWoYPbn8dxOSEyyb/3Ra+3kpSaDJGe/o2m
+KYFotbE9p3F/d0PDe8W9MntDpYpaszPu47IMyXBIFwcBjVLVC6CMP2LRPqpTFYqg
+7HURQol4Q9K7GQQqTLHJECnrY60FHVqg+3A9VWOulwF7qXRrG9mrUiujfmwgX/st
+CiCUIXvhWqi52mx6z+X4yclSVqAAqkxvgZSB4haZ2yIe+4B9++ayXmiN5jtY7bgq
+/hiZjTuec9XQK0LXnOEdf3zQF1jH38WuaHlA4x29WQKBgQDRw10CDjvhOQoHmz2z
+s0MtHT6uPRBlID0nNpylg/LVL7PjMxyXIjYJZxH070fzDC2+IFP01bRPa+Ffxxnv
+UZrLfXu0IpkOQDFyUAXE3K8ODEl9j+HYzZPqY0xsM6J9uH6MwJie9LvdwQJw7sJw
+bgOyuGlrUeC7vgQQqlhFykbrewKBgQC/ZbwvqJKj+CTksnL3qylDPufGnaaXDIn6
+YAKJK9o8o5bUwp7pNs+obtbVq4kqjxcA8nJYlr9KxF3yEj3hffNmoL8P0ADomxgO
+t94pW/F+QWQn+C6Z3pIzZcQGK+wjdLSQUStPStLhvEkGc8GV97Zeg9qKTp3hPMph
+p8lnVkgxPQKBgFAyQPzoNDyHci42TADIKIa3B5/V+M6w5LB5UKp3KAAZnMzgXa3q
+hn5Ryau7T+a8YUCvW2nfynAS7rePh3rX2Da0YvcbwyiPolfyAEKjnMniKLa4q8AX
+2NVj4XP8ycMHJlrpx2/+YVUG1cgXgH87kG5j0uoVA7bDjwpQFi+YhkTBAoGAG7BT
+Fi3z8OawJ6mtOik30fOiwjgCZq24tFD5bPC8JLOh2WvCY4i7Z+mJCOZE9LQ4prls
+U2aTi/R2htOewiVfdgRhP59e0kfFpjNxX1heyl4ZaDLeQwJQ8kCRqDbodYSnro0f
+j9wKP//mLJnIcrKgXnICxqly66fIu3HzkBCKZx0CgYEAi/LBqSsBCenij7tN/GhY
+rBiQo3mxmlAgA38jvh7d21JpIH/8PPgO/kI1bIfVWajTvv1mDxIB4Ieq/w56/ZKC
+2ziOPF2olA59DKD0yzMk064iwIYo1+7NYziU2uUhR2BTCzM7iOOngR69HJrG9lrN
+ZHrnOmSv8EnT+uI+mCykAKk=
+-----END PRIVATE KEY-----

docker/synapse/synapse-data/synapse.pem

@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIEepUKBTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj
+YTAeFw0yMTA0MjIxNjI1MzFaFw0yMTA3MjExNjI1MzFaMBIxEDAOBgNVBAMTB3N5
+bmFwc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc1B6qv7o9TRyZ
+jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+
+p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0
+sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t
+8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L
+8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6
+bONSkKdPAgMBAAGjgZMwgZAwHQYDVR0OBBYEFFtgp2h3pbJNqKA21hfFHk1+2nno
+MA4GA1UdDwEB/wQEAwIFoDAfBgNVHREEGDAWghRva3VwYW1pY29jaGUtc3luYXBz
+ZTAfBgNVHSMEGDAWgBQD7PILP4eCg6TDhEkwZwLiNAb9gzAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAFaxdcpju5n52d4R
+ePIrwJYwU/HqukDw+4KNcKH629LjzuIaHnkGmlUDZ+1uvHQgJ0776oqF84S0Oa85
+gH3wcgluO7dF2bR8TKn4WEDij5I8MDZGuVctrfxLmP129d7aqei3bXp+LzokfbVi
+I3PE8U3blYQF3gevcopulz2DK5WvRDsG9PrMHs/GRl6X1RdhKXV18Q5UIkJUJrJR
+BdcdKvggK4+gdN5mWuHJ3w3zqpeQbCrRz5D7/CTjS7NFpHSZydfpkdTsrnymSNW/
+M9cPtWrGbtfeCO5usKc/4Iy3QA0HmRBxLWsDweXaub1lZwgoF5duS91O/yEwskcW
+gDlPzcI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy
+b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC
+Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj
+2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v
+wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5
+Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY
+J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb
+UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0
+HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV
+HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa
+MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4
+xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks
+Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9
+ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6
+5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA
+BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT
+-----END CERTIFICATE-----

docker/synapse/synapse_data/.gitignore

@@ -1,5 +0,0 @@
-homeserver.db
-media_store
-
-!.gitignore
-!homeserver.yaml

docker/synapse/synapse_data/keycloak.crt

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIURQQZKTG7wENaPp3bnAVLUMhkBJEwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTAzMTQxNzE0MTZaFw0yMjAz
-MTQxNzE0MTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQD4RoutMqZ9zzuowIZ02N5DneNdTUPp8KTP3ewCTp5B
-pQB2ht06pEgb7AY0xjlxfwt+lEXc4aeN/B741frLDe6buts8IsedfL0Ub2KHfoqo
-o3qAimn9+fgoHwZYsls3OJK+fKbPNefp+m65SkZHz4ufQhg2TSLsW0BWATnxnbd8
-OQIXrCxtV/UKE2iaXfrlmaVSCqFeL4z7Rr+PJ8LiwOFMDLleLMsPiIo8CtR7u/lg
-65zWI34rhdjwMq9tYXmZtq5sSpS83L/3InQDOvyhNt8vdNS8qL+v7tNhpHldBYqt
-WJaC/QPeRGXQfa89qYZssZ+k32/i7del2raF8RxkcyVtAgMBAAGjUzBRMB0GA1Ud
-DgQWBBREbPhToZrilLuC26iiFNj8t+K0hDAfBgNVHSMEGDAWgBREbPhToZrilLuC
-26iiFNj8t+K0hDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAF
-NtdTjLsVLhfS0q5tVKQFZ6Ek1CcuyUVeAvTxWDinZVfXzuNFdF1DeDlMwP3gKufz
-RIAI//k3ISFMwXN0TzgETC86ck4edxpB08E5RKpBZhOrm7PZtoQ5h4hPpOgSG1pp
-gPvzIzCEtC8Uaf0zpr+2AAm/2+DLgTDzdnO/cxN3UloydW9BslFM1PTeZ7TphT8X
-3PgDzDBa/IACdTwIhh6RH03l7BhzvKbp5uXnwRSWrf/q1R3mErrsjq9Awx6GECWu
-Y6YLsHjm05ELHs8r7STQC5Wq+vtfut/iDUNgnNFHmpiaedC1Md3qdnIIMeYrjBjo
-ru7ot2RLcptsr9w7qd7C
------END CERTIFICATE-----

docker/synapse/synapse_data/keycloak.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA+EaLrTKmfc87qMCGdNjeQ53jXU1D6fCkz93sAk6eQaUAdobd
-OqRIG+wGNMY5cX8LfpRF3OGnjfwe+NX6yw3um7rbPCLHnXy9FG9ih36KqKN6gIpp
-/fn4KB8GWLJbNziSvnymzzXn6fpuuUpGR8+Ln0IYNk0i7FtAVgE58Z23fDkCF6ws
-bVf1ChNoml365ZmlUgqhXi+M+0a/jyfC4sDhTAy5XizLD4iKPArUe7v5YOuc1iN+
-K4XY8DKvbWF5mbaubEqUvNy/9yJ0Azr8oTbfL3TUvKi/r+7TYaR5XQWKrViWgv0D
-3kRl0H2vPamGbLGfpN9v4u3Xpdq2hfEcZHMlbQIDAQABAoIBACTQoSmflxyUvC37
-znRJLDwuj2ZobKel7Wp9Z9+3tLPbOcRZnzhw39h0GT9+HUp9IkE0z18/fs8JEbao
-VDYD7Nvey1+RcLQjqQ38rkmVNA5pn2KsI6drh6a7Yv+IAwqfMvNYHIwhXDBP2FdV
-cjJ3ziZhcKGssn8F0PZv3B2921Vp++brFuVtDxvFdhRSSLtcwKI7L5SaOKsA8j2f
-8Yspq1eigkgCTYTFn1+wdjn3FxyndCV7IFs2BvgdHDBTcB/o6DipXVvK+Px1B3Cp
-g+ioAHiqn4EkxFkz/ceiscjpUZuITPS+e6aF5Qar7xO5VmeThhNlmsoCFW1nwaea
-wjwH6CkCgYEA/DxBU1N0o0ZObOnt1eb/LvrSRmxiNH8RKIbb8QL9gQ9Hx1GbP+5N
-JN5rayBNEg8UAtr0tvbil+ofoxpwlpSGFsFBG5NRcH1LIIHD1Sf0gkGc78ojdCT8
-O4PcWnCWjLtLIgZCVBxTupa1vsWmUMBzqTxdxn92ECLcPFvo21SRIYsCgYEA+/sp
-J2Do1lpUjkRDwWAIauHJ01ZHcA5epu2vXXZOnGw+OvPX8a493kwwJDjjrfOgDLTC
-1FDDBMzbCQUHUa1w3ZfsSOyheHr/8xlVUJ3gz98q+aizaJLJ8lZraL8lvsC9uogf
-x7P9iTp+SpIHQ1jXp+9WdFgeEgXVkK2GY1bzw+cCgYBiVOcuodFNuaHnSccDZZtD
-6FpDRAuA5ax9vR1PNtg3EQrthD3ezXrbja4YxC3nhWNKvas7DMJHcOlGf4821M31
-Xv+PzX2pOd8o3A3JMlta0FNrE8WAiM6gMQadZ1j5oiZnLEN9YNGvYwOVTJ5KyswM
-RNFWCeiv37c1/Kqpnq05gwKBgGys2QXzxNfV44vsIzC+Y0L9mFb+ahcJC4eBEVYE
-1UifYoN4cVT5qhM61rR4mLGIVinEuBZrsoBafck5EvwGCpx3jl+xNr7IhaTp8yKu
-xKvCez1rpdzfGhvba72kWvoXFHzjgplVpm5N/PPaYSmJopD6J1ZMPsPVIlOgk0o6
-0S1XAoGBALm8/9Gyer2jtfL/WZDILEeOV/rG13ELspTIx0pcbHkvZKFXrddu27E0
-e89SqTCIXhn3nFLvk4pdWjJbE2QA4uS99vV5HXIpvvEBgwzid5hyqxE3b7xuQwl6
-bAJld+V2lh5e1tQuaX/bF7B87k4ODlZFatCzhrOXBKMdRm4SkzSk
------END RSA PRIVATE KEY-----

docker/synapse/synapse_data/okupamicoche-appservice.yaml

@@ -1,11 +0,0 @@
-id: "Okupa mi coche"
-url: "http://172.17.0.1:8081"
-as_token: "30c05ae90a248a4188e620216fa72e349803310ec83e2a77b34fe90be6081f46"
-hs_token: "312df522183efd404ec1cd22d2ffa4bbc76a8c1ccf541dd692eef281356bb74e"
-sender_localpart: "okupamicoche"
-namespaces:
-  users: [ ]
-  aliases:
-    - regex: "#viaje_.*"
-      exclusive: true
-  rooms: [ ]

docker/synapse/synapse_data/synapse.log.config

@@ -1,22 +0,0 @@
-version: 1
-
-formatters:
-  precise:
-   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
-
-handlers:
-  console:
-    class: logging.StreamHandler
-    formatter: precise
-
-loggers:
-    synapse.storage.SQL:
-        # beware: increasing this to DEBUG will make synapse log sensitive
-        # information such as access tokens.
-        level: INFO
-
-root:
-    level: INFO
-    handlers: [console]
-
-disable_existing_loggers: false

docker/synapse/synapse_data/synapse.signing.key

@@ -1 +0,0 @@
-ed25519 a_cGhG bkRaBjufoVnCJ8Vk3S0h7cF4/7zDmQwM6Q+vnDj3baw

src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt

@@ -85,7 +85,7 @@ class PrivateTravelRestController(
     }
 
     @RequestMapping("/listallusertravels")
-    suspend fun listUserTravels(principal: Principal): ApiResponse<ListDto<TravelDto>> {
+    suspend fun listAllUserTravels(principal: Principal): ApiResponse<ListDto<TravelDto>> {
         return response {
             val userId = authService.currentUser(principal).id
             val useCase = ListUserTravels(travelRepository)
@@ -118,6 +118,7 @@ class PrivateTravelRestController(
             @RequestParam @Validated userId: UserId,
             principal: Principal
     ): ApiResponse<Unit> {
+        throwErrorIfCannotEditTravel(travelId, principal)
         return response {
             throwErrorIfCannotEditTravel(travelId, principal)
             val useCase = useCaseService.getAddTraveler()
@@ -131,6 +132,7 @@ class PrivateTravelRestController(
             @RequestParam @Validated userId: UserId,
             principal: Principal
     ): ApiResponse<Unit> {
+        throwErrorIfCannotEditTravel(travelId, principal)
         return response {
             val useCase = useCaseService.getRemoveTraveler()
             useCase.removeTraveler(travelId, userId)

src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt

@@ -35,6 +35,6 @@ class MatrixService(private val matrixClient: MatrixClient) : MatrixApi {
     override suspend fun kickUser(roomId: String, user: User) {
         val matrixUserId = MatrixId.UserId(user.matrixId)
         logger.debug { "Kick user $matrixUserId from room $roomId" }
-        matrixClient.roomsApi.leaveRoom(MatrixId.RoomId(roomId), matrixUserId)
+        matrixClient.roomsApi.leaveRoom(MatrixId.RoomId(roomId), matrixUserId) // TODO should be kickUser
     }
 }

src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/RemoveTraveler.kt

@@ -12,7 +12,7 @@ class RemoveTraveler(
     private val travelRepository: TravelRepository,
     private val matrixApi: MatrixApi
 ) {
-    suspend fun removeTraveler(travelId: TravelId, userId: UserId) {
+    suspend fun removeTraveler(travelId: TravelId, userId: UserId, kickFromChat: Boolean = false) {
         val user = userRepository.findByIdOrNull(userId)
         val travel = travelRepository.findByIdOrNull(travelId)
 
@@ -20,7 +20,7 @@ class RemoveTraveler(
 
         val traveler = travel?.travelers?.find { it.id == userId }
         if ((traveler != null) && (user != null)) {
-            matrixApi.kickUser(travel.matrixRoomId, user)
+            if (kickFromChat) matrixApi.kickUser(travel.matrixRoomId, user)
             travel.travelers.remove(traveler)
             travelRepository.save(travel)
         }