diff --git a/docker/README.md b/docker/README.md index 5c7906c..e8e785e 100644 --- a/docker/README.md +++ b/docker/README.md @@ -20,3 +20,13 @@ Add synapse in /etc/hosts as localhost alias. ## Inspect containter `docker exec -t -i synapse /bin/bash` + +## Setup using Docker Compose +docker-compose run --rm synapse generate + +https://github.com/matrix-org/synapse/blob/master/docs/openid.md + +504 Error +https://okupamicoche-keycloak:8443/auth/realms/okupamicoche/.well-known/openid-configuration + +/usr/local/share/ca-certificates \ No newline at end of file diff --git a/docker/cert/ca.jks b/docker/cert/ca.jks new file mode 100644 index 0000000..644bc97 Binary files /dev/null and b/docker/cert/ca.jks differ diff --git a/docker/cert/ca.pem b/docker/cert/ca.pem new file mode 100644 index 0000000..c3957c0 --- /dev/null +++ b/docker/cert/ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy +b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC +Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj +2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v +wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5 +Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY +J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb +UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0 +HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV +HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa +MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4 +xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks +Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9 +ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6 +5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA +BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT +-----END CERTIFICATE----- diff --git a/docker/cert/create_dev_cert.sh b/docker/cert/create_dev_cert.sh new file mode 100644 index 0000000..294fa9a --- /dev/null +++ b/docker/cert/create_dev_cert.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +rm *.jks 2> /dev/null +rm *.pem 2> /dev/null + +echo "====================================================" +echo "Creating fake third-party chain root -> ca" +echo "====================================================" + +# generate private keys (for root and ca) + +keytool -genkeypair -alias root -dname cn=root -validity 10000 -keyalg RSA -keysize 2048 -ext bc:c -keystore root.jks -keypass password -storepass password +keytool -genkeypair -alias ca -dname cn=ca -validity 10000 -keyalg RSA -keysize 2048 -ext bc:c -keystore ca.jks -keypass password -storepass password + +# generate root certificate + +keytool -exportcert -rfc -keystore root.jks -alias root -storepass password > root.pem + +# generate a certificate for ca signed by root (root -> ca) + +keytool -keystore ca.jks -storepass password -certreq -alias ca \ +| keytool -keystore root.jks -storepass password -gencert -alias root -ext bc=0 -ext san=dns:ca -rfc > ca.pem + +# import ca cert chain into ca.jks + +keytool -keystore ca.jks -storepass password -importcert -trustcacerts -noprompt -alias root -file root.pem +keytool -keystore ca.jks -storepass password -importcert -alias ca -file ca.pem + +echo "====================================================================" +echo "Fake third-party chain generated. Now generating my-keystore.jks ..." +echo "====================================================================" + +# generate private keys (for server) + +keytool -genkeypair -alias keycloak -dname cn=keycloak -validity 10000 -keyalg RSA -keysize 2048 -keystore keycloak-keystore.jks -keypass password -storepass password +keytool -genkeypair -alias synapse -dname cn=synapse -validity 10000 -keyalg RSA -keysize 2048 -keystore synapse-keystore.jks -keypass password -storepass password + +# generate a certificate for server signed by ca (root -> ca -> server) + +keytool -keystore keycloak-keystore.jks -storepass password -certreq -alias keycloak \ +| keytool -keystore ca.jks -storepass password -gencert -alias ca -ext ku:c=dig,keyEnc -ext san=dns:okupamicoche-keycloak -ext eku=sa,ca -rfc > keycloak.pem + +keytool -keystore synapse-keystore.jks -storepass password -certreq -alias synapse \ +| keytool -keystore ca.jks -storepass password -gencert -alias ca -ext ku:c=dig,keyEnc -ext san=dns:okupamicoche-synapse -ext eku=sa,ca -rfc > synapse.pem + + +echo "=================================================" +echo "Keystore generated. Now generating truststore ..." +echo "=================================================" + +# import server cert chain into my-truststore.jks + +keytool -keystore my-truststore.jks -storepass password -importcert -trustcacerts -noprompt -alias root -file root.pem +keytool -keystore my-truststore.jks -storepass password -importcert -alias ca -file ca.pem +keytool -keystore my-truststore.jks -storepass password -importcert -alias keycloak -file keycloak.pem +keytool -keystore my-truststore.jks -storepass password -importcert -alias synapse -file synapse.pem + +# Create keycloak.crt and keycloak.key file +keytool -export -alias keycloak -file keycloak.der -keystore keycloak-keystore.jks -keypass password -storepass password +keytool -importkeystore -srckeystore keycloak-keystore.jks -destkeystore keycloak.p12 -deststoretype PKCS12 -srcstorepass password -deststorepass password +openssl pkcs12 -in keycloak.p12 -nodes -nocerts -out keycloak.key + +# Create synapse.key file +keytool -importkeystore -srckeystore synapse-keystore.jks -destkeystore synapse.p12 -deststoretype PKCS12 -srcstorepass password -deststorepass password +openssl pkcs12 -in synapse.p12 -nodes -nocerts -out synapse.key diff --git a/docker/cert/keycloak-keystore.jks b/docker/cert/keycloak-keystore.jks new file mode 100644 index 0000000..21027a9 Binary files /dev/null and b/docker/cert/keycloak-keystore.jks differ diff --git a/docker/cert/keycloak.der b/docker/cert/keycloak.der new file mode 100644 index 0000000..07c6efc Binary files /dev/null and b/docker/cert/keycloak.der differ diff --git a/docker/cert/keycloak.key b/docker/cert/keycloak.key new file mode 100644 index 0000000..83497c7 --- /dev/null +++ b/docker/cert/keycloak.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: keycloak + localKeyID: 54 69 6D 65 20 31 36 31 39 31 31 30 39 34 33 35 33 33 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+Jc0fg4GM0ZT +0vQmmDdr5aqmLJcXEuibyl75BMTSlXKOAAw5IGdNoElTCEWRiMIio/aG9NY9Rglf +0rShNt8+nhCF5WI1i8NnWzP+dpQBeV5NiGBK4+pPPBJniTx/7FAdYrUQIvcmaQjV +zMncsSM0qvJYgthu+zKgbUeZspwhkgrNQq+uCoL1IgSprTCVm0L4BKLXomq/WQIO +0ZNzaBw2Z651ABJ8OptiI8upd5zUZZdJWJ7OHAE7SauzU0Ro3zzXSHc9FENaSEJ1 +mKMKO8sLoCq1lGN0d/ubcKK3qTMnnSrbsI4Y23AJVVoW604kKIyM1yyM+HwcPVy6 +7IjlD9KdAgMBAAECggEAeci1fAhYR93LbUHHqUyGAQm8iBp5hTUdIP+MUNBIHB0j +XGQcBVldxZjgfLMSF3sH61wBdkn+aGlNOOuR47WLCpq39mZDdtsb0uG0c3BseKj6 +tE6Tv5dPErlX8AvNliYkxDM9ioZOQtC7rurnlG7rT0TCdLTYSgj9wfv0Pq8PIeQv +LwtnOjZsG1p6LYEMPCWyNHolbV0saRf5ZEowvE7EPoGrFucOcxWYgnIC8Qa83ODD +02vBSI/MMXEn/HdcwwyRDALTd8pGvIsheIHnaKtZxG0KBRuXrJ2OzLaDfYFk9QEg +fH+iB3lcX1+tftD0Q68m4+Uti+GpJTwpj9xE4/yH4QKBgQDOAS6B+aKlLY15tJAE +UFVrMj/n5qRjoYXMK8MUi0qOi4Ytzs63u8MR/owuZ7KstUpEGmgkSTJUCWy6C5gn +iOW80wFheWMG9ZqUYFEx79a1Yna46SIEpowM+gunEqW0NIUHeuiOsgkZn3slnaxA +lNT5s81nZvWHZRmnc9xy7pT0xQKBgQCxqzXCQMJS09qIZhHAQblIfDA4iwCUGZAn +wcsfI9e4CxJ4m5SnJTTpe8G9680xXpR2tVhl2FrarNxWMMZUGWxqBn0Ug6dDmSwX +SpBZ5q/bpbphRoRQvlVjkhX0prX+lB9yFcyH0qnDchoW/CPgnKaYndE+eBPMnjSO +n8ZuM2iz+QKBgAC96Fj3eSp3G4dQqyQY1fXo3GoNXpItRroRfkZYqhARWI5ZrEzl +FDLAY+jW3sHYdUgBgFaBHPlIf2e8GvQpfgpMCDk9oqmnwMLABgrT/kXw8NSBomm5 +3888J0aWvpoDhmccfjHlWjsJY/wisTgaURoFF7xDlqbCKnF77VNMoKSxAoGBAIef +JONKocuuMlQKbiRvRytguUKAQQnMVbEzioUTzDiOIyRzxs6sZS6RrLv4QuMbyoKv +PXJI7FmeuHcGtm4+Ffb9Sv+c29KLGxAQeA5YPQeTA6n7tUcZc38VZbMiiyxxD2v7 +3ewUUEiEUgwXnp93lOhNGAvyh1KbtYzlxAgdMCCpAoGABEqs4vSc2vmaUKf6uek6 +M1r3Qv6/NW3IBTY/eSaihszTxG3uVaZUK8iiORd3ELFiMWZKDk3kCW8PcmFIu96k +VNoaawwZY7+AQzTg7pN2uF8CqQaMNjAi9MxcJK6cdXj9T4uP8yxahlt6TveoMGRd +Y3uBGHr9qoVnbFnvr71DF0s= +-----END PRIVATE KEY----- diff --git a/docker/cert/keycloak.p12 b/docker/cert/keycloak.p12 new file mode 100644 index 0000000..5a1673d Binary files /dev/null and b/docker/cert/keycloak.p12 differ diff --git a/docker/cert/keycloak.pem b/docker/cert/keycloak.pem new file mode 100644 index 0000000..968c6a6 --- /dev/null +++ b/docker/cert/keycloak.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCAhugAwIBAgIEJ7Mx8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj +YTAeFw0yMTA0MjIxNjI1MjlaFw0yMTA3MjExNjI1MjlaMBMxETAPBgNVBAMTCGtl +eWNsb2FrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjviXNH4OBjNG +U9L0Jpg3a+WqpiyXFxLom8pe+QTE0pVyjgAMOSBnTaBJUwhFkYjCIqP2hvTWPUYJ +X9K0oTbfPp4QheViNYvDZ1sz/naUAXleTYhgSuPqTzwSZ4k8f+xQHWK1ECL3JmkI +1czJ3LEjNKryWILYbvsyoG1HmbKcIZIKzUKvrgqC9SIEqa0wlZtC+ASi16Jqv1kC +DtGTc2gcNmeudQASfDqbYiPLqXec1GWXSViezhwBO0mrs1NEaN8810h3PRRDWkhC +dZijCjvLC6AqtZRjdHf7m3Cit6kzJ50q27COGNtwCVVaFutOJCiMjNcsjPh8HD1c +uuyI5Q/SnQIDAQABo4GUMIGRMB0GA1UdDgQWBBTNiaKtvdBOTQo+6N/SrVQ3lPA/ +vzAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0RBBkwF4IVb2t1cGFtaWNvY2hlLWtleWNs +b2FrMB8GA1UdIwQYMBaAFAPs8gs/h4KDpMOESTBnAuI0Bv2DMB0GA1UdJQQWMBQG +CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAMBi43gTMU/Sp +No++b4CQt5HlMXw3tKScKEUvMB6iFm7L25tkDHB/Kq+UG57GMAsOloTqq41a+u7x +RGXGkOZxM12X7RTntU+6bheDkftuLD44eaAsfBhV+ZL7tU1gyx+qQ6xqgRWwilji ++hR/ycrjDSoozkJknIpNBM2puUc4ahAKo68rPufGrrnWSCs/EDre2peAnhi3qqVI +6wqVJp3gdY5F4q96pDVdY5DBkOqdOFdE/Sp12Ybkt9EID0CyZFBF7eefVbS7IVpu +aSfHe8z9GjJz1Yh/iHX8ERsSDt+YnaXk4J/Si0G5xVzd/ApPc7XpEwKXU9CcQdkg +WxsaAmyUfg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy +b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC +Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj +2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v +wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5 +Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY +J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb +UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0 +HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV +HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa +MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4 +xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks +Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9 +ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6 +5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA +BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT +-----END CERTIFICATE----- diff --git a/docker/cert/my-truststore.jks b/docker/cert/my-truststore.jks new file mode 100644 index 0000000..73a1900 Binary files /dev/null and b/docker/cert/my-truststore.jks differ diff --git a/docker/cert/root.jks b/docker/cert/root.jks new file mode 100644 index 0000000..3392f4e Binary files /dev/null and b/docker/cert/root.jks differ diff --git a/docker/cert/root.pem b/docker/cert/root.pem new file mode 100644 index 0000000..26697fc --- /dev/null +++ b/docker/cert/root.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzjCCAbagAwIBAgIEe23PhzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy +b290MB4XDTIxMDQyMjE2MjUxN1oXDTQ4MDkwNzE2MjUxN1owDzENMAsGA1UEAxME +cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJQVKfh+JUYHcrfn ++LJb04FBxnAVaHzbJmEgRtZhSPyF45JtjEsepj7R6IDnd2hymyISh8JPO2W35kwE +7wRTMOiqim/BoInS7iRbc7GZaSXFyF/tCWdaYE4mQVDkttMZIlZxVoqGI9/JupSW +Shk8rX3h3Eg4RHK0Jxjygo5UtzdWM3LpQkdioXZ+ixBS9f1RP+wZEyuWGJvM6kUq +599ntFOUN0RZ4ZCq1MxfFGzGhtyPMBCPAA7IVdlhQXz+2dkkttcuGDXDCEh3KvT/ +FjkwCahTJmCBEO0gVFI+3TkBrbmQbD0mpEYP2ba2wBn8avajF1L/HjS5mHvfbQIr +jyiM8JECAwEAAaMyMDAwHQYDVR0OBBYEFORJiEeDfjQaMvoMZkmv3bWw8/8NMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFyfKpi1PteOgPYM5nmx +PtmSE7EUuPD3COPRlZKX3Tr1dNj1oXgSSFxeDRtNc603Mbhyb/vT5mGmll6SI9Wn +OHZtzeU94MkDZwa0+4PdBe5sSwBF8kIJBn05H8Iy75AY/9uD0pFII+wMXuNgGPQU +lm+WXdPAoqc34W/IkCl0L9vrW/ZKE46PmEmHDrwcQ3FI+N8aAx34YyUzmarJGHYS +G9XrHtaO8eJf7dfmY/fkBFxdw8aYS3uoOEu/AD0gsryQ0rEk3t1uSiBZMJ7LCap+ +vwAQH2Y8S2IF1skz4NQSHtMY4i7Y/SILFEIg5dj00+0qU4r+Ea0S51IrVu92wOjL +GaA= +-----END CERTIFICATE----- diff --git a/docker/cert/synapse-keystore.jks b/docker/cert/synapse-keystore.jks new file mode 100644 index 0000000..5be0a35 Binary files /dev/null and b/docker/cert/synapse-keystore.jks differ diff --git a/docker/cert/synapse.key b/docker/cert/synapse.key new file mode 100644 index 0000000..b2fd90c --- /dev/null +++ b/docker/cert/synapse.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: synapse + localKeyID: 54 69 6D 65 20 31 36 31 39 31 30 39 39 34 34 39 39 39 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCc1B6qv7o9TRyZ +jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+ +p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0 +sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t +8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L +8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6 +bONSkKdPAgMBAAECggEAJYseQFAfvJceNqCj6qGSGusniW0QDebbNrOMoO3Ib8Bz +6FrMsUQELMJs89RdoMpd13H8qqerbhAWoYPbn8dxOSEyyb/3Ra+3kpSaDJGe/o2m +KYFotbE9p3F/d0PDe8W9MntDpYpaszPu47IMyXBIFwcBjVLVC6CMP2LRPqpTFYqg +7HURQol4Q9K7GQQqTLHJECnrY60FHVqg+3A9VWOulwF7qXRrG9mrUiujfmwgX/st +CiCUIXvhWqi52mx6z+X4yclSVqAAqkxvgZSB4haZ2yIe+4B9++ayXmiN5jtY7bgq +/hiZjTuec9XQK0LXnOEdf3zQF1jH38WuaHlA4x29WQKBgQDRw10CDjvhOQoHmz2z +s0MtHT6uPRBlID0nNpylg/LVL7PjMxyXIjYJZxH070fzDC2+IFP01bRPa+Ffxxnv +UZrLfXu0IpkOQDFyUAXE3K8ODEl9j+HYzZPqY0xsM6J9uH6MwJie9LvdwQJw7sJw +bgOyuGlrUeC7vgQQqlhFykbrewKBgQC/ZbwvqJKj+CTksnL3qylDPufGnaaXDIn6 +YAKJK9o8o5bUwp7pNs+obtbVq4kqjxcA8nJYlr9KxF3yEj3hffNmoL8P0ADomxgO +t94pW/F+QWQn+C6Z3pIzZcQGK+wjdLSQUStPStLhvEkGc8GV97Zeg9qKTp3hPMph +p8lnVkgxPQKBgFAyQPzoNDyHci42TADIKIa3B5/V+M6w5LB5UKp3KAAZnMzgXa3q +hn5Ryau7T+a8YUCvW2nfynAS7rePh3rX2Da0YvcbwyiPolfyAEKjnMniKLa4q8AX +2NVj4XP8ycMHJlrpx2/+YVUG1cgXgH87kG5j0uoVA7bDjwpQFi+YhkTBAoGAG7BT +Fi3z8OawJ6mtOik30fOiwjgCZq24tFD5bPC8JLOh2WvCY4i7Z+mJCOZE9LQ4prls +U2aTi/R2htOewiVfdgRhP59e0kfFpjNxX1heyl4ZaDLeQwJQ8kCRqDbodYSnro0f +j9wKP//mLJnIcrKgXnICxqly66fIu3HzkBCKZx0CgYEAi/LBqSsBCenij7tN/GhY +rBiQo3mxmlAgA38jvh7d21JpIH/8PPgO/kI1bIfVWajTvv1mDxIB4Ieq/w56/ZKC +2ziOPF2olA59DKD0yzMk064iwIYo1+7NYziU2uUhR2BTCzM7iOOngR69HJrG9lrN +ZHrnOmSv8EnT+uI+mCykAKk= +-----END PRIVATE KEY----- diff --git a/docker/cert/synapse.p12 b/docker/cert/synapse.p12 new file mode 100644 index 0000000..d7cad4e Binary files /dev/null and b/docker/cert/synapse.p12 differ diff --git a/docker/cert/synapse.pem b/docker/cert/synapse.pem new file mode 100644 index 0000000..f68d92a --- /dev/null +++ b/docker/cert/synapse.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhmgAwIBAgIEepUKBTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj +YTAeFw0yMTA0MjIxNjI1MzFaFw0yMTA3MjExNjI1MzFaMBIxEDAOBgNVBAMTB3N5 +bmFwc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc1B6qv7o9TRyZ +jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+ +p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0 +sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t +8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L +8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6 +bONSkKdPAgMBAAGjgZMwgZAwHQYDVR0OBBYEFFtgp2h3pbJNqKA21hfFHk1+2nno +MA4GA1UdDwEB/wQEAwIFoDAfBgNVHREEGDAWghRva3VwYW1pY29jaGUtc3luYXBz +ZTAfBgNVHSMEGDAWgBQD7PILP4eCg6TDhEkwZwLiNAb9gzAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAFaxdcpju5n52d4R +ePIrwJYwU/HqukDw+4KNcKH629LjzuIaHnkGmlUDZ+1uvHQgJ0776oqF84S0Oa85 +gH3wcgluO7dF2bR8TKn4WEDij5I8MDZGuVctrfxLmP129d7aqei3bXp+LzokfbVi +I3PE8U3blYQF3gevcopulz2DK5WvRDsG9PrMHs/GRl6X1RdhKXV18Q5UIkJUJrJR +BdcdKvggK4+gdN5mWuHJ3w3zqpeQbCrRz5D7/CTjS7NFpHSZydfpkdTsrnymSNW/ +M9cPtWrGbtfeCO5usKc/4Iy3QA0HmRBxLWsDweXaub1lZwgoF5duS91O/yEwskcW +gDlPzcI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy +b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC +Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj +2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v +wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5 +Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY +J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb +UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0 +HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV +HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa +MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4 +xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks +Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9 +ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6 +5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA +BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT +-----END CERTIFICATE----- diff --git a/docker/full/docker-compose.yml b/docker/full/docker-compose.yml deleted file mode 100644 index 9eea315..0000000 --- a/docker/full/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: '3' - -services: - keycloak: - image: quay.io/keycloak/keycloak:12.0.4 - container_name: keycloak - environment: - KEYCLOAK_USER: admin - KEYCLOAK_PASSWORD: admin - ports: - - "8080:8080" - networks: - - okupamicoche - synapse: - image: matrixdotorg/synapse:latest - container_name: synapse - ports: - - "8008:8008" - volumes: - - ./synapse-data:/data - networks: - - okupamicoche - depends_on: - - keycloak - -volumes: - synapse-data: - driver: local - -networks: - okupamicoche: - external: true diff --git a/docker/full/https/tls.crt b/docker/full/https/tls.crt deleted file mode 100644 index f88529f..0000000 --- a/docker/full/https/tls.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDazCCAlOgAwIBAgIURQQZKTG7wENaPp3bnAVLUMhkBJEwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTAzMTQxNzE0MTZaFw0yMjAz -MTQxNzE0MTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQD4RoutMqZ9zzuowIZ02N5DneNdTUPp8KTP3ewCTp5B -pQB2ht06pEgb7AY0xjlxfwt+lEXc4aeN/B741frLDe6buts8IsedfL0Ub2KHfoqo -o3qAimn9+fgoHwZYsls3OJK+fKbPNefp+m65SkZHz4ufQhg2TSLsW0BWATnxnbd8 -OQIXrCxtV/UKE2iaXfrlmaVSCqFeL4z7Rr+PJ8LiwOFMDLleLMsPiIo8CtR7u/lg -65zWI34rhdjwMq9tYXmZtq5sSpS83L/3InQDOvyhNt8vdNS8qL+v7tNhpHldBYqt -WJaC/QPeRGXQfa89qYZssZ+k32/i7del2raF8RxkcyVtAgMBAAGjUzBRMB0GA1Ud -DgQWBBREbPhToZrilLuC26iiFNj8t+K0hDAfBgNVHSMEGDAWgBREbPhToZrilLuC -26iiFNj8t+K0hDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAF -NtdTjLsVLhfS0q5tVKQFZ6Ek1CcuyUVeAvTxWDinZVfXzuNFdF1DeDlMwP3gKufz -RIAI//k3ISFMwXN0TzgETC86ck4edxpB08E5RKpBZhOrm7PZtoQ5h4hPpOgSG1pp -gPvzIzCEtC8Uaf0zpr+2AAm/2+DLgTDzdnO/cxN3UloydW9BslFM1PTeZ7TphT8X -3PgDzDBa/IACdTwIhh6RH03l7BhzvKbp5uXnwRSWrf/q1R3mErrsjq9Awx6GECWu -Y6YLsHjm05ELHs8r7STQC5Wq+vtfut/iDUNgnNFHmpiaedC1Md3qdnIIMeYrjBjo -ru7ot2RLcptsr9w7qd7C ------END CERTIFICATE----- diff --git a/docker/full/https/tls.key b/docker/full/https/tls.key deleted file mode 100644 index 9e8ae6a..0000000 --- a/docker/full/https/tls.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA+EaLrTKmfc87qMCGdNjeQ53jXU1D6fCkz93sAk6eQaUAdobd -OqRIG+wGNMY5cX8LfpRF3OGnjfwe+NX6yw3um7rbPCLHnXy9FG9ih36KqKN6gIpp -/fn4KB8GWLJbNziSvnymzzXn6fpuuUpGR8+Ln0IYNk0i7FtAVgE58Z23fDkCF6ws -bVf1ChNoml365ZmlUgqhXi+M+0a/jyfC4sDhTAy5XizLD4iKPArUe7v5YOuc1iN+ -K4XY8DKvbWF5mbaubEqUvNy/9yJ0Azr8oTbfL3TUvKi/r+7TYaR5XQWKrViWgv0D -3kRl0H2vPamGbLGfpN9v4u3Xpdq2hfEcZHMlbQIDAQABAoIBACTQoSmflxyUvC37 -znRJLDwuj2ZobKel7Wp9Z9+3tLPbOcRZnzhw39h0GT9+HUp9IkE0z18/fs8JEbao -VDYD7Nvey1+RcLQjqQ38rkmVNA5pn2KsI6drh6a7Yv+IAwqfMvNYHIwhXDBP2FdV -cjJ3ziZhcKGssn8F0PZv3B2921Vp++brFuVtDxvFdhRSSLtcwKI7L5SaOKsA8j2f -8Yspq1eigkgCTYTFn1+wdjn3FxyndCV7IFs2BvgdHDBTcB/o6DipXVvK+Px1B3Cp -g+ioAHiqn4EkxFkz/ceiscjpUZuITPS+e6aF5Qar7xO5VmeThhNlmsoCFW1nwaea -wjwH6CkCgYEA/DxBU1N0o0ZObOnt1eb/LvrSRmxiNH8RKIbb8QL9gQ9Hx1GbP+5N -JN5rayBNEg8UAtr0tvbil+ofoxpwlpSGFsFBG5NRcH1LIIHD1Sf0gkGc78ojdCT8 -O4PcWnCWjLtLIgZCVBxTupa1vsWmUMBzqTxdxn92ECLcPFvo21SRIYsCgYEA+/sp -J2Do1lpUjkRDwWAIauHJ01ZHcA5epu2vXXZOnGw+OvPX8a493kwwJDjjrfOgDLTC -1FDDBMzbCQUHUa1w3ZfsSOyheHr/8xlVUJ3gz98q+aizaJLJ8lZraL8lvsC9uogf -x7P9iTp+SpIHQ1jXp+9WdFgeEgXVkK2GY1bzw+cCgYBiVOcuodFNuaHnSccDZZtD -6FpDRAuA5ax9vR1PNtg3EQrthD3ezXrbja4YxC3nhWNKvas7DMJHcOlGf4821M31 -Xv+PzX2pOd8o3A3JMlta0FNrE8WAiM6gMQadZ1j5oiZnLEN9YNGvYwOVTJ5KyswM -RNFWCeiv37c1/Kqpnq05gwKBgGys2QXzxNfV44vsIzC+Y0L9mFb+ahcJC4eBEVYE -1UifYoN4cVT5qhM61rR4mLGIVinEuBZrsoBafck5EvwGCpx3jl+xNr7IhaTp8yKu -xKvCez1rpdzfGhvba72kWvoXFHzjgplVpm5N/PPaYSmJopD6J1ZMPsPVIlOgk0o6 -0S1XAoGBALm8/9Gyer2jtfL/WZDILEeOV/rG13ELspTIx0pcbHkvZKFXrddu27E0 -e89SqTCIXhn3nFLvk4pdWjJbE2QA4uS99vV5HXIpvvEBgwzid5hyqxE3b7xuQwl6 -bAJld+V2lh5e1tQuaX/bF7B87k4ODlZFatCzhrOXBKMdRm4SkzSk ------END RSA PRIVATE KEY----- diff --git a/docker/full/https/trb.pem b/docker/full/https/trb.pem deleted file mode 100644 index 9e8ae6a..0000000 --- a/docker/full/https/trb.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA+EaLrTKmfc87qMCGdNjeQ53jXU1D6fCkz93sAk6eQaUAdobd -OqRIG+wGNMY5cX8LfpRF3OGnjfwe+NX6yw3um7rbPCLHnXy9FG9ih36KqKN6gIpp -/fn4KB8GWLJbNziSvnymzzXn6fpuuUpGR8+Ln0IYNk0i7FtAVgE58Z23fDkCF6ws -bVf1ChNoml365ZmlUgqhXi+M+0a/jyfC4sDhTAy5XizLD4iKPArUe7v5YOuc1iN+ -K4XY8DKvbWF5mbaubEqUvNy/9yJ0Azr8oTbfL3TUvKi/r+7TYaR5XQWKrViWgv0D -3kRl0H2vPamGbLGfpN9v4u3Xpdq2hfEcZHMlbQIDAQABAoIBACTQoSmflxyUvC37 -znRJLDwuj2ZobKel7Wp9Z9+3tLPbOcRZnzhw39h0GT9+HUp9IkE0z18/fs8JEbao -VDYD7Nvey1+RcLQjqQ38rkmVNA5pn2KsI6drh6a7Yv+IAwqfMvNYHIwhXDBP2FdV -cjJ3ziZhcKGssn8F0PZv3B2921Vp++brFuVtDxvFdhRSSLtcwKI7L5SaOKsA8j2f -8Yspq1eigkgCTYTFn1+wdjn3FxyndCV7IFs2BvgdHDBTcB/o6DipXVvK+Px1B3Cp -g+ioAHiqn4EkxFkz/ceiscjpUZuITPS+e6aF5Qar7xO5VmeThhNlmsoCFW1nwaea -wjwH6CkCgYEA/DxBU1N0o0ZObOnt1eb/LvrSRmxiNH8RKIbb8QL9gQ9Hx1GbP+5N -JN5rayBNEg8UAtr0tvbil+ofoxpwlpSGFsFBG5NRcH1LIIHD1Sf0gkGc78ojdCT8 -O4PcWnCWjLtLIgZCVBxTupa1vsWmUMBzqTxdxn92ECLcPFvo21SRIYsCgYEA+/sp -J2Do1lpUjkRDwWAIauHJ01ZHcA5epu2vXXZOnGw+OvPX8a493kwwJDjjrfOgDLTC -1FDDBMzbCQUHUa1w3ZfsSOyheHr/8xlVUJ3gz98q+aizaJLJ8lZraL8lvsC9uogf -x7P9iTp+SpIHQ1jXp+9WdFgeEgXVkK2GY1bzw+cCgYBiVOcuodFNuaHnSccDZZtD -6FpDRAuA5ax9vR1PNtg3EQrthD3ezXrbja4YxC3nhWNKvas7DMJHcOlGf4821M31 -Xv+PzX2pOd8o3A3JMlta0FNrE8WAiM6gMQadZ1j5oiZnLEN9YNGvYwOVTJ5KyswM -RNFWCeiv37c1/Kqpnq05gwKBgGys2QXzxNfV44vsIzC+Y0L9mFb+ahcJC4eBEVYE -1UifYoN4cVT5qhM61rR4mLGIVinEuBZrsoBafck5EvwGCpx3jl+xNr7IhaTp8yKu -xKvCez1rpdzfGhvba72kWvoXFHzjgplVpm5N/PPaYSmJopD6J1ZMPsPVIlOgk0o6 -0S1XAoGBALm8/9Gyer2jtfL/WZDILEeOV/rG13ELspTIx0pcbHkvZKFXrddu27E0 -e89SqTCIXhn3nFLvk4pdWjJbE2QA4uS99vV5HXIpvvEBgwzid5hyqxE3b7xuQwl6 -bAJld+V2lh5e1tQuaX/bF7B87k4ODlZFatCzhrOXBKMdRm4SkzSk ------END RSA PRIVATE KEY----- diff --git a/docker/full/synapse-data/matrixdev.signing.key b/docker/full/synapse-data/matrixdev.signing.key deleted file mode 100644 index 090ec91..0000000 --- a/docker/full/synapse-data/matrixdev.signing.key +++ /dev/null @@ -1 +0,0 @@ -ed25519 a_IyNs PQ0dHIEEsxnfN6pnfBoXEkwNciqCvWAJJf4B2y88tvc diff --git a/docker/keycloak/docker-compose.yml b/docker/keycloak/docker-compose.yml new file mode 100644 index 0000000..a6d8d32 --- /dev/null +++ b/docker/keycloak/docker-compose.yml @@ -0,0 +1,20 @@ +version: '3' + +services: + keycloak: + image: quay.io/keycloak/keycloak:12.0.4 + container_name: okupamicoche-keycloak + environment: + KEYCLOAK_USER: admin + KEYCLOAK_PASSWORD: admin + ports: + - "8080:8080" + - "8443:8443" + volumes: + - ./https:/etc/x509/https + networks: + - okupamicoche + +networks: + okupamicoche: + external: true diff --git a/docker/keycloak/https/tls.crt b/docker/keycloak/https/tls.crt new file mode 100644 index 0000000..968c6a6 --- /dev/null +++ b/docker/keycloak/https/tls.crt @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCAhugAwIBAgIEJ7Mx8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj +YTAeFw0yMTA0MjIxNjI1MjlaFw0yMTA3MjExNjI1MjlaMBMxETAPBgNVBAMTCGtl +eWNsb2FrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjviXNH4OBjNG +U9L0Jpg3a+WqpiyXFxLom8pe+QTE0pVyjgAMOSBnTaBJUwhFkYjCIqP2hvTWPUYJ +X9K0oTbfPp4QheViNYvDZ1sz/naUAXleTYhgSuPqTzwSZ4k8f+xQHWK1ECL3JmkI +1czJ3LEjNKryWILYbvsyoG1HmbKcIZIKzUKvrgqC9SIEqa0wlZtC+ASi16Jqv1kC +DtGTc2gcNmeudQASfDqbYiPLqXec1GWXSViezhwBO0mrs1NEaN8810h3PRRDWkhC +dZijCjvLC6AqtZRjdHf7m3Cit6kzJ50q27COGNtwCVVaFutOJCiMjNcsjPh8HD1c +uuyI5Q/SnQIDAQABo4GUMIGRMB0GA1UdDgQWBBTNiaKtvdBOTQo+6N/SrVQ3lPA/ +vzAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0RBBkwF4IVb2t1cGFtaWNvY2hlLWtleWNs +b2FrMB8GA1UdIwQYMBaAFAPs8gs/h4KDpMOESTBnAuI0Bv2DMB0GA1UdJQQWMBQG +CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAMBi43gTMU/Sp +No++b4CQt5HlMXw3tKScKEUvMB6iFm7L25tkDHB/Kq+UG57GMAsOloTqq41a+u7x +RGXGkOZxM12X7RTntU+6bheDkftuLD44eaAsfBhV+ZL7tU1gyx+qQ6xqgRWwilji ++hR/ycrjDSoozkJknIpNBM2puUc4ahAKo68rPufGrrnWSCs/EDre2peAnhi3qqVI +6wqVJp3gdY5F4q96pDVdY5DBkOqdOFdE/Sp12Ybkt9EID0CyZFBF7eefVbS7IVpu +aSfHe8z9GjJz1Yh/iHX8ERsSDt+YnaXk4J/Si0G5xVzd/ApPc7XpEwKXU9CcQdkg +WxsaAmyUfg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy +b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC +Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj +2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v +wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5 +Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY +J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb +UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0 +HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV +HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa +MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4 +xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks +Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9 +ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6 +5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA +BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT +-----END CERTIFICATE----- diff --git a/docker/keycloak/https/tls.key b/docker/keycloak/https/tls.key new file mode 100644 index 0000000..83497c7 --- /dev/null +++ b/docker/keycloak/https/tls.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: keycloak + localKeyID: 54 69 6D 65 20 31 36 31 39 31 31 30 39 34 33 35 33 33 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+Jc0fg4GM0ZT +0vQmmDdr5aqmLJcXEuibyl75BMTSlXKOAAw5IGdNoElTCEWRiMIio/aG9NY9Rglf +0rShNt8+nhCF5WI1i8NnWzP+dpQBeV5NiGBK4+pPPBJniTx/7FAdYrUQIvcmaQjV +zMncsSM0qvJYgthu+zKgbUeZspwhkgrNQq+uCoL1IgSprTCVm0L4BKLXomq/WQIO +0ZNzaBw2Z651ABJ8OptiI8upd5zUZZdJWJ7OHAE7SauzU0Ro3zzXSHc9FENaSEJ1 +mKMKO8sLoCq1lGN0d/ubcKK3qTMnnSrbsI4Y23AJVVoW604kKIyM1yyM+HwcPVy6 +7IjlD9KdAgMBAAECggEAeci1fAhYR93LbUHHqUyGAQm8iBp5hTUdIP+MUNBIHB0j +XGQcBVldxZjgfLMSF3sH61wBdkn+aGlNOOuR47WLCpq39mZDdtsb0uG0c3BseKj6 +tE6Tv5dPErlX8AvNliYkxDM9ioZOQtC7rurnlG7rT0TCdLTYSgj9wfv0Pq8PIeQv +LwtnOjZsG1p6LYEMPCWyNHolbV0saRf5ZEowvE7EPoGrFucOcxWYgnIC8Qa83ODD +02vBSI/MMXEn/HdcwwyRDALTd8pGvIsheIHnaKtZxG0KBRuXrJ2OzLaDfYFk9QEg +fH+iB3lcX1+tftD0Q68m4+Uti+GpJTwpj9xE4/yH4QKBgQDOAS6B+aKlLY15tJAE +UFVrMj/n5qRjoYXMK8MUi0qOi4Ytzs63u8MR/owuZ7KstUpEGmgkSTJUCWy6C5gn +iOW80wFheWMG9ZqUYFEx79a1Yna46SIEpowM+gunEqW0NIUHeuiOsgkZn3slnaxA +lNT5s81nZvWHZRmnc9xy7pT0xQKBgQCxqzXCQMJS09qIZhHAQblIfDA4iwCUGZAn +wcsfI9e4CxJ4m5SnJTTpe8G9680xXpR2tVhl2FrarNxWMMZUGWxqBn0Ug6dDmSwX +SpBZ5q/bpbphRoRQvlVjkhX0prX+lB9yFcyH0qnDchoW/CPgnKaYndE+eBPMnjSO +n8ZuM2iz+QKBgAC96Fj3eSp3G4dQqyQY1fXo3GoNXpItRroRfkZYqhARWI5ZrEzl +FDLAY+jW3sHYdUgBgFaBHPlIf2e8GvQpfgpMCDk9oqmnwMLABgrT/kXw8NSBomm5 +3888J0aWvpoDhmccfjHlWjsJY/wisTgaURoFF7xDlqbCKnF77VNMoKSxAoGBAIef +JONKocuuMlQKbiRvRytguUKAQQnMVbEzioUTzDiOIyRzxs6sZS6RrLv4QuMbyoKv +PXJI7FmeuHcGtm4+Ffb9Sv+c29KLGxAQeA5YPQeTA6n7tUcZc38VZbMiiyxxD2v7 +3ewUUEiEUgwXnp93lOhNGAvyh1KbtYzlxAgdMCCpAoGABEqs4vSc2vmaUKf6uek6 +M1r3Qv6/NW3IBTY/eSaihszTxG3uVaZUK8iiORd3ELFiMWZKDk3kCW8PcmFIu96k +VNoaawwZY7+AQzTg7pN2uF8CqQaMNjAi9MxcJK6cdXj9T4uP8yxahlt6TveoMGRd +Y3uBGHr9qoVnbFnvr71DF0s= +-----END PRIVATE KEY----- diff --git a/docker/full/okupamicoche.json b/docker/keycloak/okupamicoche.json similarity index 100% rename from docker/full/okupamicoche.json rename to docker/keycloak/okupamicoche.json diff --git a/docker/synapse/docker-compose.yml b/docker/synapse/docker-compose.yml index 1c72a5b..78eb995 100644 --- a/docker/synapse/docker-compose.yml +++ b/docker/synapse/docker-compose.yml @@ -1,13 +1,21 @@ -version: '3.3' +version: '3' + services: - matrix-synapse: + synapse: image: matrixdotorg/synapse:latest - container_name: synapse - volumes: - - ./synapse_data:/data - environment: - - SYNAPSE_REPORT_STATS=false - - UID=1000 - - GID=1000 + container_name: okupamicoche-synapse ports: - - 8008:8008 \ No newline at end of file + - "8008:8008" + - "8448:8448" + volumes: + - ./synapse-data:/data + - ./https:/https + networks: + - okupamicoche + environment: + SYNAPSE_SERVER_NAME: "okupamicoche-synapse" + SYNAPSE_REPORT_STATS: "no" + +networks: + okupamicoche: + external: true diff --git a/docker/full/synapse-data/homeserver.yaml b/docker/synapse/homeserver.yaml similarity index 99% rename from docker/full/synapse-data/homeserver.yaml rename to docker/synapse/homeserver.yaml index 6059a74..ce47b7a 100644 --- a/docker/full/synapse-data/homeserver.yaml +++ b/docker/synapse/homeserver.yaml @@ -26,7 +26,7 @@ # lowercase and may contain an explicit port. # Examples: matrix.org, localhost:8080 # -server_name: "synapse" +server_name: "okupamicoche-synapse" # When running as a daemon, the file to store the pid in # @@ -49,7 +49,7 @@ pid_file: /data/homeserver.pid # Otherwise, it should be the URL to reach Synapse's client HTTP listener (see # 'listeners' below). # -#public_baseurl: https://example.com/ +public_baseurl: https://okupamicoche-synapse:8448/ # Set the soft limit on the number of file descriptors synapse can use # Zero is used to indicate synapse should set the soft limit to the @@ -232,11 +232,11 @@ listeners: # will also need to give Synapse a TLS key and certificate: see the TLS section # below.) # - #- port: 8448 - # type: http - # tls: true - # resources: - # - names: [client, federation] + - port: 8448 + type: http + tls: true + resources: + - names: [client, federation] # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy # that unwraps TLS. @@ -498,11 +498,11 @@ retention: # instance, if using certbot, use `fullchain.pem` as your certificate, # not `cert.pem`). # -#tls_certificate_path: "/data/matrixdev.tls.crt" +tls_certificate_path: "/data/synapse.pem" # PEM-encoded private key for TLS # -#tls_private_key_path: "/data/matrixdev.tls.key" +tls_private_key_path: "/data/synapse.key" # Whether to verify TLS server certificates for outbound federation requests. # @@ -542,8 +542,8 @@ retention: # Note that this list will replace those that are provided by your # operating environment. Certificates must be in PEM format. # -#federation_custom_ca_list: -# - myCA1.pem +federation_custom_ca_list: + - ca.pem # - myCA2.pem # - myCA3.pem @@ -768,7 +768,7 @@ database: # A yaml python logging config file as described by # https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema # -log_config: "/data/matrixdev.log.config" +log_config: "/data/okupamicoche-synapse.log.config" ## Ratelimiting ## @@ -1450,7 +1450,7 @@ form_secret: "FM,2TSq++sZ@Tl0atcQP#m:XP-wI=+z6Gxc.P:SXLV3CkueDDq" # Path to the signing key to sign messages with # -signing_key_path: "/data/matrixdev.signing.key" +signing_key_path: "/data/okupamicoche-synapse.signing.key" # The keys that the server used to sign messages with but won't use # to sign new messages. @@ -1852,7 +1852,7 @@ oidc_providers: # - idp_id: keycloak idp_name: Keycloak - issuer: "https://172.18.0.2:8443/auth/realms/okupamicoche" + issuer: "https://okupamicoche-keycloak:8443/auth/realms/okupamicoche" client_id: "synapse" client_secret: "5b3992a1-d662-487b-b342-db642f966340" scopes: ["openid", "profile"] diff --git a/docker/synapse/synapse-data/ca.pem b/docker/synapse/synapse-data/ca.pem new file mode 100644 index 0000000..c3957c0 --- /dev/null +++ b/docker/synapse/synapse-data/ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy +b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC +Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj +2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v +wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5 +Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY +J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb +UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0 +HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV +HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa +MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4 +xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks +Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9 +ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6 +5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA +BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT +-----END CERTIFICATE----- diff --git a/docker/synapse/synapse-data/homeserver.db b/docker/synapse/synapse-data/homeserver.db new file mode 100644 index 0000000..b24eb3d Binary files /dev/null and b/docker/synapse/synapse-data/homeserver.db differ diff --git a/docker/synapse/synapse_data/homeserver.yaml b/docker/synapse/synapse-data/homeserver.yaml similarity index 99% rename from docker/synapse/synapse_data/homeserver.yaml rename to docker/synapse/synapse-data/homeserver.yaml index 9ede610..221496d 100644 --- a/docker/synapse/synapse_data/homeserver.yaml +++ b/docker/synapse/synapse-data/homeserver.yaml @@ -26,7 +26,7 @@ # lowercase and may contain an explicit port. # Examples: matrix.org, localhost:8080 # -server_name: "synapse" +server_name: "okupamicoche-synapse" # When running as a daemon, the file to store the pid in # @@ -49,7 +49,7 @@ pid_file: /data/homeserver.pid # Otherwise, it should be the URL to reach Synapse's client HTTP listener (see # 'listeners' below). # -public_baseurl: http://synapse:8008/ +public_baseurl: https://okupamicoche-synapse:8448/ # Set the soft limit on the number of file descriptors synapse can use # Zero is used to indicate synapse should set the soft limit to the @@ -232,11 +232,11 @@ listeners: # will also need to give Synapse a TLS key and certificate: see the TLS section # below.) # - #- port: 8448 - # type: http - # tls: true - # resources: - # - names: [client, federation] + - port: 8448 + type: http + tls: true + resources: + - names: [client, federation] # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy # that unwraps TLS. @@ -498,11 +498,11 @@ retention: # instance, if using certbot, use `fullchain.pem` as your certificate, # not `cert.pem`). # -#tls_certificate_path: "/data/keycloak.crt" +tls_certificate_path: "/data/synapse.pem" # PEM-encoded private key for TLS # -#tls_private_key_path: "/data/keycloak.key" +tls_private_key_path: "/data/synapse.key" # Whether to verify TLS server certificates for outbound federation requests. # @@ -542,8 +542,8 @@ retention: # Note that this list will replace those that are provided by your # operating environment. Certificates must be in PEM format. # -#federation_custom_ca_list: -# - myCA1.pem +federation_custom_ca_list: + - /data/ca.pem # - myCA2.pem # - myCA3.pem @@ -768,7 +768,7 @@ database: # A yaml python logging config file as described by # https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema # -log_config: "/data/synapse.log.config" +log_config: "/data/okupamicoche-synapse.log.config" ## Ratelimiting ## @@ -1220,7 +1220,7 @@ account_validity: # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. # -registration_shared_secret: "uBS~a~=H9fEV^^exB#dZYq4N&Ibiv~RDGxyEcvNG^=qJ7PJCXz" +registration_shared_secret: "Y_XNuno*Dh,T2IpHA;i,bWF^fg&x.*t=iEz*@:y5REBMhgCA63" # Set the number of bcrypt rounds used to generate password hash. # Larger numbers increase the work factor needed to generate the hash. @@ -1424,8 +1424,9 @@ report_stats: false # A list of application service config files to use # -app_service_config_files: - - /data/okupamicoche-appservice.yaml +#app_service_config_files: +# - app_service_1.yaml +# - app_service_2.yaml # Uncomment to enable tracking of application service IP addresses. Implicitly # enables MAU tracking for application service users. @@ -1437,19 +1438,19 @@ app_service_config_files: # the registration_shared_secret is used, if one is given; otherwise, # a secret key is derived from the signing key. # -macaroon_secret_key: "pd;pO.aXMBLEOu5@,Dzhhi^kQO@*QBL*T&GFO5&j.C;7n95gV5" +macaroon_secret_key: "6VvBQj_TedGcDDB_z,-qXV1W3:.CXrRG6AWF&4p:~iGNguy&_h" # a secret which is used to calculate HMACs for form values, to stop # falsification of values. Must be specified for the User Consent # forms to work. # -form_secret: ",fwjZdkUbfv8yjxV_rUJ=R4Xsnv,o*PJZmR5xgZfnv-kkrsltI" +form_secret: "FM,2TSq++sZ@Tl0atcQP#m:XP-wI=+z6Gxc.P:SXLV3CkueDDq" ## Signing Keys ## # Path to the signing key to sign messages with # -signing_key_path: "/data/synapse.signing.key" +signing_key_path: "/data/okupamicoche-synapse.signing.key" # The keys that the server used to sign messages with but won't use # to sign new messages. @@ -1514,7 +1515,6 @@ old_signing_keys: # trusted_key_servers: - server_name: "matrix.org" -# accept_keys_insecurely: true # Uncomment the following to disable the warning that is emitted when the # trusted_key_servers include 'matrix.org'. See above. @@ -1852,14 +1852,10 @@ oidc_providers: # - idp_id: keycloak idp_name: Keycloak - issuer: "https://auth.fosil.eu/auth/realms/test" + issuer: "https://okupamicoche-keycloak:8443/auth/realms/okupamicoche" client_id: "synapse" - client_secret: "ab91d04e-40ec-4bb8-ad0c-da54bf8e7e14" + client_secret: "70ea1689-efba-4023-9a1a-c8ae3df46159" scopes: ["openid", "profile"] - user_mapping_provider: - config: - localpart_template: "{{ user.preferred_username }}" - display_name_template: "{{ user.name }}" # For use with Github # @@ -1930,8 +1926,7 @@ sso: # # By default, this list is empty. # - client_whitelist: - - http://localhost:4200/ + #client_whitelist: # - https://riot.im/develop # - https://my.custom.client/ diff --git a/docker/full/synapse-data/matrixdev.log.config b/docker/synapse/synapse-data/okupamicoche-synapse.log.config similarity index 100% rename from docker/full/synapse-data/matrixdev.log.config rename to docker/synapse/synapse-data/okupamicoche-synapse.log.config diff --git a/docker/synapse/synapse-data/okupamicoche-synapse.signing.key b/docker/synapse/synapse-data/okupamicoche-synapse.signing.key new file mode 100644 index 0000000..c507c4c --- /dev/null +++ b/docker/synapse/synapse-data/okupamicoche-synapse.signing.key @@ -0,0 +1 @@ +ed25519 a_wHOw oPhC2svbw0sto3M6HmnKQFNWfM8DkY+ZfDJfHxxjHXg diff --git a/docker/synapse/synapse-data/synapse.key b/docker/synapse/synapse-data/synapse.key new file mode 100644 index 0000000..b2fd90c --- /dev/null +++ b/docker/synapse/synapse-data/synapse.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: synapse + localKeyID: 54 69 6D 65 20 31 36 31 39 31 30 39 39 34 34 39 39 39 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCc1B6qv7o9TRyZ +jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+ +p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0 +sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t +8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L +8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6 +bONSkKdPAgMBAAECggEAJYseQFAfvJceNqCj6qGSGusniW0QDebbNrOMoO3Ib8Bz +6FrMsUQELMJs89RdoMpd13H8qqerbhAWoYPbn8dxOSEyyb/3Ra+3kpSaDJGe/o2m +KYFotbE9p3F/d0PDe8W9MntDpYpaszPu47IMyXBIFwcBjVLVC6CMP2LRPqpTFYqg +7HURQol4Q9K7GQQqTLHJECnrY60FHVqg+3A9VWOulwF7qXRrG9mrUiujfmwgX/st +CiCUIXvhWqi52mx6z+X4yclSVqAAqkxvgZSB4haZ2yIe+4B9++ayXmiN5jtY7bgq +/hiZjTuec9XQK0LXnOEdf3zQF1jH38WuaHlA4x29WQKBgQDRw10CDjvhOQoHmz2z +s0MtHT6uPRBlID0nNpylg/LVL7PjMxyXIjYJZxH070fzDC2+IFP01bRPa+Ffxxnv +UZrLfXu0IpkOQDFyUAXE3K8ODEl9j+HYzZPqY0xsM6J9uH6MwJie9LvdwQJw7sJw +bgOyuGlrUeC7vgQQqlhFykbrewKBgQC/ZbwvqJKj+CTksnL3qylDPufGnaaXDIn6 +YAKJK9o8o5bUwp7pNs+obtbVq4kqjxcA8nJYlr9KxF3yEj3hffNmoL8P0ADomxgO +t94pW/F+QWQn+C6Z3pIzZcQGK+wjdLSQUStPStLhvEkGc8GV97Zeg9qKTp3hPMph +p8lnVkgxPQKBgFAyQPzoNDyHci42TADIKIa3B5/V+M6w5LB5UKp3KAAZnMzgXa3q +hn5Ryau7T+a8YUCvW2nfynAS7rePh3rX2Da0YvcbwyiPolfyAEKjnMniKLa4q8AX +2NVj4XP8ycMHJlrpx2/+YVUG1cgXgH87kG5j0uoVA7bDjwpQFi+YhkTBAoGAG7BT +Fi3z8OawJ6mtOik30fOiwjgCZq24tFD5bPC8JLOh2WvCY4i7Z+mJCOZE9LQ4prls +U2aTi/R2htOewiVfdgRhP59e0kfFpjNxX1heyl4ZaDLeQwJQ8kCRqDbodYSnro0f +j9wKP//mLJnIcrKgXnICxqly66fIu3HzkBCKZx0CgYEAi/LBqSsBCenij7tN/GhY +rBiQo3mxmlAgA38jvh7d21JpIH/8PPgO/kI1bIfVWajTvv1mDxIB4Ieq/w56/ZKC +2ziOPF2olA59DKD0yzMk064iwIYo1+7NYziU2uUhR2BTCzM7iOOngR69HJrG9lrN +ZHrnOmSv8EnT+uI+mCykAKk= +-----END PRIVATE KEY----- diff --git a/docker/synapse/synapse-data/synapse.pem b/docker/synapse/synapse-data/synapse.pem new file mode 100644 index 0000000..f68d92a --- /dev/null +++ b/docker/synapse/synapse-data/synapse.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhmgAwIBAgIEepUKBTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj +YTAeFw0yMTA0MjIxNjI1MzFaFw0yMTA3MjExNjI1MzFaMBIxEDAOBgNVBAMTB3N5 +bmFwc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc1B6qv7o9TRyZ +jvarx1vbeFi1pwfEMjW1ecOaBkFkQDgDgN+tQDtGz1qUq77heHKCw1F7aYZFA4T+ +p1W1SOe2jAhWVIHH80sMKLzoFwhfoQu33wKcxkaIsP2lfg/zW5qkMNsOBDa4daX0 +sPOCT1vnP5jyN+BBGU5OFCVK57Mcgezp0f9vOApHml7MAW2fVawpWsc/2vHV/72t +8VG63UWxScAeEdxp388bIEfXCY2ssB0ZCMAJUzGar34FohyPq5Pvf714CE5BmO7L +8Pm8CYP2BanM6gM7jiSGr0yk/Z8fJvPbRpOSMMW2s/H6FgdnjMbrqesnZx6+KiK6 +bONSkKdPAgMBAAGjgZMwgZAwHQYDVR0OBBYEFFtgp2h3pbJNqKA21hfFHk1+2nno +MA4GA1UdDwEB/wQEAwIFoDAfBgNVHREEGDAWghRva3VwYW1pY29jaGUtc3luYXBz +ZTAfBgNVHSMEGDAWgBQD7PILP4eCg6TDhEkwZwLiNAb9gzAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAFaxdcpju5n52d4R +ePIrwJYwU/HqukDw+4KNcKH629LjzuIaHnkGmlUDZ+1uvHQgJ0776oqF84S0Oa85 +gH3wcgluO7dF2bR8TKn4WEDij5I8MDZGuVctrfxLmP129d7aqei3bXp+LzokfbVi +I3PE8U3blYQF3gevcopulz2DK5WvRDsG9PrMHs/GRl6X1RdhKXV18Q5UIkJUJrJR +BdcdKvggK4+gdN5mWuHJ3w3zqpeQbCrRz5D7/CTjS7NFpHSZydfpkdTsrnymSNW/ +M9cPtWrGbtfeCO5usKc/4Iy3QA0HmRBxLWsDweXaub1lZwgoF5duS91O/yEwskcW +gDlPzcI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy +b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC +Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj +2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v +wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5 +Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY +J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb +UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0 +HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV +HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa +MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4 +xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks +Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9 +ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6 +5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA +BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT +-----END CERTIFICATE----- diff --git a/docker/synapse/synapse_data/.gitignore b/docker/synapse/synapse_data/.gitignore deleted file mode 100644 index d2214dd..0000000 --- a/docker/synapse/synapse_data/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -homeserver.db -media_store - -!.gitignore -!homeserver.yaml \ No newline at end of file diff --git a/docker/synapse/synapse_data/keycloak.crt b/docker/synapse/synapse_data/keycloak.crt deleted file mode 100644 index f88529f..0000000 --- a/docker/synapse/synapse_data/keycloak.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDazCCAlOgAwIBAgIURQQZKTG7wENaPp3bnAVLUMhkBJEwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTAzMTQxNzE0MTZaFw0yMjAz -MTQxNzE0MTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQD4RoutMqZ9zzuowIZ02N5DneNdTUPp8KTP3ewCTp5B -pQB2ht06pEgb7AY0xjlxfwt+lEXc4aeN/B741frLDe6buts8IsedfL0Ub2KHfoqo -o3qAimn9+fgoHwZYsls3OJK+fKbPNefp+m65SkZHz4ufQhg2TSLsW0BWATnxnbd8 -OQIXrCxtV/UKE2iaXfrlmaVSCqFeL4z7Rr+PJ8LiwOFMDLleLMsPiIo8CtR7u/lg -65zWI34rhdjwMq9tYXmZtq5sSpS83L/3InQDOvyhNt8vdNS8qL+v7tNhpHldBYqt -WJaC/QPeRGXQfa89qYZssZ+k32/i7del2raF8RxkcyVtAgMBAAGjUzBRMB0GA1Ud -DgQWBBREbPhToZrilLuC26iiFNj8t+K0hDAfBgNVHSMEGDAWgBREbPhToZrilLuC -26iiFNj8t+K0hDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAF -NtdTjLsVLhfS0q5tVKQFZ6Ek1CcuyUVeAvTxWDinZVfXzuNFdF1DeDlMwP3gKufz -RIAI//k3ISFMwXN0TzgETC86ck4edxpB08E5RKpBZhOrm7PZtoQ5h4hPpOgSG1pp -gPvzIzCEtC8Uaf0zpr+2AAm/2+DLgTDzdnO/cxN3UloydW9BslFM1PTeZ7TphT8X -3PgDzDBa/IACdTwIhh6RH03l7BhzvKbp5uXnwRSWrf/q1R3mErrsjq9Awx6GECWu -Y6YLsHjm05ELHs8r7STQC5Wq+vtfut/iDUNgnNFHmpiaedC1Md3qdnIIMeYrjBjo -ru7ot2RLcptsr9w7qd7C ------END CERTIFICATE----- diff --git a/docker/synapse/synapse_data/keycloak.key b/docker/synapse/synapse_data/keycloak.key deleted file mode 100644 index 9e8ae6a..0000000 --- a/docker/synapse/synapse_data/keycloak.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA+EaLrTKmfc87qMCGdNjeQ53jXU1D6fCkz93sAk6eQaUAdobd -OqRIG+wGNMY5cX8LfpRF3OGnjfwe+NX6yw3um7rbPCLHnXy9FG9ih36KqKN6gIpp -/fn4KB8GWLJbNziSvnymzzXn6fpuuUpGR8+Ln0IYNk0i7FtAVgE58Z23fDkCF6ws -bVf1ChNoml365ZmlUgqhXi+M+0a/jyfC4sDhTAy5XizLD4iKPArUe7v5YOuc1iN+ -K4XY8DKvbWF5mbaubEqUvNy/9yJ0Azr8oTbfL3TUvKi/r+7TYaR5XQWKrViWgv0D -3kRl0H2vPamGbLGfpN9v4u3Xpdq2hfEcZHMlbQIDAQABAoIBACTQoSmflxyUvC37 -znRJLDwuj2ZobKel7Wp9Z9+3tLPbOcRZnzhw39h0GT9+HUp9IkE0z18/fs8JEbao -VDYD7Nvey1+RcLQjqQ38rkmVNA5pn2KsI6drh6a7Yv+IAwqfMvNYHIwhXDBP2FdV -cjJ3ziZhcKGssn8F0PZv3B2921Vp++brFuVtDxvFdhRSSLtcwKI7L5SaOKsA8j2f -8Yspq1eigkgCTYTFn1+wdjn3FxyndCV7IFs2BvgdHDBTcB/o6DipXVvK+Px1B3Cp -g+ioAHiqn4EkxFkz/ceiscjpUZuITPS+e6aF5Qar7xO5VmeThhNlmsoCFW1nwaea -wjwH6CkCgYEA/DxBU1N0o0ZObOnt1eb/LvrSRmxiNH8RKIbb8QL9gQ9Hx1GbP+5N -JN5rayBNEg8UAtr0tvbil+ofoxpwlpSGFsFBG5NRcH1LIIHD1Sf0gkGc78ojdCT8 -O4PcWnCWjLtLIgZCVBxTupa1vsWmUMBzqTxdxn92ECLcPFvo21SRIYsCgYEA+/sp -J2Do1lpUjkRDwWAIauHJ01ZHcA5epu2vXXZOnGw+OvPX8a493kwwJDjjrfOgDLTC -1FDDBMzbCQUHUa1w3ZfsSOyheHr/8xlVUJ3gz98q+aizaJLJ8lZraL8lvsC9uogf -x7P9iTp+SpIHQ1jXp+9WdFgeEgXVkK2GY1bzw+cCgYBiVOcuodFNuaHnSccDZZtD -6FpDRAuA5ax9vR1PNtg3EQrthD3ezXrbja4YxC3nhWNKvas7DMJHcOlGf4821M31 -Xv+PzX2pOd8o3A3JMlta0FNrE8WAiM6gMQadZ1j5oiZnLEN9YNGvYwOVTJ5KyswM -RNFWCeiv37c1/Kqpnq05gwKBgGys2QXzxNfV44vsIzC+Y0L9mFb+ahcJC4eBEVYE -1UifYoN4cVT5qhM61rR4mLGIVinEuBZrsoBafck5EvwGCpx3jl+xNr7IhaTp8yKu -xKvCez1rpdzfGhvba72kWvoXFHzjgplVpm5N/PPaYSmJopD6J1ZMPsPVIlOgk0o6 -0S1XAoGBALm8/9Gyer2jtfL/WZDILEeOV/rG13ELspTIx0pcbHkvZKFXrddu27E0 -e89SqTCIXhn3nFLvk4pdWjJbE2QA4uS99vV5HXIpvvEBgwzid5hyqxE3b7xuQwl6 -bAJld+V2lh5e1tQuaX/bF7B87k4ODlZFatCzhrOXBKMdRm4SkzSk ------END RSA PRIVATE KEY----- diff --git a/docker/synapse/synapse_data/okupamicoche-appservice.yaml b/docker/synapse/synapse_data/okupamicoche-appservice.yaml deleted file mode 100644 index 7f9b7a9..0000000 --- a/docker/synapse/synapse_data/okupamicoche-appservice.yaml +++ /dev/null @@ -1,11 +0,0 @@ -id: "Okupa mi coche" -url: "http://172.17.0.1:8081" -as_token: "30c05ae90a248a4188e620216fa72e349803310ec83e2a77b34fe90be6081f46" -hs_token: "312df522183efd404ec1cd22d2ffa4bbc76a8c1ccf541dd692eef281356bb74e" -sender_localpart: "okupamicoche" -namespaces: - users: [ ] - aliases: - - regex: "#viaje_.*" - exclusive: true - rooms: [ ] \ No newline at end of file diff --git a/docker/synapse/synapse_data/synapse.log.config b/docker/synapse/synapse_data/synapse.log.config deleted file mode 100644 index 03a08cb..0000000 --- a/docker/synapse/synapse_data/synapse.log.config +++ /dev/null @@ -1,22 +0,0 @@ -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: INFO - -root: - level: INFO - handlers: [console] - -disable_existing_loggers: false \ No newline at end of file diff --git a/docker/synapse/synapse_data/synapse.signing.key b/docker/synapse/synapse_data/synapse.signing.key deleted file mode 100644 index f321412..0000000 --- a/docker/synapse/synapse_data/synapse.signing.key +++ /dev/null @@ -1 +0,0 @@ -ed25519 a_cGhG bkRaBjufoVnCJ8Vk3S0h7cF4/7zDmQwM6Q+vnDj3baw diff --git a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt index c476d3e..ca986f9 100644 --- a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt +++ b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt @@ -85,7 +85,7 @@ class PrivateTravelRestController( } @RequestMapping("/listallusertravels") - suspend fun listUserTravels(principal: Principal): ApiResponse> { + suspend fun listAllUserTravels(principal: Principal): ApiResponse> { return response { val userId = authService.currentUser(principal).id val useCase = ListUserTravels(travelRepository) @@ -118,6 +118,7 @@ class PrivateTravelRestController( @RequestParam @Validated userId: UserId, principal: Principal ): ApiResponse { + throwErrorIfCannotEditTravel(travelId, principal) return response { throwErrorIfCannotEditTravel(travelId, principal) val useCase = useCaseService.getAddTraveler() @@ -131,6 +132,7 @@ class PrivateTravelRestController( @RequestParam @Validated userId: UserId, principal: Principal ): ApiResponse { + throwErrorIfCannotEditTravel(travelId, principal) return response { val useCase = useCaseService.getRemoveTraveler() useCase.removeTraveler(travelId, userId) diff --git a/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt b/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt index f64663c..d1984dc 100644 --- a/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt +++ b/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt @@ -35,6 +35,6 @@ class MatrixService(private val matrixClient: MatrixClient) : MatrixApi { override suspend fun kickUser(roomId: String, user: User) { val matrixUserId = MatrixId.UserId(user.matrixId) logger.debug { "Kick user $matrixUserId from room $roomId" } - matrixClient.roomsApi.leaveRoom(MatrixId.RoomId(roomId), matrixUserId) + matrixClient.roomsApi.leaveRoom(MatrixId.RoomId(roomId), matrixUserId) // TODO should be kickUser } } \ No newline at end of file diff --git a/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/RemoveTraveler.kt b/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/RemoveTraveler.kt index e320f1b..18a6d92 100644 --- a/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/RemoveTraveler.kt +++ b/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/RemoveTraveler.kt @@ -12,7 +12,7 @@ class RemoveTraveler( private val travelRepository: TravelRepository, private val matrixApi: MatrixApi ) { - suspend fun removeTraveler(travelId: TravelId, userId: UserId) { + suspend fun removeTraveler(travelId: TravelId, userId: UserId, kickFromChat: Boolean = false) { val user = userRepository.findByIdOrNull(userId) val travel = travelRepository.findByIdOrNull(travelId) @@ -20,7 +20,7 @@ class RemoveTraveler( val traveler = travel?.travelers?.find { it.id == userId } if ((traveler != null) && (user != null)) { - matrixApi.kickUser(travel.matrixRoomId, user) + if (kickFromChat) matrixApi.kickUser(travel.matrixRoomId, user) travel.travelers.remove(traveler) travelRepository.save(travel) }