Add synapse-admin back

example/images/matrix-element/Dockerfile

@@ -1,3 +1,17 @@
+FROM danielberteaud/alpine:24.4-1 AS builder
+MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
+
+ARG SYNAPSE_ADMIN_VERSION=0.10.1
+
+RUN set -euxo pipefail &&\
+    apk --no-cache update &&\
+    apk --no-cache add yarn git &&\
+    cd /tmp &&\
+    git clone --depth=1 --branch=${SYNAPSE_ADMIN_VERSION} https://github.com/Awesome-Technologies/synapse-admin.git &&\
+    cd synapse-admin &&\
+    yarn install &&\
+    yarn build --base=./
+
 FROM nginxinc/nginx-unprivileged:alpine
 MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
 
@@ -14,6 +28,7 @@ RUN set -eux &&\
     curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
       tar xvz -C /opt/element/ --strip-components 1 &&\
     chown -R root: /opt/element
+COPY --from=builder /tmp/synapse-admin/dist /opt/synapse-admin
 
 USER nginx
 EXPOSE ${ELEMENT_BIND_PORT}

example/matrix.nomad.hcl

@@ -67,6 +67,13 @@ job "matrix" {
         "traefik.http.middlewares.csp-matrix-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
         "traefik.http.routers.matrix-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-admin",
 
+        "traefik.http.routers.matrix-admin.rule=Host(`matrix.consul`) && PathPrefix(`/_admin`)",
+
+        "traefik.enable=true",
+        "traefik.http.routers.matrix-synapse-admin.entrypoints=https",
+        "traefik.http.middlewares.csp-matrix-synapse-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
+        "traefik.http.routers.matrix-synapse-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-synapse-admin",
+
         "traefik.http.routers.matrix.rule=Host(`matrix.consul`) || (Host(`matrix.consul`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
 
         "traefik.enable=true",
@@ -326,7 +333,7 @@ _EOT
       driver = "docker"
 
       config {
-        image           = "danielberteaud/matrix-element:1.11.65-2"
+        image           = "danielberteaud/matrix-element:1.11.65-3"
         readonly_rootfs = true
         pids_limit      = 100
         volumes = [

images/matrix-element/Dockerfile

@@ -1,3 +1,17 @@
+FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] AS builder
+MAINTAINER [[ .docker.maintainer ]]
+
+ARG SYNAPSE_ADMIN_VERSION=[[ .matrix.synapse_admin.version ]]
+
+RUN set -euxo pipefail &&\
+    apk --no-cache update &&\
+    apk --no-cache add yarn git &&\
+    cd /tmp &&\
+    git clone --depth=1 --branch=${SYNAPSE_ADMIN_VERSION} https://github.com/Awesome-Technologies/synapse-admin.git &&\
+    cd synapse-admin &&\
+    yarn install &&\
+    yarn build --base=./
+
 FROM nginxinc/nginx-unprivileged:alpine
 MAINTAINER [[ .docker.maintainer ]]
 
@@ -14,6 +28,7 @@ RUN set -eux &&\
     curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
       tar xvz -C /opt/element/ --strip-components 1 &&\
     chown -R root: /opt/element
+COPY --from=builder /tmp/synapse-admin/dist /opt/synapse-admin
 
 USER nginx
 EXPOSE ${ELEMENT_BIND_PORT}

matrix.nomad.hcl

@@ -40,8 +40,11 @@ job "[[ .instance ]]" {
       tags = [
 [[- $w := merge .matrix.nginx .matrix . ]]
 [[- $a := merge .matrix.nginx.admin $w ]]
+[[- $sa := merge .matrix.nginx.synapse_admin $w ]]
         "[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_synapse/admin`)",
 [[ template "common/traefik_tags" $a ]]
+        "[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_admin`)",
+[[ template "common/traefik_tags" $sa ]]
         "[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) || (Host(`[[ .matrix.server_name ]]`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
 [[ template "common/traefik_tags" $w ]]
       ]

variables.yml

@@ -112,11 +112,15 @@ matrix:
     map_style_url: https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx
     version: 1.11.65
 
+  # Synapse Admin is the admin interface for Synapse
+  synapse_admin:
+    version: 0.10.1
+
   # Nginx will servce static files (well-known, element, synapse-admin), and proxy requests to synapse
   nginx:
 
     # The image to use
-    image: '[[ .docker.repo ]]matrix-element:[[ .matrix.element.version ]]-2'
+    image: '[[ .docker.repo ]]matrix-element:[[ .matrix.element.version ]]-3'
 
     # Resource allocation
     resources:
@@ -144,6 +148,14 @@ matrix:
         auto_rule: false
         router: admin
 
+    # Synapse admin
+    synapse_admin:
+      traefik:
+        auto_rule: false
+        router: synapse-admin
+        csp:
+          script-src: "'self' 'unsafe-inline'"
+
   # Volumes used for data persistance
   volumes:
     # Synapse will use this volume to store media, signing keys etc.