Certs fix (#56)

* better federation health check
* adding admin cert volume
* admin cert path update
* version bump

check-federation.sh

@@ -1,19 +1,27 @@
-#!/bin/bash
+#!/bin/sh
 
 FEDERATION=$(yq e '.federation' /data/start9/config.yaml)
 
-if [ $FEDERATION = 'false' ]; then
+if [ "$FEDERATION" = 'false' ]; then
     exit 59
 fi
 
-DURATION=$(</dev/stdin)
-if (($DURATION <= 40000 )); then
+read DURATION
+if [ "$DURATION" -le 10000 ]; then
     exit 60
 else
-    curl -skf https://synapse.embassy/_matrix/federation/v1/version &>/dev/null
+    CHCK='curl -skf https://synapse.embassy/_matrix/federation/v1/version >/dev/null 2>&1'
+    eval "$CHCK"
     exit_code=$?
-    if test "$exit_code" != 0; then
-        echo "Homeserver is unreachable" >&2
-        exit 1
+    if [ "$exit_code" -ne 0 ]; then
+        echo "Initializing Homeserver ..."  >&2
+        exit 61
+        sleep 25
+        eval "$CHCK"
+        exit_code=$?
+        if [ "$exit_code" -ne 0 ]; then
+            echo "Homeserver is unreachable" >&2
+            exit 1
+        fi
     fi
 fi

docker_entrypoint.sh

@@ -55,8 +55,8 @@ cat << "EOT" >> /etc/nginx/conf.d/default.conf
 server {
     listen 8080;
     listen 4433 ssl;
-    ssl_certificate /mnt/cert/admin.cert.pem;
-    ssl_certificate_key /mnt/cert/admin.key.pem;
+    ssl_certificate /mnt/admin-cert/admin.cert.pem;
+    ssl_certificate_key /mnt/admin-cert/admin.key.pem;
     server_name synapse-admin;
     root /var/www/admin;
     location ~* ^(\/_matrix|\/_synapse\/client|\/_synapse\/admin) {

manifest.yaml

@@ -1,9 +1,10 @@
 id: synapse
 title: Synapse
-version: 1.75.0.1
+version: 1.75.0.2
 release-notes: |
   * Backup fix for x86_64 build
   * Package upstream info update
+  * Better federation health check
 license: apache
 wrapper-repo: https://github.com/Start9Labs/synapse-wrapper
 upstream-repo: https://github.com/matrix-org/synapse
@@ -25,6 +26,7 @@ main:
   mounts:
     main: /data
     cert: /mnt/cert
+    admin-cert: /mnt/admin-cert
 health-checks:
   federation:
     name: Federation
@@ -59,6 +61,9 @@ volumes:
   cert:
     type: certificate
     interface-id: main
+  admin-cert:
+    type: certificate
+    interface-id: admin
 alerts: {}
 #  start: "Important! After registering your first user, we highly recommend disabling user registrations. This can be done inside Config. If you do not disable registrations, anyone who knows your onion address can attack your embassy by spamming it with data through users they create."
 interfaces:

scripts/procedures/migrations.ts

@@ -32,4 +32,4 @@ export const migration: T.ExpectedExports.migration = compat.migrations
                 { version: "1.75.0", type: "down" },
             ),
       },
-    }, "1.75.0.1" );
+    }, "1.75.0.2" );