ara4n/dendrite-install.sh

## dendrite-install.sh
# Dendrite guide

# start with Debian Stretch

apt-get install golang-1.8 postgresql
apt-get install openjdk-8-jre-headless # needed for kafka (which in future will be an optional dependency)

# Set up DBs
su postgres -c 'createuser dendrite'

# N.B. these are the current default DB names, which are daft - surely they should be prefixed to dendrite
# We deliberately create separate DBs for each one though to highlight that the services are completely separate
# Although in practice you could combine them into a single DB (assuming the tables prefix nicely) if you wanted.

for i in account device mediaapi syncapi roomserver serverkey federationsender; do su postgres -c "createdb -O dendrite dendrite_$i"; done

# Create the dendrite user

adduser dendrite
su dendrite

# get Go set up and on the path

cat <<EOT >> ~/.bash_profile
export GOROOT=/usr/lib/go-1.8
export GOPATH=\$HOME/go
export PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin
export PGHOST=/var/run/postgresql
EOT

# Get the code
git clone https://github.com/matrix-org/dendrite
cd dendrite

# Get the right branch if needed
#git checkout markjh/federation_egress

# Build it
go get github.com/constabulary/gb/...
gb build

# Install and start Kafka
./travis-install-kafka.sh

# generate self-signed SSL cert (unlike synapse, dendrite doesn't autogen yet)
# N.B. to specify the right CN if needed
test -f server.key || openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 -nodes -subj /CN=$(hostname)

# generate ed25519 signing key
test -f matrix.key || python3 > matrix.key <<EOF
import base64;
r = lambda n: base64.b64encode(open("/dev/urandom", "rb").read(n)).decode("utf8");
print("-----BEGIN MATRIX PRIVATE KEY-----")
print("Key-ID:", "ed25519:" + r(3).rstrip("="))
print(r(32))
print("-----END MATRIX PRIVATE KEY-----")
EOF

# Get a config:
# (This taken from https://github.com/matrix-org/dendrite/pull/146/files which hadn't merged at the time of writing)
curl https://raw.githubusercontent.com/matrix-org/dendrite/markjh/example_config/dendrite-config.yaml > dendrite-config.yaml

# fixup the server_name and various paths in the config (especially the cert & key genreated above)

mkdir -p ~/media
mkdir -p ~/var

# Run it!
# XXX: how should these be run from a process runner perspective? for now just use screen sessions...
cd ~/dendrite/bin

# Set client-api-proxy running: this is a helper intended purely for development/experimentation
# which exposes all the client-facing dendrite services behind a single HTTP API facade.
# In the future this will be replaced by a proper loadbalancer config or a standalone dendrite process
# which simply runs all the different services in a single executable.

# these URLs need to match the main config.  The *-api-proxy helpers don't yet read the main config.
screen -dmS client-api-proxy -L ~/var/client-api-proxy.log ./client-api-proxy \
    --sync-api-server-url http://localhost:7773 \
    --client-api-server-url http://localhost:7771 \
    --media-api-server-url http://localhost:7774 \
    --bind-address :8443 \
    --tls-cert ~/dendrite/server.crt \
    --tls-key ~/dendrite/server.key

# ...and now the equivalent federation-api-proxy helper:
screen -dmS federation-api-proxy -L ~/var/federation-api-proxy.log ./federation-api-proxy \
    --federation-api-url http://localhost:7772 \
    --media-api-url http://localhost:7774 \
    --bind-address :8449 \
    --tls-cert ~/dendrite/server.crt \
    --tls-key ~/dendrite/server.key

# ...and now the actual services:

for i in room client-api federation-api media-api sync-api federation-sender
do
    screen -dmS dendrite-$i-server -L ~/var/dendrite-$i-server.log ./dendrite-$i-server --config ~/dendrite/dendrite-config.yaml
done

# point your browser at https://wherever:8443 and trust the self-signed certificate...
# ...and then point Riot/Web at the homeserver at https://wherever:8443 and see what happens!

# after registering, you'll get a room creation error; hit refresh and it should work.

# to kill them:
screen -ls | egrep 'dendrite-|-api-proxy' | cut -f1 -d'.' | xargs kill
	# Dendrite guide

	# start with Debian Stretch

	apt-get install golang-1.8 postgresql
	apt-get install openjdk-8-jre-headless # needed for kafka (which in future will be an optional dependency)

	# Set up DBs
	su postgres -c 'createuser dendrite'

	# N.B. these are the current default DB names, which are daft - surely they should be prefixed to dendrite
	# We deliberately create separate DBs for each one though to highlight that the services are completely separate
	# Although in practice you could combine them into a single DB (assuming the tables prefix nicely) if you wanted.

	for i in account device mediaapi syncapi roomserver serverkey federationsender; do su postgres -c "createdb -O dendrite dendrite_$i"; done

	# Create the dendrite user

	adduser dendrite
	su dendrite

	# get Go set up and on the path

	cat <<EOT >> ~/.bash_profile
	export GOROOT=/usr/lib/go-1.8
	export GOPATH=\$HOME/go
	export PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin
	export PGHOST=/var/run/postgresql
	EOT

	# Get the code
	git clone https://github.com/matrix-org/dendrite
	cd dendrite

	# Get the right branch if needed
	#git checkout markjh/federation_egress

	# Build it
	go get github.com/constabulary/gb/...
	gb build

	# Install and start Kafka
	./travis-install-kafka.sh

	# generate self-signed SSL cert (unlike synapse, dendrite doesn't autogen yet)
	# N.B. to specify the right CN if needed
	test -f server.key \|\| openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 -nodes -subj /CN=$(hostname)

	# generate ed25519 signing key
	test -f matrix.key \|\| python3 > matrix.key <<EOF
	import base64;
	r = lambda n: base64.b64encode(open("/dev/urandom", "rb").read(n)).decode("utf8");
	print("-----BEGIN MATRIX PRIVATE KEY-----")
	print("Key-ID:", "ed25519:" + r(3).rstrip("="))
	print(r(32))
	print("-----END MATRIX PRIVATE KEY-----")
	EOF

	# Get a config:
	# (This taken from https://github.com/matrix-org/dendrite/pull/146/files which hadn't merged at the time of writing)
	curl https://raw.githubusercontent.com/matrix-org/dendrite/markjh/example_config/dendrite-config.yaml > dendrite-config.yaml

	# fixup the server_name and various paths in the config (especially the cert & key genreated above)

	mkdir -p ~/media
	mkdir -p ~/var

	# Run it!
	# XXX: how should these be run from a process runner perspective? for now just use screen sessions...
	cd ~/dendrite/bin

	# Set client-api-proxy running: this is a helper intended purely for development/experimentation
	# which exposes all the client-facing dendrite services behind a single HTTP API facade.
	# In the future this will be replaced by a proper loadbalancer config or a standalone dendrite process
	# which simply runs all the different services in a single executable.

	# these URLs need to match the main config. The *-api-proxy helpers don't yet read the main config.
	screen -dmS client-api-proxy -L ~/var/client-api-proxy.log ./client-api-proxy \
	--sync-api-server-url http://localhost:7773 \
	--client-api-server-url http://localhost:7771 \
	--media-api-server-url http://localhost:7774 \
	--bind-address :8443 \
	--tls-cert ~/dendrite/server.crt \
	--tls-key ~/dendrite/server.key

	# ...and now the equivalent federation-api-proxy helper:
	screen -dmS federation-api-proxy -L ~/var/federation-api-proxy.log ./federation-api-proxy \
	--federation-api-url http://localhost:7772 \
	--media-api-url http://localhost:7774 \
	--bind-address :8449 \
	--tls-cert ~/dendrite/server.crt \
	--tls-key ~/dendrite/server.key

	# ...and now the actual services:

	for i in room client-api federation-api media-api sync-api federation-sender
	do
	screen -dmS dendrite-$i-server -L ~/var/dendrite-$i-server.log ./dendrite-$i-server --config ~/dendrite/dendrite-config.yaml
	done

	# point your browser at https://wherever:8443 and trust the self-signed certificate...
	# ...and then point Riot/Web at the homeserver at https://wherever:8443 and see what happens!

	# after registering, you'll get a room creation error; hit refresh and it should work.

	# to kill them:
	screen -ls \| egrep 'dendrite-\|-api-proxy' \| cut -f1 -d'.' \| xargs kill