some fixes and improvements, password reset not working

MattDHill · MattDHill · commit c57a840621e3 · 2025-09-15T14:20:38.000-06:00
diff --git a/Makefile b/Makefile
@@ -9,7 +9,7 @@ ifeq ($(CMD_ARCH_GOAL),)
   S9PK := $(PACKAGE_ID).s9pk
 else
   RAW_ARCH := $(firstword $(CMD_ARCH_GOAL))
-  ACTUAL_ARCH := $(subst x86,x86_64,$(subst arm,aarch64,$(RAW_ARCH)))
+  ACTUAL_ARCH := $(patsubst x86,x86_64,$(patsubst arm,aarch64,$(RAW_ARCH)))
   BUILD := $(ACTUAL_ARCH)
   S9PK := $(PACKAGE_ID)_$(BUILD).s9pk
 endif
diff --git a/docs/instructions.md b/docs/instructions.md
diff --git a/startos/actions/config.ts b/startos/actions/config.ts
@@ -41,6 +41,17 @@ export const inputSpec = InputSpec.of({
       },
     }),
   }),
+  max_upload_size: Value.number({
+    name: 'Max Upload Size',
+    description:
+      'The maximum file size that is permitted to be uploaded by users to your homeserver.',
+    required: true,
+    default: 50,
+    units: 'MB',
+    integer: true,
+    min: 1,
+    max: 2000,
+  }),
   smtp: sdk.inputSpecConstants.smtpInputSpec,
 })
 
@@ -67,7 +78,12 @@ export const config = sdk.Action.withInput(
     if (!yaml) {
       return {}
     }
-    const { enable_registration, listeners, federation_domain_whitelist } = yaml
+    const {
+      enable_registration,
+      listeners,
+      federation_domain_whitelist,
+      max_upload_size,
+    } = yaml
 
     return {
       registration: enable_registration
@@ -79,6 +95,7 @@ export const config = sdk.Action.withInput(
             value: { federation_domain_whitelist },
           }
         : { selection: 'disabled' as const, value: {} },
+      max_upload_size: toMB(max_upload_size),
       smtp: (await store.read((s) => s.smtp).const(effects)) || undefined,
     }
   },
@@ -108,6 +125,21 @@ export const config = sdk.Action.withInput(
           : input.federation.value.federation_domain_whitelist.length
             ? input.federation.value.federation_domain_whitelist
             : undefined,
+      max_upload_size: `${input.max_upload_size}M`,
     })
   },
 )
+
+function toMB(max_upload_size: string): number {
+  const unit = max_upload_size.at(-1)
+  const value = Number(max_upload_size.slice(0, -1))
+
+  switch (unit) {
+    case 'M':
+      return value
+    case 'G':
+      return value / 1000
+    default:
+      return 1
+  }
+}
diff --git a/startos/actions/resetAdmin.ts b/startos/actions/resetAdmin.ts
@@ -38,27 +38,34 @@ export const resetAdmin = sdk.Action.withoutInput(
     const adminUserCreated = await store.read((s) => s.adminUserCreated).once()
 
     if (adminUserCreated) {
-      await sdk.SubContainer.withTemp(
+      const passwordHash = await sdk.SubContainer.withTemp(
         effects,
         { imageId: 'synapse' },
         mount,
-        'update-admin-pass',
-        async (subc) => {
-          const passwordHash = (
+        'get-password-hash',
+        async (subc) =>
+          (
             await subc.execFail([
               'hash_password',
               '-p',
               password,
               '-c',
               '/data/homeserver.yaml',
             ])
-          ).stdout
-          await subc.execFail([
+          ).stdout,
+      )
+
+      await sdk.SubContainer.withTemp(
+        effects,
+        { imageId: 'sqlite3' },
+        mount,
+        'save-password-hash',
+        (subc) =>
+          subc.execFail([
             'sqlite3',
             '/data/homeserver.db',
-            `UPDATE users SET password_hash='${passwordHash}' WHERE name='${username}'`,
-          ])
-        },
+            `UPDATE users SET password_hash = "${passwordHash}" WHERE name = (SELECT name FROM users ORDER BY creation_ts ASC LIMIT 1)`,
+          ]),
       )
     } else {
       await sdk.SubContainer.withTemp(
@@ -93,7 +100,7 @@ export const resetAdmin = sdk.Action.withoutInput(
             name: 'Username',
             description: null,
             value: username,
-            masked: true,
+            masked: false,
             copyable: true,
             qr: false,
           },
diff --git a/startos/actions/setServerName.ts b/startos/actions/setServerName.ts
@@ -87,19 +87,15 @@ export async function getSynapseInterfaceUrls(
   values: Record<string, string>
 }> {
   const iface = await sdk.serviceInterface.getOwn(effects, 'homeserver').once()
+
   const hostnames =
-    iface?.addressInfo
-      ?.filter(
-        {
-          visibility: 'public',
-          ...(type === 'tor'
-            ? { kind: 'onion' }
-            : { exclude: { kind: 'onion' } }),
-        },
-        'url',
+    iface?.addressInfo?.publicHostnames
+      .filter((h) =>
+        type === 'tor'
+          ? h.kind === 'onion'
+          : h.kind === 'ip' && h.hostname.kind === 'domain',
       )
-      .map((u) => u.hostname) || []
-  // TODO: handle server port?
+      .map((h) => h.hostname.value) || []
 
   return {
     name,
diff --git a/startos/fileModels/homeserver.yml.ts b/startos/fileModels/homeserver.yml.ts
@@ -14,6 +14,7 @@ const {
   pid_file,
   report_stats,
   suppress_key_server_warning,
+  max_upload_size,
 } = configDefaults
 const { bind_addresses, port, resources, tls, type, x_forwarded } = listeners[0]
 const resource = resources[0]
@@ -75,6 +76,14 @@ const shape = object({
   form_secret: string.optional(),
   macaroon_secret_key: string.optional(),
   registration_shared_secret: string.optional(),
+  max_upload_size: string
+    .map((s) =>
+      ['B', 'K', 'M', 'G'].includes(s.at(-1) || '') &&
+      typeof Number(s.slice(0, -1)) === 'number'
+        ? s
+        : max_upload_size,
+    )
+    .onMismatch(max_upload_size),
 })
 
 export type HomeserverYaml = typeof shape._TYPE
diff --git a/startos/install/versionGraph.ts b/startos/install/versionGraph.ts
@@ -3,6 +3,8 @@ import { current, other } from './versions'
 import { configDefaults, mount } from '../utils'
 import { sdk } from '../sdk'
 import { homeserverYaml } from '../fileModels/homeserver.yml'
+import { homeserverLogConfig } from '../fileModels/homeserver.log.config'
+import { store } from '../fileModels/store.json'
 
 export const versionGraph = VersionGraph.of({
   current,
@@ -23,6 +25,15 @@ export const versionGraph = VersionGraph.of({
         }),
     )
 
+    await store.write(effects, {
+      adminUserCreated: false,
+      serverStarted: false,
+      smtp: {
+        selection: 'disabled',
+        value: {},
+      },
+    })
     await homeserverYaml.merge(effects, configDefaults)
+    await homeserverLogConfig.merge(effects, {})
   },
 })
diff --git a/startos/interfaces.ts b/startos/interfaces.ts
@@ -6,13 +6,12 @@ export const setInterfaces = sdk.setupInterfaces(async ({ effects }) => {
   const homeserverMulti = sdk.MultiHost.of(effects, 'homeserver-multi')
   const homeserverMultiOrigin = await homeserverMulti.bindPort(nginxPort, {
     protocol: 'http',
-    // addSsl: { preferredExternalPort: 8448 }, // @TODO Aiden does this actually work?
   })
   const homeserver = sdk.createInterface(effects, {
     name: 'Homeserver',
     id: 'homeserver',
     description: 'Your Matrix homeserver instance',
-    type: 'ui',
+    type: 'api',
     masked: false,
     schemeOverride: null,
     username: null,
diff --git a/startos/main.ts b/startos/main.ts
@@ -1,7 +1,6 @@
 import { sdk } from './sdk'
-import { adminPort, homeserverPort, nginxPort } from './utils'
+import { adminPort, homeserverPort, mount, nginxPort } from './utils'
 import { homeserverYaml } from './fileModels/homeserver.yml'
-import { homeserverLogConfig } from './fileModels/homeserver.log.config'
 import * as fs from 'node:fs/promises'
 import { store } from './fileModels/store.json'
 
@@ -13,24 +12,25 @@ export const main = sdk.setupMain(async ({ effects, started }) => {
    */
   console.info('[i] Starting Synapse!')
 
-  // Merge to homeserver.yaml to enforce file model protections
-  await homeserverYaml.merge(effects, {})
-  await homeserverLogConfig.merge(effects, {})
+  // Read from homeserver.yaml with const() to ensure service restart if the file changes
+  const config = await homeserverYaml.read().const(effects)
+
+  if (!config) {
+    throw new Error('homeserver.yaml not found')
+  }
+
   const subcontainer = await sdk.SubContainer.of(
     effects,
     { imageId: 'synapse' },
-    sdk.Mounts.of().mountVolume({
-      volumeId: 'main',
-      subpath: null,
-      mountpoint: '/data',
-      readonly: false,
-    }),
-    'synapse',
+    mount,
+    'synapse-sub',
   )
   await subcontainer
     .exec(['chown', '-R', '991:991', '/data'])
     .then((a) => a.throw())
 
+  await store.merge(effects, { serverStarted: true })
+
   const smtp = await store.read((s) => s.smtp).const(effects)
   if (smtp) {
     const creds =
@@ -57,9 +57,6 @@ export const main = sdk.setupMain(async ({ effects, started }) => {
     }
   }
 
-  // Read from homeserver.yaml with const() to ensure service restart if the file changes
-  const config = await homeserverYaml.read().const(effects)
-
   // create and configure nginx container
   const nginxContainer = await sdk.SubContainer.of(
     effects,
@@ -80,7 +77,7 @@ server {
 
     location = /.well-known/matrix/server {
         default_type application/json;
-        return 200 '{ "m.server": "${config?.server_name}:443" }';
+        return 200 '{ "m.server": "${config.server_name}:443" }';
     }
 
     location / {
@@ -89,7 +86,7 @@ server {
 
     location ~* ^(\/_matrix|\/_synapse\/client|\/_synapse\/admin) {
         proxy_pass http://localhost:8008;
-        client_max_body_size 50M; # TODO: make this configurable
+        client_max_body_size ${config.max_upload_size};
     }
 
     error_page   500 502 503 504  /50x.html;
@@ -112,7 +109,7 @@ server {
 
     location = /config.json {
         default_type application/json;
-        return 200 '{ "restrictBaseUrl": "https://${config?.server_name}" }';
+        return 200 '{ "restrictBaseUrl": "https://${config.server_name}" }';
     }
 
     error_page   500 502 503 504  /50x.html;
@@ -136,7 +133,7 @@ server {
       exec: { command: ['/start.py'] },
       ready: {
         display: 'Homeserver',
-        gracePeriod: 10000,
+        gracePeriod: 15000,
         fn: () =>
           sdk.healthCheck.checkWebUrl(
             effects,
@@ -165,16 +162,15 @@ server {
     .addHealthCheck('admin-interface', {
       ready: {
         display: 'Admin Dashboard',
-        fn: () => {
-          return sdk.healthCheck.checkWebUrl(
+        fn: () =>
+          sdk.healthCheck.checkWebUrl(
             effects,
             `http://localhost:${adminPort}`,
             {
               successMessage: `Running`,
               errorMessage: `Unreachable`,
             },
-          )
-        },
+          ),
       },
       requires: ['nginx'],
     })
diff --git a/startos/manifest.ts b/startos/manifest.ts
@@ -36,6 +36,12 @@ export const manifest = setupManifest({
       },
       arch: architectures,
     } as SDKImageInputSpec,
+    sqlite3: {
+      source: {
+        dockerTag: 'alpine/sqlite',
+      },
+      arch: architectures,
+    } as SDKImageInputSpec,
   },
   hardwareRequirements: {
     arch: architectures,
diff --git a/startos/utils.ts b/startos/utils.ts
@@ -27,7 +27,7 @@ export const configDefaults = {
     {
       bind_addresses: ['::1', '127.0.0.1'],
       port: homeserverPort,
-      resources: [{ compress: false, names: ['client', 'federation'] }],
+      resources: [{ compress: false, names: ['client'] }],
       tls: false,
       type: 'http',
       x_forwarded: true,
@@ -43,4 +43,5 @@ export const configDefaults = {
   // below need to be set manually
   server_name: '',
   public_baseurl: '',
+  max_upload_size: '50M',
 }
