Reconcile the accepted safe federation helper with E2EE integration hardening and complete PIN-based encrypted DMs

Hop-State: A_06FPC0CGS3F7SJG3BGW0YF0
Hop-Proposal: R_06FPC0BK6YEV7XASNM7C908
Hop-Task: T_06FPAWA3279RBMJAR0BHM10
Hop-Attempt: AT_06FPBZWSBFTB9B5YH9JY9QR
This commit is contained in:
2026-07-15 06:40:06 -07:00
committed by Hop
parent 219a40bea4
commit b46be5c076
54 changed files with 14409 additions and 1192 deletions
+2
View File
@@ -38,12 +38,14 @@ chown -R synapsis:synapsis "$APP_DIR"
if [[ ! -e "$ENV_FILE" ]]; then
auth_secret="$(openssl rand -base64 48 | tr -d '\n')"
e2ee_recovery_secret="$(openssl rand -base64 48 | tr -d '\n')"
port="43821"
install -m 0600 -o root -g synapsis /dev/null "$ENV_FILE"
{
echo "DATABASE_PATH=$DATA_DIR/synapsis.db"
echo "PORT=$port"
echo "AUTH_SECRET=$auth_secret"
echo "E2EE_RECOVERY_SECRET=$e2ee_recovery_secret"
echo "ADMIN_EMAILS=admin@example.com"
echo "NEXT_PUBLIC_NODE_DOMAIN=localhost:$port"
echo "STUFFBOX_URL=https://stuffbox.xyz"
+10
View File
@@ -19,6 +19,16 @@ set -a
source "$ENV_FILE"
set +a
# Existing installations predate encrypted-message recovery. Enroll them with
# a distinct stable secret before migrations/builds make E2EE available.
if [[ -z "${E2EE_RECOVERY_SECRET:-}" ]]; then
command -v openssl >/dev/null || { echo "Missing required command: openssl" >&2; exit 1; }
E2EE_RECOVERY_SECRET="$(openssl rand -base64 48 | tr -d '\n')"
printf '\nE2EE_RECOVERY_SECRET=%s\n' "$E2EE_RECOVERY_SECRET" >> "$ENV_FILE"
export E2EE_RECOVERY_SECRET
echo "Added E2EE_RECOVERY_SECRET to $ENV_FILE. Back it up separately from the database."
fi
install_update_units() {
units_changed=0
for unit in synapsis.service synapsis-maintenance.service synapsis-update.service synapsis-update.timer; do