Merge branch 'master' into pub.solar
commit
53dea38606
|
@ -29,7 +29,7 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t
|
|||
|
||||
## 3. Make sure the account is free from rate limiting
|
||||
|
||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps.
|
||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps.
|
||||
|
||||
1. Copy the statement below into a text editor.
|
||||
|
||||
|
|
|
@ -1837,10 +1837,6 @@ matrix_postgres_additional_databases: |
|
|||
}] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
|
||||
+
|
||||
([{
|
||||
'name': matrix_dendrite_appservice_database,
|
||||
'username': matrix_dendrite_database_user,
|
||||
'password': matrix_dendrite_database_password,
|
||||
},{
|
||||
'name': matrix_dendrite_federationapi_database,
|
||||
'username': matrix_dendrite_database_user,
|
||||
'password': matrix_dendrite_database_password,
|
||||
|
@ -2237,9 +2233,7 @@ matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}"
|
|||
|
||||
matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||
|
||||
# When ma1sd is enabled, we can use it to validate email addresses and phone numbers.
|
||||
# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server.
|
||||
matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}"
|
||||
# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
|
||||
matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
||||
|
|
|
@ -26,8 +26,11 @@ matrix_backup_borg_systemd_required_services_list: ['docker.service']
|
|||
# List of systemd services that matrix-backup-borg.service wants
|
||||
matrix_backup_borg_systemd_wanted_services_list: []
|
||||
|
||||
# systemd calendar configuration for backup job
|
||||
# systemd calendar configuration for the backup job
|
||||
# the actual job may run with a delay (see matrix_backup_borg_schedule_randomized_delay_sec)
|
||||
matrix_backup_borg_schedule: "*-*-* 04:00:00"
|
||||
# the delay with which the systemd timer may run in relation to the `matrix_backup_borg_schedule` schedule
|
||||
matrix_backup_borg_schedule_randomized_delay_sec: 2h
|
||||
|
||||
# what directories should be added to backup
|
||||
matrix_backup_borg_location_source_directories: []
|
||||
|
|
|
@ -4,7 +4,7 @@ Description=Matrix Borg Backup timer
|
|||
[Timer]
|
||||
Unit=matrix-backup-borg.service
|
||||
OnCalendar={{ matrix_backup_borg_schedule }}
|
||||
RandomizedDelaySec=2h
|
||||
RandomizedDelaySec={{ matrix_backup_borg_schedule_randomized_delay_sec }}
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
|
|
@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
|
|||
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
|
||||
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
|
||||
|
||||
matrix_bot_postmoogle_version: latest
|
||||
matrix_bot_postmoogle_version: v0.9.0
|
||||
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
|
||||
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
|
||||
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
|
||||
|
@ -78,11 +78,26 @@ matrix_bot_postmoogle_prefix: '!pm'
|
|||
# Max email size in megabytes, including attachments
|
||||
matrix_bot_postmoogle_maxsize: '1024'
|
||||
|
||||
# Allow room settings changes by any room participant
|
||||
matrix_bot_postmoogle_noowner: false
|
||||
# DEPRECATED, use !pm users instead
|
||||
# A list of whitelisted users allowed to use the bridge.
|
||||
# If not defined, everyone is allowed.
|
||||
# Example set of rules:
|
||||
# matrix_bot_postmoogle_users:
|
||||
# - @someone:example.com
|
||||
# - @another:example.com
|
||||
# - @bot.*:example.com
|
||||
# - @*:another.com
|
||||
matrix_bot_postmoogle_users:
|
||||
- "@*:{{ matrix_domain }}"
|
||||
|
||||
# Allow Postmoogle use by users over federation
|
||||
matrix_bot_postmoogle_federation: false
|
||||
# A list of admins
|
||||
# Example set of rules:
|
||||
# matrix_bot_postmoogle_admins:
|
||||
# - @someone:example.com
|
||||
# - @another:example.com
|
||||
# - @bot.*:example.com
|
||||
# - @*:another.com
|
||||
matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
|
||||
|
||||
# Sentry DSN
|
||||
matrix_bot_postmoogle_sentry: ''
|
||||
|
|
|
@ -10,7 +10,7 @@ POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }}
|
|||
POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }}
|
||||
POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }}
|
||||
POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }}
|
||||
POSTMOOGLE_NOOWNER={{ matrix_bot_postmoogle_noowner }}
|
||||
POSTMOOGLE_FEDERATION={{ matrix_bot_postmoogle_federation }}
|
||||
POSTMOOGLE_USERS={{ matrix_bot_postmoogle_users | join(' ') }}
|
||||
POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }}
|
||||
|
||||
{{ matrix_bot_postmoogle_environment_variables_extension }}
|
||||
|
|
|
@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
|
|||
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
|
||||
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
|
||||
|
||||
matrix_hookshot_version: 2.0.1
|
||||
matrix_hookshot_version: 2.1.2
|
||||
|
||||
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
|
||||
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
|
|
|
@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
|
|||
matrix_client_cinny_container_image_self_build: false
|
||||
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
|
||||
|
||||
matrix_client_cinny_version: v2.1.2
|
||||
matrix_client_cinny_version: v2.1.3
|
||||
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
|
||||
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
|||
# - https://github.com/vector-im/element-web/issues/19544
|
||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||
|
||||
matrix_client_element_version: v1.11.3
|
||||
matrix_client_element_version: v1.11.4
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -36,8 +36,13 @@ matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit/condu
|
|||
# Max size for uploads, in bytes
|
||||
matrix_conduit_max_request_size: 20_000_000
|
||||
|
||||
# Maximum number of open files for Conduit's embedded RocksDB database
|
||||
# See https://github.com/facebook/rocksdb/wiki/RocksDB-Tuning-Guide#tuning-other-options
|
||||
# If not specified, Conduit defaults to a relatively low value of 20
|
||||
matrix_conduit_rocksdb_max_open_files: 64
|
||||
|
||||
# Enables registration. If set to false, no users can register on this server.
|
||||
matrix_conduit_allow_registration: true
|
||||
matrix_conduit_allow_registration: false
|
||||
|
||||
matrix_conduit_allow_federation: true
|
||||
|
||||
|
|
|
@ -34,6 +34,9 @@ port = {{ matrix_conduit_port_number }}
|
|||
# Max size for uploads
|
||||
max_request_size = {{ matrix_conduit_max_request_size }}
|
||||
|
||||
# Max number of open files for the RocksDB database
|
||||
rocksdb_max_open_files = {{ matrix_conduit_rocksdb_max_open_files }}
|
||||
|
||||
# Enables registration. If set to false, no users can register on this server.
|
||||
allow_registration = {{ matrix_conduit_allow_registration | to_json }}
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
|
|||
|
||||
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
|
||||
matrix_dendrite_docker_image_name_prefix: "docker.io/"
|
||||
matrix_dendrite_docker_image_tag: "v0.9.5"
|
||||
matrix_dendrite_docker_image_tag: "v0.9.6"
|
||||
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
|
||||
|
@ -138,7 +138,6 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:
|
|||
matrix_dendrite_database_hostname: "matrix-postgres"
|
||||
matrix_dendrite_database_user: "dendrite"
|
||||
matrix_dendrite_database_password: "itsasecret"
|
||||
matrix_dendrite_appservice_database: "dendrite_appservice"
|
||||
matrix_dendrite_federationapi_database: "dendrite_federationapi"
|
||||
matrix_dendrite_keyserver_database: "dendrite_keyserver"
|
||||
matrix_dendrite_mediaapi_database: "dendrite_mediaapi"
|
||||
|
|
|
@ -133,11 +133,6 @@ app_service_api:
|
|||
internal_api:
|
||||
listen: http://0.0.0.0:7777
|
||||
connect: http://appservice_api:7777
|
||||
database:
|
||||
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_appservice_database }}?sslmode=disable
|
||||
max_open_conns: 10
|
||||
max_idle_conns: 2
|
||||
conn_max_lifetime: -1
|
||||
|
||||
# Disable the validation of TLS certificates of appservices. This is
|
||||
# not recommended in production since it may allow appservice traffic
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
if [ $# -ne 3 ]; then
|
||||
echo "Usage: "$0" <username> <password> <admin access: 0 or 1>"
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
|
|||
# The dynamic dns daemon interval
|
||||
matrix_dynamic_dns_daemon_interval: '300'
|
||||
|
||||
matrix_dynamic_dns_version: v3.9.1-ls96
|
||||
matrix_dynamic_dns_version: v3.9.1-ls97
|
||||
|
||||
# The docker container to use when in mode
|
||||
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
matrix_grafana_enabled: false
|
||||
|
||||
matrix_grafana_version: 9.1.1
|
||||
matrix_grafana_version: 9.1.2
|
||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
|
|||
|
||||
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
||||
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_synapse_version: v1.65.0
|
||||
matrix_synapse_version: v1.66.0
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
@ -257,10 +257,6 @@ matrix_synapse_registrations_require_3pid: []
|
|||
# pattern: '\+44'
|
||||
matrix_synapse_allowed_local_3pids: []
|
||||
|
||||
# The server to use for email threepid validation. When empty, Synapse does it by itself.
|
||||
# Otherwise, this should be pointed to an identity server.
|
||||
matrix_synapse_account_threepid_delegates_email: ''
|
||||
|
||||
# The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it.
|
||||
# To make it work, this should be pointed to an identity server.
|
||||
matrix_synapse_account_threepid_delegates_msisdn: ''
|
||||
|
|
|
@ -61,6 +61,7 @@
|
|||
- {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'}
|
||||
- {'old': 'matrix_synapse_version_arm64', 'new': '<superseded by matrix_synapse_version - see https://github.com/matrix-org/synapse/pull/11810>'}
|
||||
- {'old': 'matrix_synapse_enable_group_creation', 'new': '<removed in Synapse v1.61.0 - use the new Spaces feature instead>'}
|
||||
- {'old': 'matrix_synapse_account_threepid_delegates_email', 'new': '<removed in Synapse v1.66.0 - make sure to configure email settings for Synapse - see https://matrix-org.github.io/synapse/v1.66/upgrade.html#delegation-of-email-validation-no-longer-supported>'}
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
|
||||
ansible.builtin.fail:
|
||||
|
|
|
@ -1420,14 +1420,10 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }}
|
|||
#
|
||||
#default_identity_server: https://matrix.org
|
||||
|
||||
# Handle threepid (email/phone etc) registration and password resets through a set of
|
||||
# Handle threepid (phone etc) registration and password resets through a set of
|
||||
# *trusted* identity servers. Note that this allows the configured identity server to
|
||||
# reset passwords for accounts!
|
||||
#
|
||||
# Be aware that if `email` is not set, and SMTP options have not been
|
||||
# configured in the email config block, registration and user password resets via
|
||||
# email will be globally disabled.
|
||||
#
|
||||
# Additionally, if `msisdn` is not set, registration and password resets via msisdn
|
||||
# will be disabled regardless, and users will not be able to associate an msisdn
|
||||
# identifier to their account. This is due to Synapse currently not supporting
|
||||
|
@ -1442,7 +1438,6 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }}
|
|||
# https://matrix.org/docs/spec/identity_service/latest
|
||||
#
|
||||
account_threepid_delegates:
|
||||
email: {{ matrix_synapse_account_threepid_delegates_email|to_json }}
|
||||
msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }}
|
||||
|
||||
# Whether users are allowed to change their displayname after it has
|
||||
|
|
Loading…
Reference in New Issue