Merge branch 'master' into pub.solar

pub.solar
teutat3s 2021-07-03 16:06:42 +02:00
commit 67b1b33d39
Signed by: teutat3s
GPG Key ID: 18DAE600A6BBE705
24 changed files with 111 additions and 170 deletions

View File

@ -14,7 +14,7 @@ Table of contents:
## Purging old data with the Purge History API
You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
Alternatively, you can log in and obtain a new access token like this:
@ -27,7 +27,7 @@ https://matrix.DOMAIN/_matrix/client/r0/login
Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file.
Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) documentation page for the actual purging instructions.
Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md) documentation page for the actual purging instructions.
After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql).

View File

@ -26,6 +26,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-bridge-mautrix-hangouts`
- `matrix-bridge-mautrix-telegram`
- `matrix-bridge-mx-puppet-skype`
- `matrix-bot-mjolnir`
Adding self-building support to other roles is welcome. Feel free to contribute!

View File

@ -851,6 +851,8 @@ matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en
# We don't enable bots by default.
matrix_bot_mjolnir_enabled: false
matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_bot_mjolnir_systemd_required_services_list: |
{{
['docker.service']
@ -1472,7 +1474,7 @@ matrix_postgres_additional_databases: |
'username': matrix_prometheus_postgres_exporter_database_username,
'password': matrix_prometheus_postgres_exporter_database_password,
}] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else [])
}}
matrix_postgres_import_roles_to_ignore: |
@ -1669,16 +1671,23 @@ matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
# Even if TURN doesn't support TLS (it does by default),
# it doesn't hurt to try a secure connection anyway.
#
# When Let's Encrypt certificates are used (the default case),
# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
matrix_synapse_turn_uris: |
{{
[]
+
[
'turns:' + matrix_server_fqn_matrix + '?transport=udp',
'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else []
+
[
'turn:' + matrix_server_fqn_matrix + '?transport=udp',
'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
]
if matrix_coturn_enabled
else []
] if matrix_coturn_enabled else []
}}
matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"

View File

@ -1,13 +1,13 @@
- name: Limit max upload size to 100MB part 1
- name: Limit max upload size to 200MB part 1
set_fact:
matrix_synapse_max_upload_size_mb: "100"
when: matrix_synapse_max_upload_size_mb_raw|int >= 100
matrix_synapse_max_upload_size_mb: "200"
when: matrix_synapse_max_upload_size_mb_raw|int >= 200
- name: Limit max upload size to 100MB part 2
- name: Limit max upload size to 200MB part 2
set_fact:
matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}"
when: matrix_synapse_max_upload_size_mb_raw|int < 100
when: matrix_synapse_max_upload_size_mb_raw|int < 200
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1

View File

@ -2,13 +2,21 @@
# See: https://github.com/matrix-org/mjolnir
matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v0.1.17"
matrix_bot_mjolnir_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_version: "v0.1.18"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"
matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config"
matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data"
matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
# A list of extra arguments to pass to the container
matrix_bot_mjolnir_container_extra_arguments: []

View File

@ -1,3 +1,10 @@
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
fail:
msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled"
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}"
when: matrix_bot_mjolnir_enabled|bool

View File

@ -14,14 +14,36 @@
- { path: "{{ matrix_bot_mjolnir_base_path }}", when: true }
- { path: "{{ matrix_bot_mjolnir_config_path }}", when: true }
- { path: "{{ matrix_bot_mjolnir_data_path }}", when: true }
- { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" }
when: "item.when|bool"
- name: Ensure mjolnir image is pulled
- name: Ensure mjolnir Docker image is pulled
docker_image:
name: "{{ matrix_bot_mjolnir_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}"
when: "not matrix_bot_mjolnir_container_image_self_build|bool"
- name: Ensure mjolnir repository is present on self-build
git:
repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}"
dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_bot_mjolnir_git_pull_results
when: "matrix_bot_mjolnir_container_image_self_build|bool"
- name: Ensure mjolnir Docker image is built
docker_image:
name: "{{ matrix_bot_mjolnir_docker_image }}"
source: build
force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
pull: yes
when: "matrix_bot_mjolnir_container_image_self_build|bool"
- name: Ensure matrix-bot-mjolnir config installed
copy:

View File

@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
matrix_appservice_irc_version: release-0.26.1
matrix_appservice_irc_version: release-0.27.0
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

View File

@ -7,7 +7,7 @@
- name: Ensure matrix-heisenbridge is stopped
service:
name: heisenbridge
name: matrix-heisenbridge
state: stopped
daemon_reload: yes
when: "matrix_heisenbridge_service_stat.stat.exists"

View File

@ -21,10 +21,3 @@
+
{{ ["/matrix-mautrix-facebook-registration.yaml"] }}
when: matrix_mautrix_facebook_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Mautrix Facebook image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build"

View File

@ -67,10 +67,3 @@
URL endpoint to the matrix-mautrix-hangouts container.
You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)"
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Mautrix Hangouts image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build"

View File

@ -21,10 +21,3 @@
+
{{ ["/matrix-mautrix-instagram-registration.yaml"] }}
when: matrix_mautrix_instagram_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Mautrix instagram image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build"

View File

@ -21,10 +21,3 @@
+
{{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
when: matrix_mx_puppet_discord_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build"

View File

@ -21,10 +21,3 @@
+
{{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
when: matrix_mx_puppet_groupme_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build"

View File

@ -21,10 +21,3 @@
+
{{ ["/matrix-mx-puppet-skype-registration.yaml"] }}
when: matrix_mx_puppet_skype_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Skype image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build"

View File

@ -68,10 +68,3 @@
URL endpoint to the matrix-mx-puppet-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build"

View File

@ -21,10 +21,3 @@
+
{{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
when: matrix_mx_puppet_steam_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build"

View File

@ -68,10 +68,3 @@
URL endpoint to the matrix-mx-puppet-twitter container.
You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined"
# ansible lower than 2.8, does not support docker_image build parameters
# for self building it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build"

View File

@ -2,7 +2,7 @@ matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: false
matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r2"
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
matrix_coturn_version: 4.5.2-r2

View File

@ -12,7 +12,7 @@
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header Content-Security-Policy "frame-ancestors 'self'";
{% if matrix_nginx_proxy_floc_optout_enabled %}
add_header Permissions-Policy interest-cohort=() always;

View File

@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64
# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.21{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.16{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.11{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.6{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.2{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
# This variable is assigned at runtime. Overriding its value has no effect.

View File

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.36.0
matrix_synapse_version_arm64: v1.36.0
matrix_synapse_version: v1.37.1
matrix_synapse_version_arm64: v1.37.1
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

View File

@ -3,7 +3,7 @@
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: run_setup|bool
when: run_setup|bool and matrix_synapse_enabled|bool
tags:
- setup-all
- setup-synapse

View File

@ -7,6 +7,22 @@
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
## Modules ##
# Server admins can expand Synapse's functionality with external modules.
#
# See https://matrix-org.github.io/synapse/develop/modules.html for more
# documentation on how to configure or create custom modules for Synapse.
#
modules:
# - module: my_super_module.MySuperClass
# config:
# do_thing: true
# - module: my_other_super_module.SomeClass
# config: {}
## Server ##
# The public-facing domain of the server
@ -574,13 +590,9 @@ retention:
# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
# certificate, signed by a recognised Certificate Authority.
#
# See 'ACME support' below to enable auto-provisioning this certificate via
# Let's Encrypt.
#
# If supplying your own, be sure to use a `.pem` file that includes the
# full certificate chain including any intermediate certificates (for
# instance, if using certbot, use `fullchain.pem` as your certificate,
# not `cert.pem`).
# Be sure to use a `.pem` file that includes the full certificate chain including
# any intermediate certificates (for instance, if using certbot, use
# `fullchain.pem` as your certificate, not `cert.pem`).
#
tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }}
@ -631,80 +643,6 @@ tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }}
# - myCA2.pem
# - myCA3.pem
# ACME support: This will configure Synapse to request a valid TLS certificate
# for your configured `server_name` via Let's Encrypt.
#
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
# ACME v2. This means that this feature currently won't work with installs set
# up after November 2019. For more info, and alternative solutions, see
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
#
# Note that provisioning a certificate in this way requires port 80 to be
# routed to Synapse so that it can complete the http-01 ACME challenge.
# By default, if you enable ACME support, Synapse will attempt to listen on
# port 80 for incoming http-01 challenges - however, this will likely fail
# with 'Permission denied' or a similar error.
#
# There are a couple of potential solutions to this:
#
# * If you already have an Apache, Nginx, or similar listening on port 80,
# you can configure Synapse to use an alternate port, and have your web
# server forward the requests. For example, assuming you set 'port: 8009'
# below, on Apache, you would write:
#
# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
#
# * Alternatively, you can use something like `authbind` to give Synapse
# permission to listen on port 80.
#
acme:
# ACME support is disabled by default. Uncomment the following line
# (and tls_certificate_path and tls_private_key_path above) to enable it.
#
#enabled: true
# Endpoint to use to request certificates. If you only want to test,
# use Let's Encrypt's staging url:
# https://acme-staging.api.letsencrypt.org/directory
#
#url: https://acme-v01.api.letsencrypt.org/directory
# Port number to listen on for the HTTP-01 challenge. Change this if
# you are forwarding connections through Apache/Nginx/etc.
#
#port: 80
# Local addresses to listen on for incoming connections.
# Again, you may want to change this if you are forwarding connections
# through Apache/Nginx/etc.
#
#bind_addresses: ['::', '0.0.0.0']
# How many days remaining on a certificate before it is renewed.
#
#reprovision_threshold: 30
# The domain that the certificate should be for. Normally this
# should be the same as your Matrix domain (i.e., 'server_name'), but,
# by putting a file at 'https://<server_name>/.well-known/matrix/server',
# you can delegate incoming traffic to another server. If you do that,
# you should give the target of the delegation here.
#
# For example: if your 'server_name' is 'example.com', but
# 'https://example.com/.well-known/matrix/server' delegates to
# 'matrix.example.com', you should put 'matrix.example.com' here.
#
# If not set, defaults to your 'server_name'.
#
#domain: matrix.example.com
# file to use for the account key. This will be generated if it doesn't
# exist.
#
# If unspecified, we will use CONFDIR/client.key.
#
#account_key_file: /data/acme_account.key
## Federation ##
@ -957,6 +895,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire
# The largest allowed upload size in bytes
#
# If you are using a reverse proxy you may also need to set this value in
# your reverse proxy's config. Notably Nginx has a small max body size by default.
# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html.
#
max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M"
# Maximum number of pixels that will be thumbnailed
@ -2045,6 +1987,17 @@ sso:
# - https://riot.im/develop
# - https://my.custom.client/
# Uncomment to keep a user's profile fields in sync with information from
# the identity provider. Currently only syncing the displayname is
# supported. Fields are checked on every SSO login, and are updated
# if necessary.
#
# Note that enabling this option will override user profile information,
# regardless of whether users have opted-out of syncing that
# information when first signing in. Defaults to false.
#
#update_profile_information: true
# Directory in which Synapse will try to find the template files below.
# If not set, or the files named below are not found within the template
# directory, default templates from within the Synapse package will be used.
@ -2326,6 +2279,10 @@ ui_auth:
# the user-interactive authentication process, by allowing for multiple
# (and potentially different) operations to use the same validation session.
#
# This is ignored for potentially "dangerous" operations (including
# deactivating an account, modifying an account password, and
# adding a 3PID).
#
# Uncomment below to allow for credential validation to last for 15
# seconds.
#