Merge branch 'master' into pub.solar
This commit is contained in:
commit
67b1b33d39
24 changed files with 111 additions and 170 deletions
|
@ -14,7 +14,7 @@ Table of contents:
|
|||
|
||||
## Purging old data with the Purge History API
|
||||
|
||||
You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
|
||||
You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
|
||||
|
||||
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
|
||||
Alternatively, you can log in and obtain a new access token like this:
|
||||
|
@ -27,7 +27,7 @@ https://matrix.DOMAIN/_matrix/client/r0/login
|
|||
|
||||
Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file.
|
||||
|
||||
Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) documentation page for the actual purging instructions.
|
||||
Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md) documentation page for the actual purging instructions.
|
||||
|
||||
After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql).
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@ List of roles where self-building the Docker image is currently possible:
|
|||
- `matrix-bridge-mautrix-hangouts`
|
||||
- `matrix-bridge-mautrix-telegram`
|
||||
- `matrix-bridge-mx-puppet-skype`
|
||||
- `matrix-bot-mjolnir`
|
||||
|
||||
Adding self-building support to other roles is welcome. Feel free to contribute!
|
||||
|
||||
|
|
|
@ -851,6 +851,8 @@ matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en
|
|||
# We don't enable bots by default.
|
||||
matrix_bot_mjolnir_enabled: false
|
||||
|
||||
matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
matrix_bot_mjolnir_systemd_required_services_list: |
|
||||
{{
|
||||
['docker.service']
|
||||
|
@ -1472,7 +1474,7 @@ matrix_postgres_additional_databases: |
|
|||
'username': matrix_prometheus_postgres_exporter_database_username,
|
||||
'password': matrix_prometheus_postgres_exporter_database_password,
|
||||
}] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else [])
|
||||
|
||||
|
||||
}}
|
||||
|
||||
matrix_postgres_import_roles_to_ignore: |
|
||||
|
@ -1669,16 +1671,23 @@ matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
|
|||
|
||||
# Even if TURN doesn't support TLS (it does by default),
|
||||
# it doesn't hurt to try a secure connection anyway.
|
||||
#
|
||||
# When Let's Encrypt certificates are used (the default case),
|
||||
# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
|
||||
# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
|
||||
matrix_synapse_turn_uris: |
|
||||
{{
|
||||
[]
|
||||
+
|
||||
[
|
||||
'turns:' + matrix_server_fqn_matrix + '?transport=udp',
|
||||
'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
|
||||
] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else []
|
||||
+
|
||||
[
|
||||
'turn:' + matrix_server_fqn_matrix + '?transport=udp',
|
||||
'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
|
||||
]
|
||||
if matrix_coturn_enabled
|
||||
else []
|
||||
] if matrix_coturn_enabled else []
|
||||
}}
|
||||
|
||||
matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
|
||||
- name: Limit max upload size to 100MB part 1
|
||||
- name: Limit max upload size to 200MB part 1
|
||||
set_fact:
|
||||
matrix_synapse_max_upload_size_mb: "100"
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int >= 100
|
||||
matrix_synapse_max_upload_size_mb: "200"
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int >= 200
|
||||
|
||||
- name: Limit max upload size to 100MB part 2
|
||||
- name: Limit max upload size to 200MB part 2
|
||||
set_fact:
|
||||
matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}"
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int < 100
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int < 200
|
||||
|
||||
- name: Record Synapse variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
|
|
|
@ -2,13 +2,21 @@
|
|||
# See: https://github.com/matrix-org/mjolnir
|
||||
|
||||
matrix_bot_mjolnir_enabled: true
|
||||
matrix_bot_mjolnir_version: "v0.1.17"
|
||||
matrix_bot_mjolnir_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
|
||||
|
||||
matrix_bot_mjolnir_version: "v0.1.18"
|
||||
|
||||
matrix_bot_mjolnir_container_image_self_build: false
|
||||
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
|
||||
|
||||
matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
|
||||
matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
|
||||
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"
|
||||
matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config"
|
||||
matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data"
|
||||
matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_bot_mjolnir_container_extra_arguments: []
|
||||
|
|
|
@ -1,3 +1,10 @@
|
|||
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
||||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
||||
- name: Fail if trying to self-build on Ansible < 2.8
|
||||
fail:
|
||||
msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md"
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}"
|
||||
when: matrix_bot_mjolnir_enabled|bool
|
||||
|
|
|
@ -14,14 +14,36 @@
|
|||
- { path: "{{ matrix_bot_mjolnir_base_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_mjolnir_config_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_mjolnir_data_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" }
|
||||
when: "item.when|bool"
|
||||
|
||||
- name: Ensure mjolnir image is pulled
|
||||
- name: Ensure mjolnir Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_mjolnir_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}"
|
||||
when: "not matrix_bot_mjolnir_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure mjolnir repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
|
||||
version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
register: matrix_bot_mjolnir_git_pull_results
|
||||
when: "matrix_bot_mjolnir_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure mjolnir Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_mjolnir_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_bot_mjolnir_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir config installed
|
||||
copy:
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
|
|||
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
|
||||
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
|
||||
|
||||
matrix_appservice_irc_version: release-0.26.1
|
||||
matrix_appservice_irc_version: release-0.27.0
|
||||
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
|
||||
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
- name: Ensure matrix-heisenbridge is stopped
|
||||
service:
|
||||
name: heisenbridge
|
||||
name: matrix-heisenbridge
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
when: "matrix_heisenbridge_service_stat.stat.exists"
|
||||
|
|
|
@ -21,10 +21,3 @@
|
|||
+
|
||||
{{ ["/matrix-mautrix-facebook-registration.yaml"] }}
|
||||
when: matrix_mautrix_facebook_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Mautrix Facebook image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build"
|
||||
|
|
|
@ -67,10 +67,3 @@
|
|||
URL endpoint to the matrix-mautrix-hangouts container.
|
||||
You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
|
||||
when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)"
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Mautrix Hangouts image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build"
|
||||
|
|
|
@ -21,10 +21,3 @@
|
|||
+
|
||||
{{ ["/matrix-mautrix-instagram-registration.yaml"] }}
|
||||
when: matrix_mautrix_instagram_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Mautrix instagram image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build"
|
||||
|
|
|
@ -21,10 +21,3 @@
|
|||
+
|
||||
{{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
|
||||
when: matrix_mx_puppet_discord_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build"
|
||||
|
|
|
@ -21,10 +21,3 @@
|
|||
+
|
||||
{{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
|
||||
when: matrix_mx_puppet_groupme_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build"
|
||||
|
|
|
@ -21,10 +21,3 @@
|
|||
+
|
||||
{{ ["/matrix-mx-puppet-skype-registration.yaml"] }}
|
||||
when: matrix_mx_puppet_skype_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Puppet Skype image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build"
|
||||
|
|
|
@ -68,10 +68,3 @@
|
|||
URL endpoint to the matrix-mx-puppet-slack container.
|
||||
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
|
||||
when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build"
|
||||
|
|
|
@ -21,10 +21,3 @@
|
|||
+
|
||||
{{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
|
||||
when: matrix_mx_puppet_steam_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build"
|
||||
|
|
|
@ -68,10 +68,3 @@
|
|||
URL endpoint to the matrix-mx-puppet-twitter container.
|
||||
You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
|
||||
when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self building it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build"
|
||||
|
|
|
@ -2,7 +2,7 @@ matrix_coturn_enabled: true
|
|||
|
||||
matrix_coturn_container_image_self_build: false
|
||||
matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
|
||||
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r2"
|
||||
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
|
||||
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
|
||||
|
||||
matrix_coturn_version: 4.5.2-r2
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
||||
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||
|
||||
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||
add_header Permissions-Policy interest-cohort=() always;
|
||||
|
|
|
@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64
|
|||
# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault
|
||||
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
|
||||
|
||||
matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.21{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.16{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.11{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.6{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.2{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
|
||||
|
||||
# This variable is assigned at runtime. Overriding its value has no effect.
|
||||
|
|
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||
# amd64 gets released first.
|
||||
# arm32 relies on self-building, so the same version can be built immediately.
|
||||
# arm64 users need to wait for a prebuilt image to become available.
|
||||
matrix_synapse_version: v1.36.0
|
||||
matrix_synapse_version_arm64: v1.36.0
|
||||
matrix_synapse_version: v1.37.1
|
||||
matrix_synapse_version_arm64: v1.37.1
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: run_setup|bool
|
||||
when: run_setup|bool and matrix_synapse_enabled|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
|
|
@ -7,6 +7,22 @@
|
|||
#
|
||||
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
||||
|
||||
|
||||
## Modules ##
|
||||
|
||||
# Server admins can expand Synapse's functionality with external modules.
|
||||
#
|
||||
# See https://matrix-org.github.io/synapse/develop/modules.html for more
|
||||
# documentation on how to configure or create custom modules for Synapse.
|
||||
#
|
||||
modules:
|
||||
# - module: my_super_module.MySuperClass
|
||||
# config:
|
||||
# do_thing: true
|
||||
# - module: my_other_super_module.SomeClass
|
||||
# config: {}
|
||||
|
||||
|
||||
## Server ##
|
||||
|
||||
# The public-facing domain of the server
|
||||
|
@ -574,13 +590,9 @@ retention:
|
|||
# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
|
||||
# certificate, signed by a recognised Certificate Authority.
|
||||
#
|
||||
# See 'ACME support' below to enable auto-provisioning this certificate via
|
||||
# Let's Encrypt.
|
||||
#
|
||||
# If supplying your own, be sure to use a `.pem` file that includes the
|
||||
# full certificate chain including any intermediate certificates (for
|
||||
# instance, if using certbot, use `fullchain.pem` as your certificate,
|
||||
# not `cert.pem`).
|
||||
# Be sure to use a `.pem` file that includes the full certificate chain including
|
||||
# any intermediate certificates (for instance, if using certbot, use
|
||||
# `fullchain.pem` as your certificate, not `cert.pem`).
|
||||
#
|
||||
tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }}
|
||||
|
||||
|
@ -631,80 +643,6 @@ tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }}
|
|||
# - myCA2.pem
|
||||
# - myCA3.pem
|
||||
|
||||
# ACME support: This will configure Synapse to request a valid TLS certificate
|
||||
# for your configured `server_name` via Let's Encrypt.
|
||||
#
|
||||
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
|
||||
# ACME v2. This means that this feature currently won't work with installs set
|
||||
# up after November 2019. For more info, and alternative solutions, see
|
||||
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
|
||||
#
|
||||
# Note that provisioning a certificate in this way requires port 80 to be
|
||||
# routed to Synapse so that it can complete the http-01 ACME challenge.
|
||||
# By default, if you enable ACME support, Synapse will attempt to listen on
|
||||
# port 80 for incoming http-01 challenges - however, this will likely fail
|
||||
# with 'Permission denied' or a similar error.
|
||||
#
|
||||
# There are a couple of potential solutions to this:
|
||||
#
|
||||
# * If you already have an Apache, Nginx, or similar listening on port 80,
|
||||
# you can configure Synapse to use an alternate port, and have your web
|
||||
# server forward the requests. For example, assuming you set 'port: 8009'
|
||||
# below, on Apache, you would write:
|
||||
#
|
||||
# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
|
||||
#
|
||||
# * Alternatively, you can use something like `authbind` to give Synapse
|
||||
# permission to listen on port 80.
|
||||
#
|
||||
acme:
|
||||
# ACME support is disabled by default. Uncomment the following line
|
||||
# (and tls_certificate_path and tls_private_key_path above) to enable it.
|
||||
#
|
||||
#enabled: true
|
||||
|
||||
# Endpoint to use to request certificates. If you only want to test,
|
||||
# use Let's Encrypt's staging url:
|
||||
# https://acme-staging.api.letsencrypt.org/directory
|
||||
#
|
||||
#url: https://acme-v01.api.letsencrypt.org/directory
|
||||
|
||||
# Port number to listen on for the HTTP-01 challenge. Change this if
|
||||
# you are forwarding connections through Apache/Nginx/etc.
|
||||
#
|
||||
#port: 80
|
||||
|
||||
# Local addresses to listen on for incoming connections.
|
||||
# Again, you may want to change this if you are forwarding connections
|
||||
# through Apache/Nginx/etc.
|
||||
#
|
||||
#bind_addresses: ['::', '0.0.0.0']
|
||||
|
||||
# How many days remaining on a certificate before it is renewed.
|
||||
#
|
||||
#reprovision_threshold: 30
|
||||
|
||||
# The domain that the certificate should be for. Normally this
|
||||
# should be the same as your Matrix domain (i.e., 'server_name'), but,
|
||||
# by putting a file at 'https://<server_name>/.well-known/matrix/server',
|
||||
# you can delegate incoming traffic to another server. If you do that,
|
||||
# you should give the target of the delegation here.
|
||||
#
|
||||
# For example: if your 'server_name' is 'example.com', but
|
||||
# 'https://example.com/.well-known/matrix/server' delegates to
|
||||
# 'matrix.example.com', you should put 'matrix.example.com' here.
|
||||
#
|
||||
# If not set, defaults to your 'server_name'.
|
||||
#
|
||||
#domain: matrix.example.com
|
||||
|
||||
# file to use for the account key. This will be generated if it doesn't
|
||||
# exist.
|
||||
#
|
||||
# If unspecified, we will use CONFDIR/client.key.
|
||||
#
|
||||
#account_key_file: /data/acme_account.key
|
||||
|
||||
|
||||
## Federation ##
|
||||
|
||||
|
@ -957,6 +895,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire
|
|||
|
||||
# The largest allowed upload size in bytes
|
||||
#
|
||||
# If you are using a reverse proxy you may also need to set this value in
|
||||
# your reverse proxy's config. Notably Nginx has a small max body size by default.
|
||||
# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html.
|
||||
#
|
||||
max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M"
|
||||
|
||||
# Maximum number of pixels that will be thumbnailed
|
||||
|
@ -2045,6 +1987,17 @@ sso:
|
|||
# - https://riot.im/develop
|
||||
# - https://my.custom.client/
|
||||
|
||||
# Uncomment to keep a user's profile fields in sync with information from
|
||||
# the identity provider. Currently only syncing the displayname is
|
||||
# supported. Fields are checked on every SSO login, and are updated
|
||||
# if necessary.
|
||||
#
|
||||
# Note that enabling this option will override user profile information,
|
||||
# regardless of whether users have opted-out of syncing that
|
||||
# information when first signing in. Defaults to false.
|
||||
#
|
||||
#update_profile_information: true
|
||||
|
||||
# Directory in which Synapse will try to find the template files below.
|
||||
# If not set, or the files named below are not found within the template
|
||||
# directory, default templates from within the Synapse package will be used.
|
||||
|
@ -2326,6 +2279,10 @@ ui_auth:
|
|||
# the user-interactive authentication process, by allowing for multiple
|
||||
# (and potentially different) operations to use the same validation session.
|
||||
#
|
||||
# This is ignored for potentially "dangerous" operations (including
|
||||
# deactivating an account, modifying an account password, and
|
||||
# adding a 3PID).
|
||||
#
|
||||
# Uncomment below to allow for credential validation to last for 15
|
||||
# seconds.
|
||||
#
|
||||
|
|
Loading…
Add table
Reference in a new issue