Add support for Synapse Simple Antispam

Fixes #255 (Github Issue).
This commit is contained in:
Slavi Pantaleev 2019-09-09 08:13:06 +03:00
parent 4b1e9a4827
commit 68ed2ebefa
8 changed files with 92 additions and 1 deletions

View file

@ -1,3 +1,14 @@
# 2019-09-09
## Synapse Simple Antispam support
There have been lots of invite-spam attacks lately and [Travis](https://github.com/t2bot) has created a Synapse module ([synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam)) to let people protect themselves.
From now on, you can easily install and configure this spam checker module through the playbook.
Learn more in [Setting up Synapse Simple Antispam](docs/configuring-playbook-synapse-simple-antispam.md).
# 2019-08-25
## Extensible Riot-web configuration
@ -9,7 +20,7 @@ This should be enough for most customization needs.
If you need even more power, you can now also take full control and override `matrix_riot_web_configuration_default` (or `matrix_riot_web_configuration`) directly.
Learn more here in [Configuring Riot-web](docs/configuring-playbook-riot-web.md).
Learn more in [Configuring Riot-web](docs/configuring-playbook-riot-web.md).
# 2019-08-22

View file

@ -0,0 +1,16 @@
# Setting up Synapse Simple Antispam (optional, advanced)
The playbook can install and configure [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) for you.
See that project's documentation to learn what it does and why it might be useful to you.
In short, it lets you fight invite-spam by automatically blocking invitiations from a list of servers specified by you (blacklisting).
If you decide that you'd like to let this playbook install it for you, you need some configuration like this:
```yaml
matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: true
matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers:
- example.com
- another.com
```

View file

@ -72,6 +72,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up the LDAP password provider module](configuring-playbook-ldap-auth.md) (optional, advanced)
- [Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (optional, advanced)
- [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced)

View file

@ -263,6 +263,12 @@ matrix_synapse_ext_password_provider_ldap_bind_dn: ""
matrix_synapse_ext_password_provider_ldap_bind_password: ""
matrix_synapse_ext_password_provider_ldap_filter: ""
# Enable this to activate the Synapse Antispam spam-checker module.
# See: https://github.com/t2bot/synapse-simple-antispam
matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false
matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam"
matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "f058d9ce2c7d4195ae461dcdd02df11a2d06a36b"
matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: []
matrix_s3_media_store_enabled: false
matrix_s3_media_store_custom_endpoint_enabled: false

View file

@ -5,3 +5,5 @@
- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
- import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml"
- import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml"

View file

@ -0,0 +1,7 @@
---
- import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled|bool
- import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
when: "not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled|bool"

View file

@ -0,0 +1,41 @@
---
- name: Fail if Synapse Simple Antispam blocked homeservers is not set
fail:
msg: "Synapse Simple Antispam is enabled, but no blocked homeservers have been set in matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers"
when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers|length == 0"
- name: Ensure git installed (RedHat)
yum:
name:
- git
state: present
update_cache: no
when: "ansible_os_family == 'RedHat'"
- name: Ensure git installed (Debian)
apt:
name:
- openssl
state: present
update_cache: no
when: "ansible_os_family == 'Debian'"
- name: Clone synapse-simple-antispam git repository
git:
repo: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url }}"
version: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version }}"
dest: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
become: true
become_user: "{{ matrix_user_username }}"
- set_fact:
matrix_synapse_spam_checker:
module: "synapse_simple_antispam.AntiSpamInvites"
config:
blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}"
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"] }}

View file

@ -0,0 +1,6 @@
---
- name: Ensure synapse-simple-antispam doesn't exist
file:
path: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
state: absent