Add support for matrix_encryption_disabler
Related to https://github.com/matrix-org/synapse/issues/4401 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1621
This commit is contained in:
parent
c8d924147c
commit
f44ca0c7c2
|
@ -542,6 +542,23 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false
|
|||
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
|
||||
|
||||
|
||||
# Enable this to activate the E2EE disabling Synapse module.
|
||||
# See: https://github.com/digitalentity/matrix_encryption_disabler
|
||||
matrix_synapse_ext_encryption_disabler_enabled: false
|
||||
matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/ee80beedc5084a5fabf3c91d8df6d59457d3a790/matrix_e2ee_filter.py"
|
||||
# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list.
|
||||
# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room.
|
||||
matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"]
|
||||
# A list of server domain names for which to deny encryption if the destination room id's domain matches the domain in the list.
|
||||
# By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver.
|
||||
# Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them.
|
||||
matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"]
|
||||
matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}"
|
||||
matrix_synapse_ext_encryption_config_yaml: |
|
||||
deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }}
|
||||
deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }}
|
||||
|
||||
|
||||
matrix_s3_media_store_enabled: false
|
||||
matrix_s3_media_store_custom_endpoint_enabled: false
|
||||
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
|
||||
when: matrix_synapse_ext_encryption_disabler_enabled|bool
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
|
||||
when: "not matrix_synapse_ext_encryption_disabler_enabled|bool"
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
|
||||
- name: Download matrix_encryption_disabler
|
||||
get_url:
|
||||
url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}"
|
||||
dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
|
||||
force: true
|
||||
mode: 0440
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_modules: |
|
||||
{{
|
||||
matrix_synapse_modules|default([])
|
||||
+
|
||||
[
|
||||
{
|
||||
"module": "matrix_e2ee_filter.EncryptedRoomFilter",
|
||||
"config": matrix_synapse_ext_encryption_config
|
||||
}
|
||||
]
|
||||
}}
|
||||
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
|
||||
|
||||
matrix_synapse_additional_loggers: >
|
||||
{{ matrix_synapse_additional_loggers }}
|
||||
+
|
||||
{{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }}
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: Ensure matrix_encryption_disabler doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
|
||||
state: absent
|
|
@ -1,5 +1,7 @@
|
|||
---
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml"
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml"
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
|
||||
|
|
Loading…
Reference in a new issue