From 5f76a6d8f7fb6221d5528b08c9c2a9e0f6522a8f Mon Sep 17 00:00:00 2001 From: Salt Date: Mon, 22 Jun 2020 05:03:32 -0500 Subject: [PATCH] Polish up our Matrix config a bit --- roles/matrix/templates/homeserver.yaml | 113 ++++--------------------- webservers.yml | 1 + 2 files changed, 16 insertions(+), 98 deletions(-) diff --git a/roles/matrix/templates/homeserver.yaml b/roles/matrix/templates/homeserver.yaml index e90eb48..ee2d59d 100644 --- a/roles/matrix/templates/homeserver.yaml +++ b/roles/matrix/templates/homeserver.yaml @@ -1,10 +1,10 @@ # Configuration file for Synapse. # -# This is a YAML file: see [1] for a quick introduction. Note in particular -# that *indentation is important*: all the elements of a list or dictionary -# should have the same indentation. +# Note: Commented-out values that came from the default config are, strangely, +# the non-default options. +# +# This file is managed via Ansible; any changes made here will be overwritten # -# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html ## Server ## pid_file: "/var/run/matrix-synapse.pid" @@ -19,102 +19,29 @@ pid_file: "/var/run/matrix-synapse.pid" # #web_client_location: https://riot.example.com/ -# The public-facing base URL that clients use to access this HS -# (not including _matrix/...). This is the same URL a user would -# enter into the 'custom HS URL' field on their client. If you -# use synapse with a reverse proxy, this should be the URL to reach -# synapse via the proxy. -# -#public_baseurl: https://example.com/ - -# Set the soft limit on the number of file descriptors synapse can use +public_baseurl: https://matrix.9iron.club/ # Zero is used to indicate synapse should set the soft limit to the -# hard limit. -# #soft_file_limit: 0 - # Set to false to disable presence tracking on this homeserver. -# #use_presence: false - -# Whether to require authentication to retrieve profile data (avatars, -# display names) of other users through the client API. Defaults to -# 'false'. Note that profile data is also available via the federation -# API, so this setting is of limited value if federation is enabled on -# the server. -# +# Pointless if federation is on #require_auth_for_profile_requests: true - -# Uncomment to require a user to share a room with another user in order -# to retrieve their profile information. Only checked on Client-Server -# requests. Profile requests from other servers should be checked by the -# requesting server. Defaults to 'false'. -# +# Also pointless if federation is on #limit_profile_requests_to_users_who_share_rooms: true - -# If set to 'true', removes the need for authentication to access the server's -# public rooms directory through the client API, meaning that anyone can -# query the room directory. Defaults to 'false'. -# #allow_public_rooms_without_auth: true - -# If set to 'true', allows any other homeserver to fetch the server's public -# rooms directory via federation. Defaults to 'false'. -# #allow_public_rooms_over_federation: true - -# The default room version for newly created rooms. -# -# Known room versions are listed here: # https://matrix.org/docs/spec/#complete-list-of-room-versions -# -# For example, for room version 1, default_room_version should be set -# to "1". -# #default_room_version: "5" - -# The GC threshold parameters to pass to `gc.set_threshold`, if defined -# #gc_thresholds: [700, 10, 10] - # Set the limit on the returned events in the timeline in the get # and sync operations. The default value is -1, means no upper limit. -# -#filter_timeline_limit: 5000 - -# Whether room invites to users on this server should be blocked -# (except those sent by local server admins). The default is False. -# +filter_timeline_limit: 5000 #block_non_admin_invites: true - -# Room searching -# -# If disabled, new messages will not be indexed for searching and users -# will receive errors when searching for messages. Defaults to enabled. -# #enable_search: false - -# Restrict federation to the following whitelist of domains. -# N.B. we recommend also firewalling your federation listener to limit -# inbound federation traffic as early as possible, rather than relying -# purely on this application-layer restriction. If not specified, the -# default is to whitelist everything. -# #federation_domain_whitelist: # - lon.example.com # - nyc.example.com # - syd.example.com - -# Prevent federation requests from being sent to the following -# blacklist IP address CIDR ranges. If this option is not specified, or -# specified with an empty list, no ip range blacklist will be enforced. -# -# As of Synapse v1.4.0 this option also affects any outbound requests to identity -# servers provided by user input. -# -# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly -# listed here, since they correspond to unroutable addresses.) -# federation_ip_range_blacklist: - '127.0.0.0/8' - '10.0.0.0/8' @@ -245,8 +172,7 @@ listeners: ## Homeserver blocking ## # How to reach the server admin, used in ResourceLimitError -# -#admin_contact: 'mailto:admin@server.com' +admin_contact: 'mailto:rehashedsalt@cock.li' # Global blocking # @@ -356,18 +282,9 @@ limit_remote_rooms: # purged are ignored and not stored again. # retention: - # The message retention policies feature is disabled by default. Uncomment the - # following line to enable it. - # - #enabled: true - - # Default retention policy. If set, Synapse will apply it to rooms that lack the - # 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't - # matter much because Synapse doesn't take it into account yet. - # - #default_policy: - # min_lifetime: 1d - # max_lifetime: 1y + enabled: true + default_policy: + max_lifetime: 3y # Retention policy limits. If set, a user won't be able to send a # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime' @@ -989,7 +906,7 @@ url_preview_accept_language: # Enable registration for new users. # -#enable_registration: false +enable_registration: {{ matrix_enable_registration }} # Optional account validity configuration. This allows for accounts to be denied # any request after a given period. @@ -1188,8 +1105,8 @@ account_threepid_delegates: # Users who register on this homeserver will automatically be joined # to these rooms # -#auto_join_rooms: -# - "#example:example.com" +auto_join_rooms: + - "#welcome:9iron.club" # Where auto_join_rooms are specified, setting this flag ensures that the # the rooms exist by creating them when the first user on the diff --git a/webservers.yml b/webservers.yml index 626f84d..e4e20c3 100644 --- a/webservers.yml +++ b/webservers.yml @@ -13,6 +13,7 @@ matrix_server_name: "9iron.club" matrix_url: "matrix.9iron.club" matrix_webroot: "/var/www/riot" + matrix_enable_registration: "false" tags: [ fedi, matrix ] - hosts: web1 roles: