Polish up our Matrix config a bit

roles/matrix/templates/homeserver.yaml

@@ -1,10 +1,10 @@
 # Configuration file for Synapse.
 #
-# This is a YAML file: see [1] for a quick introduction. Note in particular
+# Note: Commented-out values that came from the default config are, strangely,
-# that *indentation is important*: all the elements of a list or dictionary
+# the non-default options.
-# should have the same indentation.
+#
+# This file is managed via Ansible; any changes made here will be overwritten
 #
-# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
 
 ## Server ##
 pid_file: "/var/run/matrix-synapse.pid"
@@ -19,102 +19,29 @@ pid_file: "/var/run/matrix-synapse.pid"
 #
 #web_client_location: https://riot.example.com/
 
-# The public-facing base URL that clients use to access this HS
+public_baseurl: https://matrix.9iron.club/
-# (not including _matrix/...). This is the same URL a user would
-# enter into the 'custom HS URL' field on their client. If you
-# use synapse with a reverse proxy, this should be the URL to reach
-# synapse via the proxy.
-#
-#public_baseurl: https://example.com/
-
-# Set the soft limit on the number of file descriptors synapse can use
 # Zero is used to indicate synapse should set the soft limit to the
-# hard limit.
-#
 #soft_file_limit: 0
-
 # Set to false to disable presence tracking on this homeserver.
-#
 #use_presence: false
-
+# Pointless if federation is on
-# Whether to require authentication to retrieve profile data (avatars,
-# display names) of other users through the client API. Defaults to
-# 'false'. Note that profile data is also available via the federation
-# API, so this setting is of limited value if federation is enabled on
-# the server.
-#
 #require_auth_for_profile_requests: true
-
+# Also pointless if federation is on
-# Uncomment to require a user to share a room with another user in order
-# to retrieve their profile information. Only checked on Client-Server
-# requests. Profile requests from other servers should be checked by the
-# requesting server. Defaults to 'false'.
-#
 #limit_profile_requests_to_users_who_share_rooms: true
-
-# If set to 'true', removes the need for authentication to access the server's
-# public rooms directory through the client API, meaning that anyone can
-# query the room directory. Defaults to 'false'.
-#
 #allow_public_rooms_without_auth: true
-
-# If set to 'true', allows any other homeserver to fetch the server's public
-# rooms directory via federation. Defaults to 'false'.
-#
 #allow_public_rooms_over_federation: true
-
-# The default room version for newly created rooms.
-#
-# Known room versions are listed here:
 # https://matrix.org/docs/spec/#complete-list-of-room-versions
-#
-# For example, for room version 1, default_room_version should be set
-# to "1".
-#
 #default_room_version: "5"
-
-# The GC threshold parameters to pass to `gc.set_threshold`, if defined
-#
 #gc_thresholds: [700, 10, 10]
-
 # Set the limit on the returned events in the timeline in the get
 # and sync operations. The default value is -1, means no upper limit.
-#
+filter_timeline_limit: 5000
-#filter_timeline_limit: 5000
-
-# Whether room invites to users on this server should be blocked
-# (except those sent by local server admins). The default is False.
-#
 #block_non_admin_invites: true
-
-# Room searching
-#
-# If disabled, new messages will not be indexed for searching and users
-# will receive errors when searching for messages. Defaults to enabled.
-#
 #enable_search: false
-
-# Restrict federation to the following whitelist of domains.
-# N.B. we recommend also firewalling your federation listener to limit
-# inbound federation traffic as early as possible, rather than relying
-# purely on this application-layer restriction.  If not specified, the
-# default is to whitelist everything.
-#
 #federation_domain_whitelist:
 #  - lon.example.com
 #  - nyc.example.com
 #  - syd.example.com
-
-# Prevent federation requests from being sent to the following
-# blacklist IP address CIDR ranges. If this option is not specified, or
-# specified with an empty list, no ip range blacklist will be enforced.
-#
-# As of Synapse v1.4.0 this option also affects any outbound requests to identity
-# servers provided by user input.
-#
-# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
-# listed here, since they correspond to unroutable addresses.)
-#
 federation_ip_range_blacklist:
   - '127.0.0.0/8'
   - '10.0.0.0/8'
@@ -245,8 +172,7 @@ listeners:
 ## Homeserver blocking ##
 
 # How to reach the server admin, used in ResourceLimitError
-#
+admin_contact: 'mailto:rehashedsalt@cock.li'
-#admin_contact: 'mailto:admin@server.com'
 
 # Global blocking
 #
@@ -356,18 +282,9 @@ limit_remote_rooms:
 # purged are ignored and not stored again.
 #
 retention:
-  # The message retention policies feature is disabled by default. Uncomment the
+  enabled: true
-  # following line to enable it.
+  default_policy:
-  #
+    max_lifetime: 3y
-  #enabled: true
-
-  # Default retention policy. If set, Synapse will apply it to rooms that lack the
-  # 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't
-  # matter much because Synapse doesn't take it into account yet.
-  #
-  #default_policy:
-  #  min_lifetime: 1d
-  #  max_lifetime: 1y
 
   # Retention policy limits. If set, a user won't be able to send a
   # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
@@ -989,7 +906,7 @@ url_preview_accept_language:
 
 # Enable registration for new users.
 #
-#enable_registration: false
+enable_registration: {{ matrix_enable_registration }}
 
 # Optional account validity configuration. This allows for accounts to be denied
 # any request after a given period.
@@ -1188,8 +1105,8 @@ account_threepid_delegates:
 # Users who register on this homeserver will automatically be joined
 # to these rooms
 #
-#auto_join_rooms:
+auto_join_rooms:
-#  - "#example:example.com"
+  - "#welcome:9iron.club"
 
 # Where auto_join_rooms are specified, setting this flag ensures that the
 # the rooms exist by creating them when the first user on the

webservers.yml

@@ -13,6 +13,7 @@
         matrix_server_name: "9iron.club"
         matrix_url: "matrix.9iron.club"
         matrix_webroot: "/var/www/riot"
+        matrix_enable_registration: "false"
       tags: [ fedi, matrix ]
 - hosts: web1
   roles: