diff --git a/matrix/synapse/conf.d/authentication.yaml b/matrix/synapse/conf.d/authentication.yaml new file mode 100644 index 0000000..1b97c4c --- /dev/null +++ b/matrix/synapse/conf.d/authentication.yaml @@ -0,0 +1,22 @@ +# Authentication stuff + +password_config: + policy: + enabled: only_for_reauth + localdb_enabled: false + +password_providers: + - module: "ldap_auth_provider.LdapAuthProvider" + config: + enabled: true + uri: "ldap://ldap.example.com" + start_tls: true + mode: "search" + base: "ou=users,o=Example,dc=example,dc=eu" + attributes: + uid: "uid" + mail: "mail" + name: "cn" + filter: "(&(objectClass=posixAccount)(accountStatus=active))" + bind_dn: "cn=matrix,ou=service,o=Protagio,dc=protagio,dc=eu" + bind_password: "" diff --git a/matrix/synapse/conf.d/call.yaml b/matrix/synapse/conf.d/call.yaml new file mode 100644 index 0000000..04ffc3c --- /dev/null +++ b/matrix/synapse/conf.d/call.yaml @@ -0,0 +1,19 @@ +experimental_features: + # MSC3266: Room summary API. Used for knocking over federation + msc3266_enabled: true + +# The maximum allowed duration by which sent events can be delayed, as +# per MSC4140. +max_event_delay_duration: 24h + +rc_message: + # This needs to match at least the heart-beat frequency plus a bit of headroom + # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s + per_second: 0.5 + burst_count: 30 + +extra_well_known_client_content: + org.matrix.msc4143.rtc_foci: + type: livekit + livekit_service_url: https://livekit.matrixdev.example.com + diff --git a/matrix/synapse/conf.d/database.yaml b/matrix/synapse/conf.d/database.yaml new file mode 100644 index 0000000..9e43cd1 --- /dev/null +++ b/matrix/synapse/conf.d/database.yaml @@ -0,0 +1,9 @@ +database: + name: psycopg2 + args: + user: synapse + password: + dbname: synapse + host: /var/run/postgresql + cp_min: 5 + cp_max: 10 diff --git a/matrix/synapse/conf.d/email.yaml b/matrix/synapse/conf.d/email.yaml new file mode 100644 index 0000000..76b604f --- /dev/null +++ b/matrix/synapse/conf.d/email.yaml @@ -0,0 +1,9 @@ +# This takes care of sending e-mail + +email: + smtp_host: smtp.example.com + smtp_port: 465 + smtp_user: matrixdev@example.com + smtp_pass: + force_tls: true + notif_from: "Your Matrix server " diff --git a/matrix/synapse/conf.d/homeserver_blocking.yaml b/matrix/synapse/conf.d/homeserver_blocking.yaml new file mode 100644 index 0000000..b98e4fe --- /dev/null +++ b/matrix/synapse/conf.d/homeserver_blocking.yaml @@ -0,0 +1,11 @@ +# Various settings for blocking stuff. +# See https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=mau_stats_only%3A#homeserver-blocking + +admin_contact: admin@example.com +mau_stats_only: true +max_avatar_size: 2M +allowed_avatar_mimetypes: + - "image/png" + - "image/jpeg" + - "image/gif" +forgotten_room_retention_period: 7d diff --git a/matrix/synapse/conf.d/keys.yaml b/matrix/synapse/conf.d/keys.yaml new file mode 100644 index 0000000..6be0844 --- /dev/null +++ b/matrix/synapse/conf.d/keys.yaml @@ -0,0 +1,5 @@ +# This file contains secrets + +signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" +macaroon_secret_key: +registration_shared_secret: diff --git a/matrix/synapse/conf.d/mediastore.yaml b/matrix/synapse/conf.d/mediastore.yaml new file mode 100644 index 0000000..80d6592 --- /dev/null +++ b/matrix/synapse/conf.d/mediastore.yaml @@ -0,0 +1,29 @@ +# Media stuff +# See https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=media_store_path#media-store + +media_store_path: /var/lib/matrix-synapse/media +enable_authenticated_media: true +max_upload_size: 50M +url_preview_enabled: true +url_preview_ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '192.0.0.0/24' + - '169.254.0.0/16' + - '192.88.99.0/24' + - '198.18.0.0/15' + - '192.0.2.0/24' + - '198.51.100.0/24' + - '203.0.113.0/24' + - '224.0.0.0/4' + - '::1/128' + - 'fe80::/10' + - 'fc00::/7' + - '2001:db8::/32' + - 'ff00::/8' + - 'fec0::/10' + +dynamic_thumbnails: true diff --git a/matrix/synapse/conf.d/report_stats.yaml b/matrix/synapse/conf.d/report_stats.yaml new file mode 100644 index 0000000..8e8bc67 --- /dev/null +++ b/matrix/synapse/conf.d/report_stats.yaml @@ -0,0 +1,5 @@ +# This file is autogenerated, and will be recreated on upgrade if it is deleted. +# Any changes you make will be preserved. + +# Whether to report homeserver usage statistics. +report_stats: true diff --git a/matrix/synapse/conf.d/server_name.yaml b/matrix/synapse/conf.d/server_name.yaml new file mode 100644 index 0000000..1ee11ef --- /dev/null +++ b/matrix/synapse/conf.d/server_name.yaml @@ -0,0 +1,43 @@ +# This file is autogenerated, and will be recreated on upgrade if it is deleted. +# Any changes you make will be preserved. + +# The domain name of the server, with optional explicit port. +# This is used by remote servers to connect to this server, +# e.g. matrix.org, localhost:8080, etc. +# This is also the last part of your UserID. +# +server_name: matrixdev.example.com + +# The rest is our local configuration: +public_baseurl: https://vm02199.example.com/ + +presence: + enabled: true + include_offline_users_on_sync: false + +require_auth_for_profile_requests: true +allow_public_rooms_over_federation: true + +ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '192.0.0.0/24' + - '169.254.0.0/16' + - '192.88.99.0/24' + - '198.18.0.0/15' + - '192.0.2.0/24' + - '198.51.100.0/24' + - '203.0.113.0/24' + - '224.0.0.0/4' + - '::1/128' + - 'fe80::/10' + - 'fc00::/7' + - '2001:db8::/32' + - 'ff00::/8' + - 'fec0::/10' + +filter_timeline_limit: 500 +delete_stale_devices_after: 1y diff --git a/matrix/synapse/conf.d/server_notices.yaml b/matrix/synapse/conf.d/server_notices.yaml new file mode 100644 index 0000000..e6e2622 --- /dev/null +++ b/matrix/synapse/conf.d/server_notices.yaml @@ -0,0 +1,26 @@ +# Necessary for server notices, and moderation + +server_notices: + system_mxid_localpart: server + system_mxid_display_name: "Server Notices" + system_mxid_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG" + room_name: "Server Notices" + room_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG" + room_topic: "Room used by your server admin to notice you of important information" + auto_join: true + +user_consent: + require_at_registration: true + policy_name: "Example End User Policy" + template_dir: consent_policy + version: 0.2 + server_notice_content: + msgtype: m.text + body: >- + You have to agree to our End User Policy before you can use this + service. Please read and accept it at %(consent_uri)s. + block_events_error: >- + You haven't accepted the End User Policy yet, so you can't post any + messages yet. Please read and accept the policy at %(consent_uri)s. + +form_secret: "" diff --git a/matrix/synapse/conf.d/turn.yaml b/matrix/synapse/conf.d/turn.yaml new file mode 100644 index 0000000..649f76a --- /dev/null +++ b/matrix/synapse/conf.d/turn.yaml @@ -0,0 +1,9 @@ +# This configures the connection to the TURN server + +turn_shared_secret: "" +turn_uris: + - "turn:turn.matrixdev.example.com?transport=udp" + - "turn:turn.matrixdev.example.com?transport=tcp" +turn_user_lifetime: 86400000 +turn_allow_guests: true + diff --git a/matrix/synapse/homeserver.yaml b/matrix/synapse/homeserver.yaml new file mode 100644 index 0000000..0df64a0 --- /dev/null +++ b/matrix/synapse/homeserver.yaml @@ -0,0 +1,34 @@ +# Configuration file for Synapse. +# +# This is a YAML file: see [1] for a quick introduction. Note in particular +# that *indentation is important*: all the elements of a list or dictionary +# should have the same indentation. +# +# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html +# +# For more information on how to configure Synapse, including a complete accounting of +# each option, go to docs/usage/configuration/config_documentation.md or +# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html +# +# This is set in /etc/matrix-synapse/conf.d/server_name.yaml for Debian installations. +# server_name: "SERVERNAME" +pid_file: "/var/run/matrix-synapse.pid" +listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['::1', '127.0.0.1'] + resources: + - names: + - client + - consent + - federation + compress: false +#database: +# name: sqlite3 +# args: +# database: /var/lib/matrix-synapse/homeserver.db +log_config: "/etc/matrix-synapse/log.yaml" +trusted_key_servers: + - server_name: "matrix.org" diff --git a/matrix/synapse/templates/0.1.html b/matrix/synapse/templates/0.1.html new file mode 100644 index 0000000..e4c2129 --- /dev/null +++ b/matrix/synapse/templates/0.1.html @@ -0,0 +1,43 @@ + + + + Example End User Policy + + + {% if has_consented %} +

+ You have already accepted the Example End User Policy. +

+ {% else %} +

Example End User Policy

+ +These are the terms under which you can use this service. Unless you accept these terms, you +will not be allowed to send any messages. + +
    +
  1. You will not be abusive to other users, be they on this server or on an other. +
  2. You will not do other nasty stuff. +
  3. Basically: you will behave like a good person. +
+ +We promise you a few things too: + +
    +
  1. We'll keep your data safe +
  2. We won't snoop on you +
  3. We'll only turn you in with the authorities if you do nasty stuff. +
+ +If you accept these terms, you can use this system. + {% if not public_version %} + +
+ + + + +
+ {% endif %} + {% endif %} + + diff --git a/matrix/synapse/templates/success.html b/matrix/synapse/templates/success.html new file mode 100644 index 0000000..e1c324c --- /dev/null +++ b/matrix/synapse/templates/success.html @@ -0,0 +1,11 @@ + + + + Example End User Policy + + +

You have agreed to our End User Policy, you can now use our service.

+ +

Have fun!

+ +