Added all configuration files, anonymized.

2024-11-27 16:56:06 +01:00 · 2024-11-27 16:56:06 +01:00 · 1f7b75a9cd
parent f1f8c6a7cf
commit 1f7b75a9cd
14 changed files with 275 additions and 0 deletions
--- a/matrix/synapse/conf.d/authentication.yaml
+++ b/matrix/synapse/conf.d/authentication.yaml
@ -0,0 +1,22 @@
 # Authentication stuff
 password_config:
  policy:
    enabled: only_for_reauth
    localdb_enabled: false
 password_providers:
  - module: "ldap_auth_provider.LdapAuthProvider"
    config:
      enabled: true
      uri: "ldap://ldap.example.com"
      start_tls: true
      mode: "search"
      base: "ou=users,o=Example,dc=example,dc=eu"
      attributes:
         uid: "uid"
         mail: "mail"
         name: "cn"
      filter: "(&(objectClass=posixAccount)(accountStatus=active))"
      bind_dn: "cn=matrix,ou=service,o=Protagio,dc=protagio,dc=eu"
      bind_password: "<very secure password>"
--- a/matrix/synapse/conf.d/call.yaml
+++ b/matrix/synapse/conf.d/call.yaml
@ -0,0 +1,19 @@
 experimental_features:
  # MSC3266: Room summary API. Used for knocking over federation
  msc3266_enabled: true
 # The maximum allowed duration by which sent events can be delayed, as
 # per MSC4140.
 max_event_delay_duration: 24h
 rc_message:
  # This needs to match at least the heart-beat frequency plus a bit of headroom
  # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
  per_second: 0.5
  burst_count: 30
 extra_well_known_client_content:
  org.matrix.msc4143.rtc_foci:
    type: livekit
    livekit_service_url: https://livekit.matrixdev.example.com
--- a/matrix/synapse/conf.d/database.yaml
+++ b/matrix/synapse/conf.d/database.yaml
@ -0,0 +1,9 @@
 database:
  name: psycopg2
  args:
    user: synapse
    password: <secure password>
    dbname: synapse
    host: /var/run/postgresql
    cp_min: 5
    cp_max: 10
--- a/matrix/synapse/conf.d/email.yaml
+++ b/matrix/synapse/conf.d/email.yaml
@ -0,0 +1,9 @@
 # This takes care of sending e-mail
 email:
  smtp_host: smtp.example.com
  smtp_port: 465
  smtp_user: matrixdev@example.com
  smtp_pass: <secure password>
  force_tls: true
  notif_from: "Your Matrix server <matrixdev@example.com>"
--- a/matrix/synapse/conf.d/homeserver_blocking.yaml
+++ b/matrix/synapse/conf.d/homeserver_blocking.yaml
@ -0,0 +1,11 @@
 # Various settings for blocking stuff.
 # See https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=mau_stats_only%3A#homeserver-blocking
 admin_contact: admin@example.com
 mau_stats_only: true
 max_avatar_size: 2M
 allowed_avatar_mimetypes:
  - "image/png"
  - "image/jpeg"
  - "image/gif"
 forgotten_room_retention_period: 7d
--- a/matrix/synapse/conf.d/keys.yaml
+++ b/matrix/synapse/conf.d/keys.yaml
@ -0,0 +1,5 @@
 # This file contains secrets
 signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
 macaroon_secret_key: <secure key>
 registration_shared_secret: <secure key>
--- a/matrix/synapse/conf.d/mediastore.yaml
+++ b/matrix/synapse/conf.d/mediastore.yaml
@ -0,0 +1,29 @@
 # Media stuff
 # See https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=media_store_path#media-store
 media_store_path: /var/lib/matrix-synapse/media
 enable_authenticated_media: true
 max_upload_size: 50M
 url_preview_enabled: true
 url_preview_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '192.0.0.0/24'
  - '169.254.0.0/16'
  - '192.88.99.0/24'
  - '198.18.0.0/15'
  - '192.0.2.0/24'
  - '198.51.100.0/24'
  - '203.0.113.0/24'
  - '224.0.0.0/4'
  - '::1/128'
  - 'fe80::/10'
  - 'fc00::/7'
  - '2001:db8::/32'
  - 'ff00::/8'
  - 'fec0::/10'
 dynamic_thumbnails: true
--- a/matrix/synapse/conf.d/report_stats.yaml
+++ b/matrix/synapse/conf.d/report_stats.yaml
@ -0,0 +1,5 @@
 # This file is autogenerated, and will be recreated on upgrade if it is deleted.
 # Any changes you make will be preserved.
 # Whether to report homeserver usage statistics.
 report_stats: true
--- a/matrix/synapse/conf.d/server_name.yaml
+++ b/matrix/synapse/conf.d/server_name.yaml
@ -0,0 +1,43 @@
 # This file is autogenerated, and will be recreated on upgrade if it is deleted.
 # Any changes you make will be preserved.
 # The domain name of the server, with optional explicit port.
 # This is used by remote servers to connect to this server,
 # e.g. matrix.org, localhost:8080, etc.
 # This is also the last part of your UserID.
 #
 server_name: matrixdev.example.com
 # The rest is our local configuration:
 public_baseurl: https://vm02199.example.com/
 presence:
  enabled: true
  include_offline_users_on_sync: false
 require_auth_for_profile_requests: true
 allow_public_rooms_over_federation: true
 ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '192.0.0.0/24'
  - '169.254.0.0/16'
  - '192.88.99.0/24'
  - '198.18.0.0/15'
  - '192.0.2.0/24'
  - '198.51.100.0/24'
  - '203.0.113.0/24'
  - '224.0.0.0/4'
  - '::1/128'
  - 'fe80::/10'
  - 'fc00::/7'
  - '2001:db8::/32'
  - 'ff00::/8'
  - 'fec0::/10'
 filter_timeline_limit: 500
 delete_stale_devices_after: 1y
--- a/matrix/synapse/conf.d/server_notices.yaml
+++ b/matrix/synapse/conf.d/server_notices.yaml
@ -0,0 +1,26 @@
 # Necessary for server notices, and moderation
 server_notices:
  system_mxid_localpart: server
  system_mxid_display_name: "Server Notices"
  system_mxid_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
  room_name: "Server Notices"
  room_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
  room_topic: "Room used by your server admin to notice you of important information"
  auto_join: true
 user_consent:
  require_at_registration: true
  policy_name: "Example End User Policy"
  template_dir: consent_policy
  version: 0.2
  server_notice_content:
    msgtype: m.text
    body: >-
      You have to agree to our End User Policy before you can use this
      service. Please read and accept it at %(consent_uri)s.
  block_events_error: >-
    You haven't accepted the End User Policy yet, so you can't post any
    messages yet. Please read and accept the policy at %(consent_uri)s.
 form_secret: "<secure password>"
--- a/matrix/synapse/conf.d/turn.yaml
+++ b/matrix/synapse/conf.d/turn.yaml
@ -0,0 +1,9 @@
 # This configures the connection to the TURN server
 turn_shared_secret: "<secure key>"
 turn_uris:
  - "turn:turn.matrixdev.example.com?transport=udp"
  - "turn:turn.matrixdev.example.com?transport=tcp"
 turn_user_lifetime: 86400000
 turn_allow_guests: true
--- a/matrix/synapse/homeserver.yaml
+++ b/matrix/synapse/homeserver.yaml
@ -0,0 +1,34 @@
 # Configuration file for Synapse.
 #
 # This is a YAML file: see [1] for a quick introduction. Note in particular
 # that *indentation is important*: all the elements of a list or dictionary
 # should have the same indentation.
 #
 # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
 #
 # For more information on how to configure Synapse, including a complete accounting of
 # each option, go to docs/usage/configuration/config_documentation.md or
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
 #
 # This is set in /etc/matrix-synapse/conf.d/server_name.yaml for Debian installations.
 # server_name: "SERVERNAME"
 pid_file: "/var/run/matrix-synapse.pid"
 listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']
    resources:
      - names:
        - client
        - consent
        - federation
        compress: false
 #database:
 #  name: sqlite3
 #  args:
 #    database: /var/lib/matrix-synapse/homeserver.db
 log_config: "/etc/matrix-synapse/log.yaml"
 trusted_key_servers:
  - server_name: "matrix.org"
--- a/matrix/synapse/templates/0.1.html
+++ b/matrix/synapse/templates/0.1.html
@ -0,0 +1,43 @@
 <!doctype html>
 <html lang="en">
  <head>
    <title>Example End User Policy</title>
  </head>
  <body>
  {% if has_consented %}
    <p>
      You have already accepted the Example End User Policy.
    </p>
  {% else %}
 <h1>Example End User Policy</h1>
 These are the terms under which you can use this service. Unless you accept these terms, you
 will not be allowed to send any messages.
 <ol>
  <li>You will not be abusive to other users, be they on this server or on an other.
  <li>You will not do other nasty stuff.
  <li>Basically: you will behave like a good person.
 </ol>
 We promise you a few things too:
 <ol>
  <li>We'll keep your data safe
  <li>We won't snoop on you
  <li>We'll only turn you in with the authorities if you do nasty stuff.
 </ol>
 If you accept these terms, you can use this system.
    {% if not public_version %}
      <!-- The variables used here are only provided when the 'u' param is given to the homeserver -->
      <form method="post" action="consent">
        <input type="hidden" name="v" value="{{version}}"/>
        <input type="hidden" name="u" value="{{user}}"/>
        <input type="hidden" name="h" value="{{userhmac}}"/>
        <input type="submit" value="I accept"/>
      </form>
    {% endif %}
  {% endif %}
  </body>
 </html>
--- a/matrix/synapse/templates/success.html
+++ b/matrix/synapse/templates/success.html
@ -0,0 +1,11 @@
 <!doctype html>
 <html lang="en">
  <head>
    <title>Example End User Policy</title>
  </head>
  <body>
 <p>You have agreed to our End User Policy, you can now use our service.</p>
 <p>Have fun!</p>
  </body>
 </html>