Added all configuration files, anonymized.

2024-11-27 16:56:06 +01:00 · 2024-11-27 16:56:06 +01:00 · 1f7b75a9cd
parent f1f8c6a7cf
commit 1f7b75a9cd
14 changed files with 275 additions and 0 deletions
--- a/matrix/synapse/conf.d/authentication.yaml
+++ b/matrix/synapse/conf.d/authentication.yaml
@ -0,0 +1,22 @@
+# Authentication stuff
+
+password_config:
+  policy:
+    enabled: only_for_reauth
+    localdb_enabled: false
+    
+password_providers:
+  - module: "ldap_auth_provider.LdapAuthProvider"
+    config:
+      enabled: true
+      uri: "ldap://ldap.example.com"
+      start_tls: true
+      mode: "search"
+      base: "ou=users,o=Example,dc=example,dc=eu"
+      attributes:
+         uid: "uid"
+         mail: "mail"
+         name: "cn"
+      filter: "(&(objectClass=posixAccount)(accountStatus=active))"
+      bind_dn: "cn=matrix,ou=service,o=Protagio,dc=protagio,dc=eu"
+      bind_password: "<very secure password>"
--- a/matrix/synapse/conf.d/call.yaml
+++ b/matrix/synapse/conf.d/call.yaml
@ -0,0 +1,19 @@
+experimental_features:
+  # MSC3266: Room summary API. Used for knocking over federation
+  msc3266_enabled: true
+
+# The maximum allowed duration by which sent events can be delayed, as
+# per MSC4140.
+max_event_delay_duration: 24h
+
+rc_message:
+  # This needs to match at least the heart-beat frequency plus a bit of headroom
+  # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
+  per_second: 0.5
+  burst_count: 30
+
+extra_well_known_client_content:
+  org.matrix.msc4143.rtc_foci:
+    type: livekit
+    livekit_service_url: https://livekit.matrixdev.example.com
+
--- a/matrix/synapse/conf.d/database.yaml
+++ b/matrix/synapse/conf.d/database.yaml
@ -0,0 +1,9 @@
+database:
+  name: psycopg2
+  args:
+    user: synapse
+    password: <secure password>
+    dbname: synapse
+    host: /var/run/postgresql
+    cp_min: 5
+    cp_max: 10
--- a/matrix/synapse/conf.d/email.yaml
+++ b/matrix/synapse/conf.d/email.yaml
@ -0,0 +1,9 @@
+# This takes care of sending e-mail
+
+email:
+  smtp_host: smtp.example.com
+  smtp_port: 465
+  smtp_user: matrixdev@example.com
+  smtp_pass: <secure password>
+  force_tls: true
+  notif_from: "Your Matrix server <matrixdev@example.com>"
--- a/matrix/synapse/conf.d/homeserver_blocking.yaml
+++ b/matrix/synapse/conf.d/homeserver_blocking.yaml
@ -0,0 +1,11 @@
+# Various settings for blocking stuff.
+# See https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=mau_stats_only%3A#homeserver-blocking
+
+admin_contact: admin@example.com
+mau_stats_only: true
+max_avatar_size: 2M
+allowed_avatar_mimetypes:
+  - "image/png"
+  - "image/jpeg"
+  - "image/gif"
+forgotten_room_retention_period: 7d
--- a/matrix/synapse/conf.d/keys.yaml
+++ b/matrix/synapse/conf.d/keys.yaml
@ -0,0 +1,5 @@
+# This file contains secrets
+
+signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
+macaroon_secret_key: <secure key>
+registration_shared_secret: <secure key>
--- a/matrix/synapse/conf.d/mediastore.yaml
+++ b/matrix/synapse/conf.d/mediastore.yaml
@ -0,0 +1,29 @@
+# Media stuff
+# See https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=media_store_path#media-store
+
+media_store_path: /var/lib/matrix-synapse/media
+enable_authenticated_media: true
+max_upload_size: 50M
+url_preview_enabled: true
+url_preview_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '192.0.0.0/24'
+  - '169.254.0.0/16'
+  - '192.88.99.0/24'
+  - '198.18.0.0/15'
+  - '192.0.2.0/24'
+  - '198.51.100.0/24'
+  - '203.0.113.0/24'
+  - '224.0.0.0/4'
+  - '::1/128'
+  - 'fe80::/10'
+  - 'fc00::/7'
+  - '2001:db8::/32'
+  - 'ff00::/8'
+  - 'fec0::/10'
+
+dynamic_thumbnails: true
--- a/matrix/synapse/conf.d/report_stats.yaml
+++ b/matrix/synapse/conf.d/report_stats.yaml
@ -0,0 +1,5 @@
+# This file is autogenerated, and will be recreated on upgrade if it is deleted.
+# Any changes you make will be preserved.
+
+# Whether to report homeserver usage statistics.
+report_stats: true
--- a/matrix/synapse/conf.d/server_name.yaml
+++ b/matrix/synapse/conf.d/server_name.yaml
@ -0,0 +1,43 @@
+# This file is autogenerated, and will be recreated on upgrade if it is deleted.
+# Any changes you make will be preserved.
+
+# The domain name of the server, with optional explicit port.
+# This is used by remote servers to connect to this server,
+# e.g. matrix.org, localhost:8080, etc.
+# This is also the last part of your UserID.
+#
+server_name: matrixdev.example.com
+
+# The rest is our local configuration:
+public_baseurl: https://vm02199.example.com/
+
+presence:
+  enabled: true
+  include_offline_users_on_sync: false
+
+require_auth_for_profile_requests: true
+allow_public_rooms_over_federation: true
+
+ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '192.0.0.0/24'
+  - '169.254.0.0/16'
+  - '192.88.99.0/24'
+  - '198.18.0.0/15'
+  - '192.0.2.0/24'
+  - '198.51.100.0/24'
+  - '203.0.113.0/24'
+  - '224.0.0.0/4'
+  - '::1/128'
+  - 'fe80::/10'
+  - 'fc00::/7'
+  - '2001:db8::/32'
+  - 'ff00::/8'
+  - 'fec0::/10'
+
+filter_timeline_limit: 500
+delete_stale_devices_after: 1y
--- a/matrix/synapse/conf.d/server_notices.yaml
+++ b/matrix/synapse/conf.d/server_notices.yaml
@ -0,0 +1,26 @@
+# Necessary for server notices, and moderation
+
+server_notices:
+  system_mxid_localpart: server
+  system_mxid_display_name: "Server Notices"
+  system_mxid_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
+  room_name: "Server Notices"
+  room_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
+  room_topic: "Room used by your server admin to notice you of important information"
+  auto_join: true
+
+user_consent:
+  require_at_registration: true
+  policy_name: "Example End User Policy"
+  template_dir: consent_policy
+  version: 0.2
+  server_notice_content:
+    msgtype: m.text
+    body: >-
+      You have to agree to our End User Policy before you can use this
+      service. Please read and accept it at %(consent_uri)s.
+  block_events_error: >-
+    You haven't accepted the End User Policy yet, so you can't post any
+    messages yet. Please read and accept the policy at %(consent_uri)s.
+
+form_secret: "<secure password>"
--- a/matrix/synapse/conf.d/turn.yaml
+++ b/matrix/synapse/conf.d/turn.yaml
@ -0,0 +1,9 @@
+# This configures the connection to the TURN server
+
+turn_shared_secret: "<secure key>"
+turn_uris:
+  - "turn:turn.matrixdev.example.com?transport=udp"
+  - "turn:turn.matrixdev.example.com?transport=tcp"
+turn_user_lifetime: 86400000
+turn_allow_guests: true
+
--- a/matrix/synapse/homeserver.yaml
+++ b/matrix/synapse/homeserver.yaml
@ -0,0 +1,34 @@
+# Configuration file for Synapse.
+#
+# This is a YAML file: see [1] for a quick introduction. Note in particular
+# that *indentation is important*: all the elements of a list or dictionary
+# should have the same indentation.
+#
+# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
+#
+# For more information on how to configure Synapse, including a complete accounting of
+# each option, go to docs/usage/configuration/config_documentation.md or
+# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
+#
+# This is set in /etc/matrix-synapse/conf.d/server_name.yaml for Debian installations.
+# server_name: "SERVERNAME"
+pid_file: "/var/run/matrix-synapse.pid"
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    bind_addresses: ['::1', '127.0.0.1']
+    resources:
+      - names:
+        - client
+        - consent
+        - federation
+        compress: false
+#database:
+#  name: sqlite3
+#  args:
+#    database: /var/lib/matrix-synapse/homeserver.db
+log_config: "/etc/matrix-synapse/log.yaml"
+trusted_key_servers:
+  - server_name: "matrix.org"
--- a/matrix/synapse/templates/0.1.html
+++ b/matrix/synapse/templates/0.1.html
@ -0,0 +1,43 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <title>Example End User Policy</title>
+  </head>
+  <body>
+  {% if has_consented %}
+    <p>
+      You have already accepted the Example End User Policy.
+    </p>
+  {% else %}
+<h1>Example End User Policy</h1>
+
+These are the terms under which you can use this service. Unless you accept these terms, you
+will not be allowed to send any messages.
+
+<ol>
+  <li>You will not be abusive to other users, be they on this server or on an other.
+  <li>You will not do other nasty stuff.
+  <li>Basically: you will behave like a good person.
+</ol>
+
+We promise you a few things too:
+
+<ol>
+  <li>We'll keep your data safe
+  <li>We won't snoop on you
+  <li>We'll only turn you in with the authorities if you do nasty stuff.
+</ol>
+
+If you accept these terms, you can use this system.
+    {% if not public_version %}
+      <!-- The variables used here are only provided when the 'u' param is given to the homeserver -->
+      <form method="post" action="consent">
+        <input type="hidden" name="v" value="{{version}}"/>
+        <input type="hidden" name="u" value="{{user}}"/>
+        <input type="hidden" name="h" value="{{userhmac}}"/>
+        <input type="submit" value="I accept"/>
+      </form>
+    {% endif %}
+  {% endif %}
+  </body>
+</html>
--- a/matrix/synapse/templates/success.html
+++ b/matrix/synapse/templates/success.html
@ -0,0 +1,11 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <title>Example End User Policy</title>
+  </head>
+  <body>
+<p>You have agreed to our End User Policy, you can now use our service.</p>
+
+<p>Have fun!</p>
+  </body>
+</html>