diff --git a/roles/matrix/files/log_config.yaml b/roles/matrix/files/log_config.yaml
index d5115eaf9d9dd3fbbf2edfb03a3255e44f19a1f2..9fcd8f730e31bde37c08f527e4080cc75df8a410 100644
--- a/roles/matrix/files/log_config.yaml
+++ b/roles/matrix/files/log_config.yaml
@@ -1,44 +1,44 @@
+# Log configuration for Synapse.
+#
+# This is a YAML file containing a standard Python logging configuration
+# dictionary. See [1] for details on the valid settings.
+#
+# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
+
version: 1
formatters:
- fmt:
- format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
- journal_fmt:
- format: '%(name)s: [%(request)s] %(message)s'
+ precise:
+ format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+ journal_fmt:
+ format: '%(name)s: [%(request)s] %(message)s'
filters:
- context:
- (): synapse.logging.context.LoggingContextFilter
- request: ""
+ context:
+ (): synapse.logging.context.LoggingContextFilter
+ request: ""
handlers:
- # example output to console
- console:
- class: logging.StreamHandler
- formatter: fmt
- filters: [context]
-
- # output to systemd journal
- journal:
- class: systemd.journal.JournalHandler
- formatter: journal_fmt
- filters: [context]
- SYSLOG_IDENTIFIER: synapse
-
-root:
- level: INFO
- handlers: [journal]
+ console:
+ class: logging.StreamHandler
+ formatter: precise
+ filters: [context]
+ journal:
+ class: systemd.journal.JournalHandler
+ formatter: journal_fmt
+ filters: [context]
+ SYSLOG_IDENTIFIER: synapse
loggers:
synapse:
level: INFO
-
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
- # example of enabling debugging for a component:
- #
- # synapse.federation.transport.server:
- # level: DEBUG
+root:
+ level: INFO
+ handlers: [journal]
+
+disable_existing_loggers: false
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index e53c45d4d1fe8f6bc8b88deae46b6b4151fbf27b..1c77a27ad07800e58644233f13fa8259d046da70 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -19,7 +19,6 @@
- /var/lib/synapse
- /var/lib/synapse/irc-nedb
- /var/lib/synapse/media_store
- - /var/lib/synapse/uploads
- name: make virtualenv
command: python -m venv /var/lib/synapse/venv
@@ -80,15 +79,23 @@
- name: install homeserver config
template: src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640
+ notify:
+ - restart synapse
- name: install log config
copy: src=log_config.yaml dest=/etc/synapse/log_config.yaml owner=root group=root mode=0644
+ notify:
+ - restart synapse
- name: install irc-bridge config
template: src=irc-bridge.yaml.j2 dest=/etc/synapse/irc-bridge.yaml owner=root group=synapse mode=0640
+ notify:
+ - restart matrix-appservice-irc
- name: install irc-bridge registration
template: src=appservice-registration-irc.yaml.j2 dest=/etc/synapse/appservice-registration-irc.yaml owner=root group=synapse mode=0640
+ notify:
+ - restart synapse
- name: install signing key
copy:
diff --git a/roles/matrix/templates/homeserver.yaml.j2 b/roles/matrix/templates/homeserver.yaml.j2
index 2211d502aa6923d53d36997fc2d993c1502835de..c9fabe4205e93465ab426443204e3d6d63003c54 100644
--- a/roles/matrix/templates/homeserver.yaml.j2
+++ b/roles/matrix/templates/homeserver.yaml.j2
@@ -44,6 +44,13 @@ public_baseurl: https://{{ matrix_domain }}/
#
#require_auth_for_profile_requests: true
+# Uncomment to require a user to share a room with another user in order
+# to retrieve their profile information. Only checked on Client-Server
+# requests. Profile requests from other servers should be checked by the
+# requesting server. Defaults to 'false'.
+#
+#limit_profile_requests_to_users_who_share_rooms: true
+
# If set to 'true', removes the need for authentication to access the server's
# public rooms directory through the client API, meaning that anyone can
# query the room directory. Defaults to 'false'.
@@ -678,10 +685,6 @@ media_store_path: "/var/lib/synapse/media_store"
# config:
# directory: /mnt/some/other/directory
-# Directory where in-progress uploads are stored.
-#
-uploads_path: "/var/lib/synapse/uploads"
-
# The largest allowed upload size in bytes
#
#max_upload_size: 10M
@@ -1107,14 +1110,19 @@ form_secret: "{{ vault_matrix_secrets[matrix_server_name].form_secret }}"
signing_key_path: "/etc/synapse/{{ matrix_server_name }}.signing.key"
# The keys that the server used to sign messages with but won't use
-# to sign new messages. E.g. it has lost its private key
+# to sign new messages.
#
-#old_signing_keys:
-# "ed25519:auto":
-# # Base64 encoded public key
-# key: "The public part of your old signing key."
-# # Millisecond POSIX timestamp when the key expired.
-# expired_ts: 123456789123
+old_signing_keys:
+ # For each key, `key` should be the base64-encoded public key, and
+ # `expired_ts`should be the time (in milliseconds since the unix epoch) that
+ # it was last used.
+ #
+ # It is possible to build an entry from an old signing.key file using the
+ # `export_signing_key` script which is provided with synapse.
+ #
+ # For example:
+ #
+ #"ed25519:id": { key: "base64string", expired_ts: 123456789123 }
# How long key response published by this server is valid for.
# Used to set the valid_until_ts in /key/v2 APIs.
@@ -1242,33 +1250,58 @@ saml2_config:
#
#config_path: "CONFDIR/sp_conf.py"
- # the lifetime of a SAML session. This defines how long a user has to
+ # The lifetime of a SAML session. This defines how long a user has to
# complete the authentication process, if allow_unsolicited is unset.
# The default is 5 minutes.
#
#saml_session_lifetime: 5m
- # The SAML attribute (after mapping via the attribute maps) to use to derive
- # the Matrix ID from. 'uid' by default.
- #
- #mxid_source_attribute: displayName
-
- # The mapping system to use for mapping the saml attribute onto a matrix ID.
- # Options include:
- # * 'hexencode' (which maps unpermitted characters to '=xx')
- # * 'dotreplace' (which replaces unpermitted characters with '.').
- # The default is 'hexencode'.
+ # An external module can be provided here as a custom solution to
+ # mapping attributes returned from a saml provider onto a matrix user.
#
- #mxid_mapping: dotreplace
+ user_mapping_provider:
+ # The custom module's class. Uncomment to use a custom module.
+ #
+ #module: mapping_provider.SamlMappingProvider
- # In previous versions of synapse, the mapping from SAML attribute to MXID was
- # always calculated dynamically rather than stored in a table. For backwards-
- # compatibility, we will look for user_ids matching such a pattern before
- # creating a new account.
+ # Custom configuration values for the module. Below options are
+ # intended for the built-in provider, they should be changed if
+ # using a custom module. This section will be passed as a Python
+ # dictionary to the module's `parse_config` method.
+ #
+ config:
+ # The SAML attribute (after mapping via the attribute maps) to use
+ # to derive the Matrix ID from. 'uid' by default.
+ #
+ # Note: This used to be configured by the
+ # saml2_config.mxid_source_attribute option. If that is still
+ # defined, its value will be used instead.
+ #
+ #mxid_source_attribute: displayName
+
+ # The mapping system to use for mapping the saml attribute onto a
+ # matrix ID.
+ #
+ # Options include:
+ # * 'hexencode' (which maps unpermitted characters to '=xx')
+ # * 'dotreplace' (which replaces unpermitted characters with
+ # '.').
+ # The default is 'hexencode'.
+ #
+ # Note: This used to be configured by the
+ # saml2_config.mxid_mapping option. If that is still defined, its
+ # value will be used instead.
+ #
+ #mxid_mapping: dotreplace
+
+ # In previous versions of synapse, the mapping from SAML attribute to
+ # MXID was always calculated dynamically rather than stored in a
+ # table. For backwards- compatibility, we will look for user_ids
+ # matching such a pattern before creating a new account.
#
# This setting controls the SAML attribute which will be used for this
- # backwards-compatibility lookup. Typically it should be 'uid', but if the
- # attribute maps are changed, it may be necessary to change it.
+ # backwards-compatibility lookup. Typically it should be 'uid', but if
+ # the attribute maps are changed, it may be necessary to change it.
#
# The default is 'uid'.
#