Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
David Runge
infrastructure
Commits
a1148b1b
Verified
Commit
a1148b1b
authored
Jul 01, 2021
by
Jan Alexander Steffens (heftig)
Browse files
matrix: Update synapse to 1.37.1
parent
9795a8c3
Changes
2
Hide whitespace changes
Inline
Side-by-side
roles/matrix/tasks/main.yml
View file @
a1148b1b
...
...
@@ -78,7 +78,7 @@
-
name
:
install synapse
pip
:
name
:
-
'
matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.3
6.0
'
-
'
matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.3
7.1
'
state
:
latest
extra_args
:
'
--upgrade-strategy=eager'
virtualenv
:
/var/lib/synapse/venv
...
...
roles/matrix/templates/homeserver.yaml.j2
View file @
a1148b1b
...
...
@@ -21,6 +21,33 @@
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
## Modules ##
# Server admins can expand Synapse's functionality with external modules.
#
# See https://matrix-org.github.io/synapse/develop/modules.html for more
# documentation on how to configure or create custom modules for Synapse.
#
modules
:
# - module: my_super_module.MySuperClass
# config:
# do_thing: true
# - module: my_other_super_module.SomeClass
# config: {}
spam_checker
:
-
module
:
mjolnir.AntiSpam
config
:
block_invites
:
true
block_messages
:
false
block_usernames
:
false
ban_lists
:
-
"
!WuBtumawCeOGEieRrp:matrix.org"
# #matrix-org-coc-bl:matrix.org
-
"
!tUPwPPmVTaiKXMiijj:matrix.org"
# #matrix-org-hs-tos-bl:matrix.org
-
"
!vmRBOqUEHGdNBeweth:archlinux.org"
# #banlist:archlinux.org
## Server ##
# The public-facing domain of the server
...
...
@@ -553,13 +580,9 @@ retention:
# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
# certificate, signed by a recognised Certificate Authority.
#
# See 'ACME support' below to enable auto-provisioning this certificate via
# Let's Encrypt.
#
# If supplying your own, be sure to use a `.pem` file that includes the
# full certificate chain including any intermediate certificates (for
# instance, if using certbot, use `fullchain.pem` as your certificate,
# not `cert.pem`).
# Be sure to use a `.pem` file that includes the full certificate chain including
# any intermediate certificates (for instance, if using certbot, use
# `fullchain.pem` as your certificate, not `cert.pem`).
#
#tls_certificate_path: "CONFDIR/SERVERNAME.tls.crt"
...
...
@@ -610,80 +633,6 @@ retention:
# - myCA2.pem
# - myCA3.pem
# ACME support: This will configure Synapse to request a valid TLS certificate
# for your configured `server_name` via Let's Encrypt.
#
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
# ACME v2. This means that this feature currently won't work with installs set
# up after November 2019. For more info, and alternative solutions, see
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
#
# Note that provisioning a certificate in this way requires port 80 to be
# routed to Synapse so that it can complete the http-01 ACME challenge.
# By default, if you enable ACME support, Synapse will attempt to listen on
# port 80 for incoming http-01 challenges - however, this will likely fail
# with 'Permission denied' or a similar error.
#
# There are a couple of potential solutions to this:
#
# * If you already have an Apache, Nginx, or similar listening on port 80,
# you can configure Synapse to use an alternate port, and have your web
# server forward the requests. For example, assuming you set 'port: 8009'
# below, on Apache, you would write:
#
# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
#
# * Alternatively, you can use something like `authbind` to give Synapse
# permission to listen on port 80.
#
acme
:
# ACME support is disabled by default. Set this to `true` and uncomment
# tls_certificate_path and tls_private_key_path above to enable it.
#
enabled
:
false
# Endpoint to use to request certificates. If you only want to test,
# use Let's Encrypt's staging url:
# https://acme-staging.api.letsencrypt.org/directory
#
#url: https://acme-v01.api.letsencrypt.org/directory
# Port number to listen on for the HTTP-01 challenge. Change this if
# you are forwarding connections through Apache/Nginx/etc.
#
port
:
80
# Local addresses to listen on for incoming connections.
# Again, you may want to change this if you are forwarding connections
# through Apache/Nginx/etc.
#
bind_addresses
:
[
'
::'
,
'
0.0.0.0'
]
# How many days remaining on a certificate before it is renewed.
#
reprovision_threshold
:
30
# The domain that the certificate should be for. Normally this
# should be the same as your Matrix domain (i.e., 'server_name'), but,
# by putting a file at 'https://<server_name>/.well-known/matrix/server',
# you can delegate incoming traffic to another server. If you do that,
# you should give the target of the delegation here.
#
# For example: if your 'server_name' is 'example.com', but
# 'https://example.com/.well-known/matrix/server' delegates to
# 'matrix.example.com', you should put 'matrix.example.com' here.
#
# If not set, defaults to your 'server_name'.
#
domain
:
{{
matrix_domain
}}
# file to use for the account key. This will be generated if it doesn't
# exist.
#
# If unspecified, we will use CONFDIR/client.key.
#
account_key_file
:
DATADIR/acme_account.key
## Federation ##
...
...
@@ -2063,6 +2012,17 @@ sso:
# - https://riot.im/develop
# - https://my.custom.client/
# Uncomment to keep a user's profile fields in sync with information from
# the identity provider. Currently only syncing the displayname is
# supported. Fields are checked on every SSO login, and are updated
# if necessary.
#
# Note that enabling this option will override user profile information,
# regardless of whether users have opted-out of syncing that
# information when first signing in. Defaults to false.
#
#update_profile_information: true
# Directory in which Synapse will try to find the template files below.
# If not set, or the files named below are not found within the template
# directory, default templates from within the Synapse package will be used.
...
...
@@ -2344,6 +2304,10 @@ ui_auth:
# the user-interactive authentication process, by allowing for multiple
# (and potentially different) operations to use the same validation session.
#
# This is ignored for potentially "dangerous" operations (including
# deactivating an account, modifying an account password, and
# adding a 3PID).
#
# Uncomment below to allow for credential validation to last for 15
# seconds.
#
...
...
@@ -2591,33 +2555,6 @@ push:
#group_unread_count_by_room: false
# Spam checkers are third-party modules that can block specific actions
# of local users, such as creating rooms and registering undesirable
# usernames, as well as remote users by redacting incoming events.
#
spam_checker
:
-
module
:
mjolnir.AntiSpam
config
:
# Prevent servers/users in the ban lists from inviting users on this
# server to rooms. Default true.
block_invites
:
true
# Flag messages sent by servers/users in the ban lists as spam. Currently
# this means that spammy messages will appear as empty to users. Default
# false.
block_messages
:
false
# Remove users from the user directory search by filtering matrix IDs and
# display names by the entries in the user ban list. Default false.
block_usernames
:
false
# The room IDs of the ban lists to honour. Unlike other parts of Mjolnir,
# this list cannot be room aliases or permalinks. This server is expected
# to already be joined to the room - Mjolnir will not automatically join
# these rooms.
ban_lists
:
-
"
!WuBtumawCeOGEieRrp:matrix.org"
# #matrix-org-coc-bl:matrix.org
-
"
!tUPwPPmVTaiKXMiijj:matrix.org"
# #matrix-org-hs-tos-bl:matrix.org
-
"
!vmRBOqUEHGdNBeweth:archlinux.org"
# #banlist:archlinux.org
## Rooms ##
# Controls whether locally-created rooms should be end-to-end encrypted by
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment