Verified Commit b3a45fb7 authored by Jan Alexander Steffens (heftig)'s avatar Jan Alexander Steffens (heftig)
Browse files

roles/matrix: Add a matrix homeserver for soyuz

parent 7c613892
$ANSIBLE_VAULT;1.1;AES256
65653564623330313333353062313033323939626363353832303663646263643735333562366633
3731353735343432303330373361333437613430663863660a633963656138303432313835326431
33643064393061333637353230323061646265393435653162636236666532386166343761633938
6432616232376432660a313236666336363932626466376163666264363538316162333433393235
65633863313638306133653930653062626131393331626431643133363036666239643935666136
63336234366431363832663837306466646339313030326235333033346434386264376339383761
33373863313161666234343834333832376433396664663934666665646337616334663061353363
34396536386563323234613633393637393133373731623835386537663064613131333664346666
37316635343036336461633632316331646533616666303636643833383132323066306439633261
33373261343564653033353465386261633636386633376632613764306436663461366632303466
34316233623736633430353265336334613431303838323231393664343831373865353533393038
33613662313661386531363232366163396534633964323030663163353061643532356333366565
34306334643733653665623663343063366636393530333139373039323537383339313864616637
63316666396333396133353963626435633866396537353837393864333561346339343962653062
62333633643431643037383738326163653839373733363864356237646635303163316265303735
34373064333064363966333439326335663263393662353463333863313834313134653434373863
38363339386332626337386664326665366234326637373934646430646538616139333238306238
34326237353937653466333230636163643961313537373230393463663138346364613535363865
39316161613261363866393765613466346432353231363739323033323861336165633163356336
39653965643161626135396161303532373133353835656133613035356133653433623233633331
65613963326633393237393235326632613139383035396437643436393735303439353936656430
65333131396230636666356666613833323161323161336431643037346561376431643139373363
66646562313739366337343537366431636632613066633333396164666630396462613738623665
38363537326535353833316137383237373863346231396162646363663635386565386238383930
32613963663763303765633038363031393363353961346135366266303535666136323139363562
31386638663536343631396630333835663937343434366537326332653532343630363232373063
64346436366234623433363534623165623331323036336261346161663736303064326235646332
33306339323233373762613136616138343164666634636438626161313736383834346435656561
34636332383234353964613061653335346330643931663038396562643430643364353364663339
39633932303332393334666562343539613763653431343031333232346264666539343836306338
33663336336637653833356564333037626164363865303535323261636565656261633437323766
37396131636162636130613162386132633738663430383935383462346532616462316437656162
31373134366439396633303137393735363437626235643336333232396237313537323630663930
37366264363736306365366464343534633939353930633332626538353862643736616365343264
61666232383264373031373931623539376230333962643234353636656566306461666466336333
30333466393039666337353263653462623539373363333231643064663266323437353139303237
31326334386361333537323065303634663763353435616535383932303064373336373130656636
64306666376538306438343365363361666632623238653163613161363766356162356438633838
38313534616166366534646436333166633135373731326532636161383539613165353261386166
66306333393538393462633766326664353236356364626462373566353835656530326364316166
35336364666463393837393564633632346536633433363732393836303932653538633036366633
62643238373834376130363738663036386635633631326633316134366233666436613335353333
61366538646234393235363339306139373138383639623130626431363465333162383366363235
35306363386630356636353361626265343236393366656162623736356265323136353234633638
66346361323236646566663231643833373034356564386639323633386638323966343766616665
39643437356433346333323863356233343038616264373638313432663764376165383839313361
63366132396232363338346534343863633236643362396431666463643830346662323666633266
37316635646532373566623132613339306134623233346433353866306338353836323330386464
61306166633932643233383833643762383237396231353432396166383862313432666630626138
64393133343838643335366139373138326265396266333838333930383866303464393436333534
37333165613139346662306561303133656535363535306366643836643363646466363034373238
31623866373039616633366630633633353264353130373638646438376437313064383963306463
30666539373262623734653133353136643635653566343833376335613638666634303138353533
61653939633937336363633634373463643166316133386562643730316364663330366231616432
30623232363562393732666334613339333066333436646462656436323563646339363731303432
33376332666337333164323634616237373534313831306434643434346632313961333736356137
66396631626662616238656134353034363038366136663431656433343237643031383238396633
34613562316439613436643263313932343636373431333162343838656432356266373335363335
31636135636130343336333439383538623862393537656432393164663065343436623966303937
66613466613533653334386537303935333862376432313935353039316161323864396230373162
37663137336433666535653830323737633533313661346432626435343936626437613064373530
39663862373462653433363038616333383966633236623962646534353635633135323731343466
30326434333663323433326661376238326463353962323034626338396432313766643536646263
30626137393735366233306530393333353932383264343962656236663666383331636337613735
64613435643163316532623433646135383031383330623233373930376463663333323233303163
62396532366662663536633937653762353664336663333061303162383033306339623730663838
36303866646334323364333361656366393731363133383231643335376538653836663661616231
66383765303239396639333061363335306630346237663561326138373730313237346431353432
36306232376266333166323339396338363063393437646533613433383662626666366338333033
39613438343437386264313765396464386634643130636538333538363333353266666661356361
31666231663539363761663234313562363464303132613563643030346166376533313537626161
34356231373437373934613366313539643661326137343663383632393834313636303637366630
66623337363732393338346661373132316233343639633962653564343431383566623033323033
64636537633361643532633834316662343161633562323731636237633963666463333535666432
62373862613666646462633838306665316165393264353635393231376434623935313332336639
65653464313063656232316161666263306661363039303964633834376334383761376362336636
63626536656434366539633363346266383535336333376239653063326636613831643631316232
64393663383162336563326137363938633065626437303361653235343764663734383532633139
37643839646133613063383534333834326261306135666665666163616461316236393938353638
33353865343933356263343266613037616232323663353835323936613638323138353066666665
66663131306231623136396132303566616238653230646334366237333435663738663066623366
63633133343561393864346531383364643439653166353030636263633735663833323733313731
39646133636232653339363461646136393232646139616361646661656537393731653939366538
31316537383066643539633232376364303965366632343363326539666331373939393439393163
63616630326534373334323566383534373737643837313439376238613631313466643036323634
31646531636636363530663330333334643166323931346236636661623665343662306665643732
39333735613064313864386464393464346537613963386632656564623037616135643766663030
34623364393365376666323966366631626561333364396432613439663061313266643037386536
34306234323333306539313035626537633665356465653862616538373262613438303563346333
31663436356565653533613830306665303561646461393634663461343466386339396635633633
36626265653932336132346335393061346534623064373963393935323531333333376135653332
62303237393438623830626534333430653261373264633461396466333662313464643335613862
34613833643364363766633531306534376132313939313535336465306366663465386432376565
65303139363735626335306236623839653036633161623436303764383134373031336233613232
33366164393463626661383464623131653438366136383433366138306531643363643239343336
38396266386438383734363861313361623736616130643866636237656166653731666439363933
65613036306438306239373035626537323035363239353438373639656338383331323937313563
39396634663239336130386434383363633564656565353464393839323435646137323634363139
39336362646165333336613533633662626133303931633162613064363738396562353433643335
66353261303536393965356265333465343864623330323433646533656135613033363339653438
38393134333938363365633665653737656639393965653664353464373530333739313539656130
66396532393730376162376163383431623231383632343861363430383564626132316464386233
37353939626263386562663561623938316266326262396130663664343939363866323632376561
36363338346135306266313334666339333438323636613565653163373634326363626632303839
62373464326531616132376562613164336463616331323464663865306564353331616136303866
34326530383463333138636663643937306537323130363362646539353130653837656565643233
64346434333736336530336232313661656435366665326161306135326566373135306230656166
31393535333131393262633631326565363562643135623233393139303162666538303637633930
34623134333266356434373463643933636163343432373837376430396162636666626338353566
36326136353836343034326137316265363834323865393161646366643632663938313566626231
65323937636634633630333465373262386261353231623030363234653339316465333336663365
34393364663232383764353564343963323534666533663238653030363264663161343139363133
35393265373439353330393664353132393065636466653561346463356439396366386431663939
32366433396231323836646235623561323563613337326233303466336163363134303730363962
64343030316639646439346266663336613232363036613736366438633534323236316263633632
32376138363236346531623666353463376665656465353137383762376165656165343861303735
35623761336337616165343537333136356538353836336234333035386338376439666439633863
39643164633731653162626432656364383362346638643738613432396331373430363862396134
63336436376638323064336365373236616539643535653763326333623966323839366530383638
38643032386166666633616163646666353133663637616366366262646139653665343735623330
61616231613231316136313038373939356336326661333535323934653533333563353639393432
66326363623433396633323332663333666564373463336261353036613266346538393930393030
38623163623432613835646366643865336566393462653665653965343531333635366230626464
64613163666236643136323033313238366465656630383238386635643664336163666239636238
32383034663832356338633930396261383534663466303938353464616665303965396136663130
32393933323737613164656530343062353739643461623934643564343130313064666430303761
63626565643765626331636130323338303536613933303838646565316431346534646636643939
35313539326631346133366536323537653635323564323335356137313834326530393165663961
36386163336365343239343936356538353061646362356266313639316131313934663639653934
66653138383063333934373534626361666134666665366338623730326539316562643031616164
39336433326337626164356231666265613366303636616635653136633861353663656661306161
66653065303066666564396631386333383735336638656465316435383063363564323330383032
33316139636237356432656366376634626462393536343835646164313364323430626163383064
61323566623634366337303566373634316162646632663136383831326264373433663034393966
66613533393863333164623334626563643031633366373839376362643937396131316236373935
34663235363537656330653333393330343166336139623830616366376238303539616665383366
30646638343730653432613036363364306363663361626635623631646436366537356232356430
61613763663233663034646137653761623361393061316564666464346235303261373764643365
33623263663433616235313237623230653439383463353539343065343564353863623031376635
64656336343633313037663565356539633634336632303838646136373762646433633833646266
64343635633139623163386331646131303738313062316161323939303731373133373466333833
65383231346562306638636466313135366132306530356134353630626364316432653564336437
66343531663866653562313433336362383735643237303830376434643533303339656261306234
32343465626531396536643561653033313037343839633966386463613838633037313861613263
66663034303639316263346639366536366330316435623038643866353738626463383137613930
34666237303039663263323037356363336462346162383135613032633636663030363931633364
61346165393230373532643932326136343634636432336331646236373738653935376231383164
64623162663463326239613036306232613238353865666438343734616262626230666366613337
62646665633462326537306264366166333332393962363236313566633939363061396334336236
32316135613238646337393962643838623334386633303635636435653038363439653137613939
36373533616439343431666638376335663533333163323465623364333236373539383031383265
30373565656235343137323031373839613038333737636634353833653164333165353063626234
33343335343836666135653463626234313038626166653964373161393136393234616662346365
31303832353838623932393062366138666438336135633266636462323162613363623933643639
37396137633132613966666433663765623335633830313038656133626231313339343135343264
65303837303163656532666133326334646530373331666534653839356136623537616663656234
64336130653935313961633030636233613830393665396438326461323462646366353834613934
33386334613265363037383466633864343165323035323561346663636265633431323261366532
31383064326565643437633239326233613237626238623238626534623561643538356264336239
34386530646261353634376461626663663133616635616161333132316233613131396265326139
64316163303861353539383635313930343763363933326466316336383036383139623331376135
35343632343966633366386232346463393431623066366133663230303131626136393561653134
64666631643837386534333830646533326566613536306361373537383164373535343133373238
34633437353164376461646130323431646536336334316137313631386563333035623161333239
30646430346537306139343139656362663137653364666166333762656561313532663739643335
66653730613466363338653063313365623665663863306265343938353966323838636135303038
37653563616431633838616164656462333565333238323364636537306138613631363561333132
38646530323662376335386638303535393639373438623139646162336564346464356438633363
39623133396338386435633830346330353630616264663732333732643862666639373734336238
33396466646238393934643936396362643161623763643532613533616361343365303361333135
336631353564333762373036643737343462
$ANSIBLE_VAULT;1.1;AES256
35643838636261326138363163626663323364373936633333353733626137666233363833383431
6230646538613136623764376364656532303037656637390a343135336431353437393962343030
32363266353239376434323662383836343233613332613832383963306236333564336630326564
3239643365303333360a313462376464313962303433376432386132613338613363333631646331
64376461373961623465323531626335316138643138626339306533303631336336623737303161
32636234633032333962366433646263323663336463343639633762613136633266393235303664
63346431626134306336376565386464313137346537633036333237393730366531333565633531
61383862363532356635306561613539306537643538633365343630653233323333653734363066
30386564653430656164393534626561346163363364313663643035306538393166653336646133
36316436336138373038633761346238336238636135323562323665636131343665613038653831
64373966626561323334333963313363623330353935623336656664366363636531663065613764
32643266333138346564623931383131393538306562306239626531386635613033313432393630
3964
31663532356262356534386231636233643236356664396232643832643835663861366530653463
3030313737336263303837373061656631316436346638380a346163313831313835623063643734
61313134663965653930633134616263653233323739323438323466616666613737386262636664
6164326438353137390a643837386264333733303235666436363663353635376363626363323831
31383334666634646564646330646338393933346663656130616433316531633738376463393062
39316262646235373263663361343864356633346232623338356163326232373864383234383732
34383533346237616632363833333238336163303161306630613535333333653563653261313932
36626436633333646530336533636630346639386238323932363039323164653237343062393965
30353137346361653135626563653862616439626262326538323364363638393664666565626363
36323537306465323761646633373738626535663632646365613033353531323132663963336131
63356563353363653039343633653536336535313633346331313261356438333236316465313832
61376636343933383232333062633331376335343561316463646236643962636463346462303139
65633636373865333635326262633934653366323532626430323637663535313734356164386461
3935373133363230313439656630623364306638643566343163
......@@ -16,6 +16,7 @@
- { role: sudo, tags: ['sudo', 'archusers'] }
- { role: postgres, tags: ['postgres'] }
- { role: quassel, quassel_domain: "quassel.archlinux.org", tags: ['quassel'] }
- { role: matrix, matrix_domain: "matrix.archlinux.org", matrix_server_name: "archlinux.org", tags: ['matrix'] }
- { role: syncrepo, mirror_domain: "mirror.pkgbuild.com", tags: ['syncrepo', 'nginx'] }
- { role: sogrep, tags: ['sogrep'] }
- { role: archbuild, tags: ['archbuild'] }
......
version: 1
formatters:
journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
journal:
class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
root:
level: INFO
handlers: [journal]
disable_existing_loggers: False
[Unit]
Description=Synapse Matrix Homeserver
Requires=postgresql.service
After=network.target postgresql.service
[Service]
User=synapse
WorkingDirectory=~
ExecStart=/var/lib/synapse/venv/bin/python -m synapse.app.homeserver \
--config-path=/etc/synapse/homeserver.yaml
--log-config=/etc/synapse/log_config.yaml
[Install]
WantedBy=multi-user.target
---
- name: daemon reload
command: systemctl daemon-reload
---
- stat: path="/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem"
register: certfile
when: 'matrix_domain != ""'
- name: install packages
pacman: name=python2-virtualenv,git
- name: add synapse group
group: name=synapse system=yes gid=198
- name: add synapse user
user: name=synapse system=yes uid=198 group=synapse home=/var/lib/synapse shell=/bin/false createhome=no
- name: create synapse home
file: path=/var/lib/synapse state=directory owner=synapse group=synapse mode=0755
- name: create venv
command: virtualenv2 /var/lib/synapse/venv
args:
creates: /var/lib/synapse/venv/bin/python
become: yes
become_user: synapse
become_method: sudo
- name: download synapse
command: git clone https://github.com/matrix-org/synapse /var/lib/synapse/synapse
args:
creates: /var/lib/synapse/synapse/setup.py
become: yes
become_user: synapse
become_method: sudo
- name: install synapse
command: /var/lib/synapse/venv/bin/pip install -e /var/lib/synapse/synapse psycopg2 systemd-python lxml
args:
creates: /var/lib/synapse/venv/bin/synctl
become: yes
become_user: synapse
become_method: sudo
- name: add synapse postgres db
postgresql_db: db=synapse
become: yes
become_user: postgres
become_method: su
- name: add synapse postgres user
postgresql_user: db=synapse name=synapse password={{ postgres_users.synapse }}
become: yes
become_user: postgres
become_method: su
- name: install matrix units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- synapse.service
notify:
- daemon reload
- name: add synapse config dir
file: state=directory path=/etc/synapse owner=root group=synapse mode=0750
- name: install homeserver config
template: src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640
- name: install log config
copy: src=log_config.yaml dest=/etc/synapse/log_config.yaml owner=root group=root mode=0644
- name: install federation certificate
copy:
content: "{{ matrix_secrets[matrix_server_name].federation_crt }}"
dest: /etc/synapse/{{ matrix_server_name }}.tls.crt
owner: root
group: synapse
mode: 0640
- name: install federation key
copy:
content: "{{ matrix_secrets[matrix_server_name].federation_key }}"
dest: /etc/synapse/{{ matrix_server_name }}.tls.key
owner: root
group: synapse
mode: 0640
- name: install signing key
copy:
content: "{{ matrix_secrets[matrix_server_name].signing_key }}"
dest: /etc/synapse/{{ matrix_server_name }}.signing.key
owner: root
group: synapse
mode: 0640
- name: start and enable synapse
service: name={{ item }} enabled=yes state=started
with_items:
- synapse.service
- name: make nginx log dir
file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/matrix.conf owner=root group=root mode=0644
notify:
- reload nginx
when: 'matrix_domain != ""'
# vim:ft=yaml
# PEM encoded X509 certificate for TLS.
# You can replace the self-signed certificate that synapse
# autogenerates on launch with your own SSL certificate + key pair
# if you like. Any required intermediary certificates can be
# appended after the primary certificate in hierarchical order.
tls_certificate_path: "/etc/synapse/{{ matrix_server_name }}.tls.crt"
# PEM encoded private key for TLS
tls_private_key_path: "/etc/synapse/{{ matrix_server_name }}.tls.key"
# PEM dh parameters for ephemeral keys
tls_dh_params_path: /etc/ssl/dhparams.pem
# Don't bind to the https port
no_tls: False
# List of allowed TLS fingerprints for this server to publish along
# with the signing keys for this server. Other matrix servers that
# make HTTPS requests to this server will check that the TLS
# certificates returned by this server match one of the fingerprints.
#
# Synapse automatically adds its the fingerprint of its own certificate
# to the list. So if federation traffic is handle directly by synapse
# then no modification to the list is required.
#
# If synapse is run behind a load balancer that handles the TLS then it
# will be necessary to add the fingerprints of the certificates used by
# the loadbalancers to this list if they are different to the one
# synapse is using.
#
# Homeservers are permitted to cache the list of TLS fingerprints
# returned in the key responses up to the "valid_until_ts" returned in
# key. It may be necessary to publish the fingerprints of a new
# certificate and wait until the "valid_until_ts" of the previous key
# responses have passed before deploying it.
tls_fingerprints: []
# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
## Server ##
# The domain name of the server, with optional explicit port.
# This is used by remote servers to connect to this server,
# e.g. matrix.org, localhost:8080, etc.
# This is also the last part of your UserID.
server_name: "{{ matrix_server_name }}"
# When running as a daemon, the file to store the pid in
#pid_file: /var/lib/synapse/homeserver.pid
# Whether to serve a web client from the HTTP/HTTPS root resource.
web_client: true
# The public-facing base URL for the client API (not including _matrix/...)
# public_baseurl: https://example.com:8448/
# Set the soft limit on the number of file descriptors synapse can use
# Zero is used to indicate synapse should set the soft limit to the
# hard limit.
soft_file_limit: 0
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
# gc_thresholds: [700, 10, 10]
# List of ports that Synapse should listen on, their purpose and their
# configuration.
listeners:
# Main HTTPS listener
# For when matrix traffic is sent directly to synapse.
-
# The port to listen for HTTPS requests on.
port: 8448
# Local addresses to listen on.
# This will listen on all IPv4 addresses by default.
bind_addresses:
#- '0.0.0.0'
# Uncomment to listen on all IPv6 interfaces
# N.B: On at least Linux this will also listen on all IPv4
# addresses, so you will need to comment out the line above.
- '::'
# This is a 'http' listener, allows us to specify 'resources'.
type: http
tls: true
# Use the X-Forwarded-For (XFF) header as the client IP and not the
# actual client IP.
x_forwarded: false
# List of HTTP resources to serve on this listener.
resources:
-
# List of resources to host on this listener.
names:
- client # The client-server APIs, both v1 and v2
- webclient # The bundled webclient.
# Should synapse compress HTTP responses to clients that support it?
# This should be disabled if running synapse behind a load balancer
# that can do automatic compression.
compress: true
- names: [federation] # Federation APIs
compress: false
# Unsecure HTTP listener,
# For when matrix traffic passes through loadbalancer that unwraps TLS.
- port: 8008
tls: false
bind_addresses: ['127.0.0.1', '::1']
type: http
x_forwarded: true
resources:
- names: [client, webclient]
compress: true
- names: [federation]
compress: false
# Turn on the twisted ssh manhole service on localhost on the given
# port.
# - port: 9000
# bind_address: 127.0.0.1
# type: manhole
# Database configuration
database:
# The database engine name
name: psycopg2
# Arguments to pass to the engine
args:
dbname: synapse
user: synapse
password: {{ postgres_users.synapse }}
cp_min: 5
cp_max: 10
# Number of events to cache in memory.
event_cache_size: 10K
# Logging verbosity level.
verbose: 0
# File to write logging to
#log_file: /var/lib/synapse/homeserver.log
# A yaml python logging config file
log_config: /etc/synapse/log_config.yaml
## Ratelimiting ##
# Number of messages a client can send per second
rc_messages_per_second: 0.2
# Number of message a client can send before being throttled
rc_message_burst_count: 10.0
# The federation window size in milliseconds
federation_rc_window_size: 1000
# The number of federation requests from a single server in a window
# before the server will delay processing the request.
federation_rc_sleep_limit: 10
# The duration in milliseconds to delay processing events from
# remote servers by if they go over the sleep limit.
federation_rc_sleep_delay: 500
# The maximum number of concurrent federation requests allowed
# from a single server
federation_rc_reject_limit: 50
# The number of federation requests to concurrently process from a
# single server
federation_rc_concurrent: 3
# Directory where uploaded images and attachments are stored.
media_store_path: /var/lib/synapse/media_store
# Directory where in-progress uploads are stored.
uploads_path: /var/lib/synapse/uploads
# The largest allowed upload size in bytes
max_upload_size: 10M
# Maximum number of pixels that will be thumbnailed
max_image_pixels: 32M
# Whether to generate new thumbnails on the fly to precisely match
# the resolution requested by the client. If true then whenever
# a new resolution is requested by the client the server will
# generate a new thumbnail. If false the server will pick a thumbnail
# from a precalculated list.
dynamic_thumbnails: false
# List of thumbnail to precalculate when an image is uploaded.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
# Is the preview URL API enabled? If enabled, you *must* specify
# an explicit url_preview_ip_range_blacklist of IPs that the spider is
# denied from accessing.
url_preview_enabled: true
# List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. There are no defaults: you must explicitly
# specify a list for URL previewing to work. You should specify any
# internal services in your network that you do not want synapse to try
# to connect to, otherwise anyone in any Matrix room could cause your
# synapse to issue arbitrary GET requests to your internal services,
# causing serious security issues.
#
url_preview_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
#
# List of IP address CIDR ranges that the URL preview spider is allowed
# to access even if they are specified in url_preview_ip_range_blacklist.
# This is useful for specifying exceptions to wide-ranging blacklisted
# target IP ranges - e.g. for enabling URL previews for a specific private
# website only visible in your network.
#
# url_preview_ip_range_whitelist:
# - '192.168.1.1'
# Optional list of URL matches that the URL preview spider is
# denied from accessing. You should use url_preview_ip_range_blacklist
# in preference to this, otherwise someone could define a public DNS