diff options
| -rw-r--r-- | files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server | 108 | ||||
| -rw-r--r-- | hostclasses | 1 | ||||
| -rw-r--r-- | scripts/hostclass/matrix_server | 39 | ||||
| -rw-r--r-- | scripts/hostclass/pkg_repository | 2 |
4 files changed, 149 insertions, 1 deletions
diff --git a/files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server b/files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server new file mode 100644 index 0000000..d52c351 --- /dev/null +++ b/files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server @@ -0,0 +1,108 @@ +server_name: ${synapse_domain} +pid_file: /var/run/matrix-synapse/homeserver.pid +public_baseurl: https://${synapse_public_fqdn}:${synapse_client_port}/ + +listeners: + - port: ${synapse_local_client_port} + tls: false + type: http + x_forwarded: true + bind_addresses: ['::1', '127.0.0.1'] + resources: + - names: [client] + compress: false + + - port: ${synapse_local_federation_port} + tls: false + type: http + x_forwarded: true + bind_addresses: ['::1', '127.0.0.1'] + resources: + - names: [federation] + compress: false + +email: + smtp_host: ${smtp_host} + smtp_port: 25 + notif_from: ${synapse_email_from} + enable_notifs: true + +client_base_url: https://${synapse_public_fqdn} + +database: + name: psycopg2 + args: + user: ${synapse_db_user} + database: ${synapse_username} + host: ${synapse_db_host} + cp_min: 5 + cp_max: 10 + keepalives_idle: 10 + keepalives_interval: 10 + keepalives_count: 3 + +log_config: ${synapse_conf_dir}/log.config + +media_store_path: ${synapse_db_dir}/media_store +media_retention: + local_media_retention: ${synapse_local_media_retention} + remote_media_retention: ${synapse_remote_media_retention} +max_upload_size: ${synapse_upload_sizelimit} + +url_preview_enabled: true +url_preview_ip_range_whitelist: [] +url_preview_ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '192.0.0.0/24' + - '169.254.0.0/16' + - '192.88.99.0/24' + - '198.18.0.0/15' + - '192.0.2.0/24' + - '198.51.100.0/24' + - '203.0.113.0/24' + - '224.0.0.0/4' + - '::1/128' + - 'fe80::/10' + - 'fc00::/7' + - '2001:db8::/32' + - 'ff00::/8' + - 'fec0::/10' + +enable_registration: false +auto_join_rooms: [] +autocreate_auto_join_rooms: true +autocreate_auto_join_rooms_federated: false + +turn_uris: ['turn:${synapse_turn_host}'] +turn_shared_secret: ${synapse_turn_secret} +turn_allow_guests: false + +report_stats: false + +macaroon_secret_key: ${synapse_macaroon_secret_key} +form_secret: ${synapse_form_secret} + +signing_key_path: ${synapse_conf_dir}/${synapse_domain}.signing.key + +trusted_key_servers: + - server_name: matrix.org +suppress_key_server_warning: true + +modules: + - module: ldap_auth_provider.LdapAuthProviderModule + config: + enabled: true + uri: ${ldap_uri} + start_tls: true + base: ${users_basedn} + attributes: + uid: uid + mail: mail + name: cn + bind_dn: uid=${synapse_username},${robots_basedn} + bind_password: ${synapse_ldap_password} + filter: '(memberOf=cn=${synapse_access_role},${roles_basedn})' diff --git a/hostclasses b/hostclasses index 5115b03..ff8eb40 100644 --- a/hostclasses +++ b/hostclasses @@ -25,3 +25,4 @@ asterisk_server ^pbx[0-9] nfs_server ^nfs[0-9] turn_server ^turn[0-9] icinga_server ^icinga[0-9] +matrix_server ^matrix[0-9] diff --git a/scripts/hostclass/matrix_server b/scripts/hostclass/matrix_server new file mode 100644 index 0000000..df22c3b --- /dev/null +++ b/scripts/hostclass/matrix_server @@ -0,0 +1,39 @@ +#!/bin/sh + +: ${synapse_signing_key:='changeme'} +: ${synapse_macaroon_secret_key:='changeme'} +: ${synapse_form_secret:='changeme'} +: ${synapse_ldap_password:='changeme'} +: ${synapse_domain:="$email_domain"} +: ${synapse_public_fqdn:="$fqdn"} +: ${synapse_local_client_port:='8008'} +: ${synapse_local_federation_port:='8009'} +: ${synapse_client_port:='8443'} +: ${synapse_federation_port:='8448'} +: ${synapse_mail_from:="Matrix <matrix-noreply@${email_domain}>"} +: ${synapse_username:='s-synapse'} +: ${synapse_local_media_retention:='365d'} +: ${synapse_remote_media_retention:='90d'} +: ${synapse_upload_sizelimit:='104857600'} # 100 MB +: ${synapse_turn_host:="$turn_domain"} +: ${synapse_turn_secret:="$turn_secret"} +: ${synapse_access_role:='matrix-access'} + +synapse_db_dir=/var/db/matrix-synapse +synapse_conf_dir=/usr/local/etc/matrix-synapse +synapse_local_user=synapse + +# Install required packages. +pkg install -y \ + py${python_version}-matrix-synapse \ + py${python_version}-matrix-synapse-ldap3 \ + nginx + +# Generate synapse configuration. +install_template -o "$synapse_local_user" -g "$synapse_local_user" -m 0600 \ + "${synapse_conf_dir}/homeserver.yaml" \ + "${synapse_conf_dir}/${synapse_domain}.signing.key" + +install_file -o "$synapse_local_user" -g "$synapse_local_user" -m 0644 \ + "${synapse_conf_dir}/log.config" + diff --git a/scripts/hostclass/pkg_repository b/scripts/hostclass/pkg_repository index 241ee0e..83a26aa 100644 --- a/scripts/hostclass/pkg_repository +++ b/scripts/hostclass/pkg_repository @@ -3,7 +3,7 @@ : ${poudriere_versions:='14.2-RELEASE'} : ${poudriere_jobs:="$nproc"} : ${poudriere_dataset:="${state_dataset:-zroot}"} -: ${poudriere_make_jobs_number:='8'} +: ${poudriere_make_jobs_number:='4'} : ${poudriere_priority_boost:='gcc* llvm* rust'} : ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core digikam eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg postgresql* qt*-webengine rust webkit* wine vaultwarden'} : ${poudriere_ccache_size:='50.0G'} |