This commit is contained in:
chris 2022-05-07 15:38:45 +00:00
commit d7ca8092a1
7 changed files with 279 additions and 0 deletions

5
README.md Normal file
View file

@ -0,0 +1,5 @@
# Matrix/Synapse configuration
Everything (except for docker-compose.yaml) goes into the data-volume of the synapse installation.
*This is work in progress a.k.a. defunct!*

14
client.yaml Normal file
View file

@ -0,0 +1,14 @@
worker_app: "synapse.app.generic_worker"
worker_name: "worker_client"
worker_replication_host: "synapse"
worker_replication_http_port: 9093
worker_listeners:
- type: "http"
port: 8083
resources:
- names:
- "client"
worker_log_config: "/data/zknt.org.log.config"

150
docker-compose.yaml Normal file
View file

@ -0,0 +1,150 @@
---
version: '2.1'
networks:
dmz:
# defined by traefik service
external: true
back: {}
services:
postgres:
image: "postgres:11"
restart: "unless-stopped"
volumes:
- "dbdata:/var/lib/postgresql/data"
environment:
POSTGRES_PASSWORD: "hunter2"
POSTGRES_USER: "synapse"
POSTGRES_INITDB_ARGS: "--encoding='UTF8' --lc-collate='C' --lc-ctype='C'"
networks:
back: {}
redis:
image: "reg.zknt.org/zknt/redis"
restart: "unless-stopped"
volumes:
- "redisdata:/var/lib/redis"
networks:
back: {}
federation-sender:
image: "matrixdotorg/synapse:latest"
restart: "unless-stopped"
healthcheck:
disable: true
volumes:
- "data:/data"
command: "run -m synapse.app.federation_sender --config-path=/data/homeserver.yaml --config-path=/data/federation-sender.yaml"
networks:
back: {}
federation-receiver:
image: "matrixdotorg/synapse:latest"
restart: "unless-stopped"
healthcheck:
disable: true
volumes:
- "data:/data"
command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/federation-receiver.yaml"
networks:
back: {}
dmz: {}
labels:
- "traefik.enable=true"
- "traefik.docker.network=dmz"
- "traefik.http.routers.matrix-federation.rule=Host(`matrix.zknt.org`) && PathPrefix(
`/_matrix/federation`,
`/_matrix/key`
)"
- "traefik.http.routers.matrix-federation.tls=true"
- "traefik.http.services.matrix-federation.loadbalancer.server.port=8084"
- "traefik.http.routers.matrix-federation.service=matrix-federation"
federation-client:
image: "matrixdotorg/synapse:latest"
restart: "unless-stopped"
healthcheck:
disable: true
volumes:
- "data:/data"
command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/client.yaml"
networks:
back: {}
dmz: {}
labels:
- "traefik.enable=true"
- "traefik.docker.network=dmz"
- "traefik.http.routers.matrix-client.rule=Host(`matrix.zknt.org`) && PathPrefix(
`/_matrix/client/(v2_alpha|r0)/sync`,
`/_matrix/client/(api/v1|v2_alpha|r0)/events`,
`/_matrix/client/(api/v1|r0)/initialSync`,
`/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync`,
`/_matrix/client/(api/v1|r0|unstable)/publicRooms`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state`,
`/_matrix/client/(api/v1|r0|unstable)/account/3pid`,
`/_matrix/client/(api/v1|r0|unstable)/devices`,
`/_matrix/client/(api/v1|r0|unstable)/keys/query`,
`/_matrix/client/(api/v1|r0|unstable)/keys/changes`,
`/_matrix/client/versions`,
`/_matrix/client/(api/v1|r0|unstable)/voip/turnServer`,
`/_matrix/client/(api/v1|r0|unstable)/joined_groups`,
`/_matrix/client/(api/v1|r0|unstable)/publicised_groups`,
`/_matrix/client/(api/v1|r0|unstable)/publicised_groups/`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/`,
`/_matrix/client/(api/v1|r0|unstable)/joined_rooms`,
`/_matrix/client/(api/v1|r0|unstable)/search`,
`/_matrix/client/(api/v1|r0|unstable)/login`,
`/_matrix/client/(r0|unstable)/register`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/`,
`/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)`,
`/_matrix/client/(api/v1|r0|unstable)/join/`,
`/_matrix/client/(api/v1|r0|unstable)/profile/`
)"
- "traefik.http.routers.matrix-client.tls=true"
- "traefik.http.services.matrix-client.loadbalancer.server.port=8083"
- "traefik.http.routers.matrix-client.service=matrix-client"
synapse:
image: "matrixdotorg/synapse:latest"
restart: "unless-stopped"
volumes:
- "data:/data"
environment:
SYNAPSE_SERVER_NAME: "zknt.org"
SYNAPSE_REPORT_STATS: "no"
networks:
dmz: {}
back: {}
labels:
- "traefik.enable=true"
- "traefik.docker.network=dmz"
- "traefik.http.routers.matrix.rule=Host(`matrix.zknt.org`)"
- "traefik.http.routers.matrix.tls=true"
- "traefik.http.routers.matrix.tls.certresolver=leprod"
- "traefik.http.services.matrix.loadbalancer.server.port=8008"
- "traefik.http.routers.matrix.service=matrix"
- "traefik.http.routers.matrix-admin.rule=Host(`matrix.zknt.org`) && PathPrefix(`/_synapse/admin/`)"
- "traefik.http.routers.matrix-admin.tls=true"
- "traefik.http.middlewares.matrix-admin-allow.ipwhitelist.sourcerange=172.27.0.0/16"
- "traefik.http.routers.matrix-admin.middlewares=matrix-admin-allow@docker"
volumes:
data:
labels:
org.zknt.backup: true
dbdata:
labels:
org.zknt.backup: true
redisdata:
labels:
org.zknt.backup: true

14
federation-receiver.yaml Normal file
View file

@ -0,0 +1,14 @@
worker_app: "synapse.app.generic_worker"
worker_name: "federation_worker"
worker_replication_host: "synapse"
worker_replication_http_port: 9093
worker_listeners:
- type: "http"
port: 8084
resources:
- names:
- "federation"
worker_log_config: "/data/zknt.org.log.config"

5
federation-sender.yaml Normal file
View file

@ -0,0 +1,5 @@
worker_app: "synapse.app.federation_sender"
worker_name: "federation_sender"
worker_replication_host: "synapse"
worker_replication_http_port: 9093
worker_log_config: "/data/zknt.org.log.config"

69
homeserver.yaml Normal file
View file

@ -0,0 +1,69 @@
server_name: "zknt.org"
signing_key_path: "/data/zknt.org.signing.key"
registration_shared_secret: "hunter2"
macaroon_secret_key: "hunter2"
media_store_path: "/data/media_store"
public_baseurl: "https://matrix.zknt.org"
admin_contact: "mailto:a@b.c"
log_config: "/data/zknt.org.log.config"
presence:
enabled: false
enable_metrics: false
report_stats: false
supporess_key_server_warning: true
max_upload_size: "50M"
trusted_key_servers:
- server_name: "matrix.org"
suppress_key_server_warning: true
listeners:
- port: 8008
tls: false
type: "http"
x_forward: true
bind_addresses:
- "0.0.0.0"
resources:
- names:
- "client"
- "federation"
compress: false
- port: 9093
bind_addresses:
- "0.0.0.0"
type: "http"
resources:
- names:
- "replication"
database:
name: "psycopg2"
txn_limit: 10000
args:
user: "synapse"
password: "hunter2"
database: "synapse"
host: "postgres"
port: 5432
cp_min: 5
cp_max: 10
email:
smtp_host: "172.27.32.80"
smtp_port: 25
enable_tls: false
notif_from: "Your Friendly %(app)s homeserver <a@b.c>"
app_name: "ZKNT"
enable_notifs: true
redis:
enabled: true
host: "redis"
port: 6379
send_federation: false
federation_sender_instances:
- "federation_sender"

22
zknt.org.log.config Normal file
View file

@ -0,0 +1,22 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARNING
root:
level: WARNING
handlers: [console]
disable_existing_loggers: false