commit e2910cd9c634ee9740d39f2c388b847edda8f0d7
parent 21504f0ba7c00b7e7123bf66d97ae9d31308c02c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 1 Mar 2021 15:53:01 +0100
parent 21504f0ba7c00b7e7123bf66d97ae9d31308c02c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 1 Mar 2021 15:53:01 +0100
update configurations and playbook
3 files changed, 151 insertions(+), 12 deletions(-)
M
|
145
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configuration/quitschi.yml b/configuration/quitschi.yml @@ -84,6 +84,12 @@ services: quitschi.ctu.cx: renewTasks: - sudo rc-service nginx restart + trans-agenda.de: + renewTasks: + - sudo rc-service nginx restart + matrix.trans-agenda.de: + renewTasks: + - sudo rc-service nginx restart nginx: enable: true @@ -100,3 +106,142 @@ services: locations: - path: /node-exporter proxy: http://127.0.0.1:9100/metrics + trans-agenda.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/trans-agenda.de/fullchain" + privkey: "/var/lib/acme-redirect/live/trans-agenda.de/privkey" + locations: + - path: "/.well-known/matrix/client" + extraConfig: ' + add_header Content-Type application/json; + return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.trans-agenda.de\"}}"; + ' + - path: "/.well-known/matrix/server" + extraConfig: ' + add_header Content-Type application/json; + return 200 "{\"m.server\": \"matrix.trans-agenda.de:443\"}"; + ' + + synapse: + enable: true + setupPostgreSQL: true + homeserverConfig: + suppress_key_server_warning: true + admin_contact: 'mailto:leah@ctu.cx' + no_tls: false + server_name: "trans-agenda.de" + pid_file: "/run/matrix-synapse.pid" + public_baseurl: "https://matrix.trans-agenda.de/" + listeners: + - port: 8008 + bind_address: "127.0.0.1" + type: http + tls: false + x_forwarded: true + resources: + - names: ["client"] + compress: true + - names: ["federation"] + compress: false + database: + name: "psycopg2" + args: + database: "synapse" + event_cache_size: "10K" + verbose: 0 + rc_messages_per_second: 0.2 + rc_message_burst_count: 10.0 + federation_rc_window_size: 1000 + federation_rc_sleep_limit: 10 + federation_rc_sleep_delay: 500 + federation_rc_reject_limit: 50 + federation_rc_concurrent: 3 + media_store_path: "/var/lib/synapse/media" + uploads_path: "/var/lib/synapse/uploads" + max_upload_size: "150M" + max_image_pixels: "32M" + dynamic_thumbnails: true + url_preview_enabled: true + url_preview_ip_range_blacklist: ["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","100.64.0.0/10","169.254.0.0/16","::1/128","fe80::/64","fc00::/7"] + url_preview_ip_range_whitelist: [] + url_preview_url_blacklist: [] + enable_registration_captcha: true + recaptcha_public_key: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/recaptcha.pub')}}" + recaptcha_private_key: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/recaptcha.priv')}}" + turn_uris: [] + turn_shared_secret: "" + enable_registration: true + enable_metrics: false + registration_shared_secret: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/secret')}}" + recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" + turn_user_lifetime: "1h" + user_creation_max_duration: 1209600000 + bcrypt_rounds: 12 + allow_guest_access: false + room_invite_state_types: ["m.room.join_rules", "m.room.canonical_alias", "m.room.avatar", "m.room.name"] + expire_access_token: false + report_stats: false + signing_key_path: "/var/lib/synapse/homeserver.signing.key" + key_refresh_interval: "1d" + redaction_retention_period: 7 + perspectives: + servers: + "matrix.org": + verify_keys: + "ed25519:auto": + key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" + email: + smtp_host: wanderduene.ctu.cx + smtp_port: 587 + smtp_user: "matrix@trans-agenda.de" + smtp_pass: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/email.passwd')}}" + require_transport_security: true + notif_from: "trans-agenda.de Matrix Server <matrix@trans-agenda.de>" + app_name: Matrix + enable_notifs: true + notif_for_new_users: false + client_base_url: "https://matrix.trans-agenda.de" + validation_token_lifetime: 1h + logConfig: + version: 1 + formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + handlers: + file: + class: logging.handlers.TimedRotatingFileHandler + formatter: precise + filename: /var/log/synapse/homeserver.log + when: midnight + backupCount: 3 # Does not include the current log file. + encoding: utf8 + buffer: + class: logging.handlers.MemoryHandler + target: file + capacity: 10 + flushLevel: 30 # Flush for WARNING logs as well + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.storage.SQL: + level: INFO + twisted: + handlers: [file] + propagate: false + root: + level: INFO + handlers: [buffer] + disable_existing_loggers: false + webClient: + enable: true + configFile: config-files/quitschi/schildichat-web.json + nginx: + enable: true + domain: "matrix.trans-agenda.de" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/matrix.trans-agenda.de/fullchain" + privkey: "/var/lib/acme-redirect/live/matrix.trans-agenda.de/privkey"
diff --git a/configuration/wanderduene.yml b/configuration/wanderduene.yml @@ -6,7 +6,7 @@ system: enableOwnRepos: true enableSudo: true useNTP: true - enableNFSMount: true #todo: support archlinux + enableNFSMount: true extraPackages: - iftop - iotop @@ -308,6 +308,7 @@ services: synapse: enable: true homeserverConfig: + suppress_key_server_warning: true no_tls: false server_name: "ctu.cx" pid_file: "/run/matrix-synapse.pid" @@ -350,7 +351,7 @@ services: turn_shared_secret: "" enable_registration: false enable_metrics: false - registration_shared_secret: "secret" + registration_shared_secret: "{{ lookup('diskcache', 'passwordstore', 'Server/wanderduene/synapse.secret')}}" recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" turn_user_lifetime: "1h" user_creation_max_duration: 1209600000 @@ -458,15 +459,6 @@ services: 'fbexporter.f2k1.de' ] - - job_name: 'parkplatz-exporter' - metrics_path: '/parkplaetze.php' - scheme: 'https' - scrape_interval: 5m - static_configs: - - targets: [ - 'f2k1.de' - ] - - job_name: 'smarthome-exporter' metrics_path: '/smarthome-exporter' scheme: 'https'
diff --git a/playbook.yml b/playbook.yml @@ -40,7 +40,7 @@ tags: radicale - role: pleroma # supports: alpine tags: pleroma - - role: synapse # supports: alpine, arch(untested) + - role: synapse tags: synapse - role: prometheus # supports: alpine, arch(untested) tags: prometheus @@ -95,6 +95,8 @@ tags: vnstat - role: nginx # supports: alpine, arch tags: nginx + - role: synapse + tags: synapse - hosts: joguhrtbecher name: Install joguhrtbecher