Refactor

coreos-config/plays/services/matrix/synapse-config/homeserver.yaml

@@ -0,0 +1,122 @@
+# Configuration file for Synapse.
+#
+# This is a YAML file: see [1] for a quick introduction. Note in particular
+# that *indentation is important*: all the elements of a list or dictionary
+# should have the same indentation.
+#
+# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
+#
+# For more information on how to configure Synapse, including a complete accounting of
+# each option, go to docs/usage/configuration/config_documentation.md or
+# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+server_name: "{{ matrix.baseurl }}"
+pid_file: /data/homeserver.pid
+enable_metrics: true
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+  - port: 9091
+    tls: false
+    type: metrics
+database:
+  name: psycopg2
+  args:
+    user: {{ matrix.db.user }}
+    password: {{ matrix.db.password }}
+    database: {{ matrix.db.database }}
+    host: db
+    cp_min: 5
+    cp_max: 10
+log_config: "/config/tobiasmanske.de.log.config"
+media_store_path: /data/media_store
+report_stats: true
+macaroon_secret_key: "{{ matrix.secrets.macaroon }}"
+form_secret: "{{ matrix.secrets.form }}"
+signing_key_path: "/config/tobiasmanske.de.signing.key"
+trusted_key_servers:
+  - server_name: "matrix.org"
+oidc_providers:
+  - idp_id: keycloak
+    idp_name: "KeyCloak"
+    issuer: "{{ matrix.oidc.issuer }}"
+    client_id: "{{ matrix.oidc.client_id }}"
+    client_secret: "{{ matrix.oidc.client_secret }}"
+    scopes: ["openid", "profile"]
+    user_mapping_provider:
+      config:
+{% raw %}
+        localpart_template: "{{ user.mx_localpart }}"
+        display_name_template: "{{ user.name }}"
+{% endraw %}
+    backchannel_logout_enabled: true # Optional
+
+enable_registration: true
+registration_requires_token: true
+registration_shared_secret: "{{ matrix.secrets.registration }}"
+password_config:
+  enabled: true
+
+redis:
+  enabled: true
+  host: redis
+  port: 6379
+
+app_service_config_files:
+  - /data/reg-mautrix-tg.yaml
+  - /data/reg-mautrix-slack.yaml
+  - /data/reg-mautrix-signal.yaml
+
+rc_message:
+  per_second: 100
+  burst_count: 100
+rc_joins:
+  local:
+    per_second: 100
+    burst_count: 100
+server_notices:
+   system_mxid_localpart: "server"
+   system_mxid_display_name: "Server Notices"
+   system_mxid_avatar_url: "mxc://unruhig.eu/khyOCChmyYSOsIFIbUWGGEWq"
+   room_name: "Server Notices"
+
+modules:
+  - module: shared_secret_authenticator.SharedSecretAuthProvider
+    config:
+        shared_secret: "{{ matrix.authenticator.shared_secret }}"
+
+        # By default, only login requests of type `com.devture.shared_secret_auth` are supported.
+        # Below, we explicitly enable support for the old `m.login.password` login type,
+        # which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software.
+        # If you don't need such legacy support, consider setting this to `false` or omitting it entirely.
+        m_login_password_support_enabled: true
+
+        # By default, only login requests of type `com.devture.shared_secret_auth` are supported.
+        # Advertising support for such an authentication type causes a problem with Element, however.
+        # See: https://github.com/vector-im/element-web/issues/19605
+        #
+        # Uncomment the line below to disable `com.devture.shared_secret_auth` support.
+        # You will then need to:
+        # - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type
+        # - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests
+        # com_devture_shared_secret_auth_support_enabled: false
+
+media_storage_providers:
+  - module: s3_storage_provider.S3StorageProviderBackend
+    store_local: True
+    store_remote: True
+    store_synchronous: True
+    config:
+      bucket: "{{ matrix.storage.s3.bucket }}"
+      # All of the below options are optional, for use with non-AWS S3-like
+      # services, or to specify access tokens here instead of some external method.
+      endpoint_url: "{{ matrix.storage.s3.endpoint_url }}"
+      access_key_id: "{{ matrix.storage.s3.access_key_id }}"
+      secret_access_key: "{{ matrix.storage.s3.secret_access_key }}"
+
+
+# vim:ft=yaml

coreos-config/plays/services/matrix/synapse-config/tobiasmanske.de.log.config

@@ -0,0 +1,32 @@
+version: 1
+
+formatters:
+  precise:
+
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+
+
+handlers:
+
+
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+
+
+loggers:
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+
+
+root:
+    level: WARNING
+
+
+    handlers: [console]
+
+
+disable_existing_loggers: false

coreos-config/plays/services/matrix/synapse-config/tobiasmanske.de.signing.key

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.2;AES256;secrets
+64326434386632376335333966336365333663393130323464333266383639383264616662623333
+6437306539633766376336663263393038306162333234340a383237386331636366616266316265
+39626638623562623835633035643231656263653437346266333264643830323062353930356462
+3936633165633434320a656463656536383539346138383630343137383861613538323735393131
+61383237626533316433633866396434663230633239396661333831653531363732646561656164
+35353264613364613832653536333632356132666434616134316339383934616264323261366366
+633838383264646531663039343639383036