Add configuration for Matrix/Synapse
This commit is contained in:
parent
a8b27a7220
commit
6998178775
|
@ -1,4 +1,6 @@
|
||||||
.env
|
.env
|
||||||
minecraft/server.jar
|
minecraft/server.jar
|
||||||
starbound/binaries
|
starbound/binaries
|
||||||
|
synapse/config/homeserver.yaml
|
||||||
|
synapse/config/matrix-signing.key
|
||||||
!starbound/binaries/.gitkeep
|
!starbound/binaries/.gitkeep
|
|
@ -15,4 +15,10 @@ To use the minecraft server, just copy the `server.jar` from `minecraft.net` to
|
||||||
|
|
||||||
## Starbound
|
## Starbound
|
||||||
My Starbound container only works with the **GOG version!**
|
My Starbound container only works with the **GOG version!**
|
||||||
After installing Starboud on your gaming machine, archive all files from `~/GOG Games/Starbound/game/` into `starbound/binaries/binaries.tar.gz` and then run `ansible-playbook starbound/start.yml`
|
After installing Starboud on your gaming machine, archive all files from `~/GOG Games/Starbound/game/` into `starbound/binaries/binaries.tar.gz` and then run `ansible-playbook starbound/start.yml`
|
||||||
|
|
||||||
|
## Matrix Synapse
|
||||||
|
Before using Synapse you have to copy the file synapse/homserver.template.yaml to `synapse/config/homserver.yaml` and insert all missing values (like Shared registartion key)
|
||||||
|
Secondly you have to generate the signing key by running the `generate-signing-key.py` script and placing it in `synapse/config/matrix-signing.key`. Please not that signedjson python module has to be installed.
|
||||||
|
Thanks to Abel Luck for putting that script on GitHub Gist: [https://gist.github.com/abeluck/bb7b28fa75872212839e6fb3f07000d3]()
|
||||||
|
After that you can just start Synapse by `ansible-playbook starbound/start.yml`
|
|
@ -3,6 +3,7 @@ services:
|
||||||
minecraft:
|
minecraft:
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- /var/minecraft/world:/minecraft/world
|
- /var/minecraft/world:/minecraft/world
|
||||||
- /var/minecraft/ops.json:/minecraft/ops.json
|
- /var/minecraft/ops.json:/minecraft/ops.json
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
shell: "rm -f /etc/nginx/sites-enabled/*"
|
shell: "rm -f /etc/nginx/sites-enabled/*"
|
||||||
|
|
||||||
- name: Get Certificate
|
- name: Get Certificate
|
||||||
shell: certbot certonly --standalone --preferred-challenges http -m mathias.teier@icloud.com --agree-tos -n -d teier.eu -d cloud.teier.eu -d nummus.teier.eu -d www.teier.eu
|
shell: certbot certonly --standalone --preferred-challenges http -m mathias.teier@icloud.com --agree-tos -n -d teier.eu -d cloud.teier.eu -d nummus.teier.eu -d www.teier.eu -d collabora.teier.eu -d matrix.teier.eu
|
||||||
|
|
||||||
- name: Install nginx server config
|
- name: Install nginx server config
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -29,5 +29,6 @@ server {
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Frame-Options "SAMEORIGIN";
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name matrix.teier.eu;
|
||||||
|
return 301 https://$server_name:443$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
|
||||||
|
# Federation Port
|
||||||
|
listen 8448 ssl http2;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/teier.eu/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/teier.eu/privkey.pem;
|
||||||
|
|
||||||
|
server_name matrix.teier.eu;
|
||||||
|
|
||||||
|
location ~* ^(\/_matrix|\/_synapse\/client) {
|
||||||
|
proxy_pass http://127.0.0.1:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
|
||||||
|
client_max_body_size 50M;
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
version: '2.4'
|
version: '2.4'
|
||||||
services:
|
services:
|
||||||
nummus:
|
nummus:
|
||||||
image: glenroy37/nummus:0.1-alpha
|
image: glenroy37/nummus:0.1.1-alpha
|
||||||
environment:
|
environment:
|
||||||
DB_HOST: mariadb
|
DB_HOST: mariadb
|
||||||
DB_USER: nummus
|
DB_USER: nummus
|
||||||
|
|
|
@ -3,5 +3,5 @@
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
tasks:
|
tasks:
|
||||||
tasks:
|
tasks:
|
||||||
- name: Start Nummus
|
- name: Teardown Nummus
|
||||||
shell: "cd /dc/nummus && docker-compose down"
|
shell: "cd /dc/nummus && docker-compose down"
|
|
@ -0,0 +1,22 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse.storage.SQL:
|
||||||
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||||
|
# information such as access tokens.
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: "INFO"
|
||||||
|
handlers: [console]
|
||||||
|
|
||||||
|
disable_existing_loggers: false
|
|
@ -0,0 +1,16 @@
|
||||||
|
version: '2.4'
|
||||||
|
services:
|
||||||
|
synapse:
|
||||||
|
image: matrixdotorg/synapse:latest
|
||||||
|
restart: always
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
|
||||||
|
interval: 1m
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
ports:
|
||||||
|
- 8008:8008
|
||||||
|
environment:
|
||||||
|
SYNAPSE_SERVER_NAME: matrix.teier.eu
|
||||||
|
volumes:
|
||||||
|
- /var/synapse:/data
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Generate a signing key for synapse from the command line
|
||||||
|
#
|
||||||
|
# Usage: python3 generate-signing-key.py
|
||||||
|
#
|
||||||
|
# You must have the signedjson package installed, pip3 install signedjson
|
||||||
|
# You must use python3
|
||||||
|
#
|
||||||
|
# Author: Abel Luck <abel@guardianproject.info>
|
||||||
|
# Updated: April 25 2019
|
||||||
|
|
||||||
|
import random
|
||||||
|
import string
|
||||||
|
import io
|
||||||
|
from signedjson.key import generate_signing_key, write_signing_keys
|
||||||
|
|
||||||
|
|
||||||
|
def random_string(length):
|
||||||
|
return ''.join(random.choice(string.ascii_letters) for _ in range(length))
|
||||||
|
|
||||||
|
|
||||||
|
key_id = "a_" + random_string(4)
|
||||||
|
with io.StringIO() as f:
|
||||||
|
write_signing_keys(f, (generate_signing_key(key_id),),)
|
||||||
|
f.seek(0)
|
||||||
|
print(f.read())
|
|
@ -0,0 +1,112 @@
|
||||||
|
---
|
||||||
|
## Server ##
|
||||||
|
server_name: "INSERT DOMAIN HERE"
|
||||||
|
pid_file: /homeserver.pid
|
||||||
|
web_client: False
|
||||||
|
soft_file_limit: 0
|
||||||
|
|
||||||
|
## Ports ##
|
||||||
|
listeners:
|
||||||
|
- port: 8008
|
||||||
|
tls: false
|
||||||
|
bind_addresses: ['::']
|
||||||
|
type: http
|
||||||
|
x_forwarded: false
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- names: [client]
|
||||||
|
compress: true
|
||||||
|
- names: [federation]
|
||||||
|
compress: false
|
||||||
|
|
||||||
|
## Database ##
|
||||||
|
database:
|
||||||
|
name: "sqlite3"
|
||||||
|
args:
|
||||||
|
database: "/data/homeserver.db"
|
||||||
|
|
||||||
|
## Performance ##
|
||||||
|
event_cache_size: "10K"
|
||||||
|
|
||||||
|
## Ratelimiting ##
|
||||||
|
rc_messages_per_second: 0.2
|
||||||
|
rc_message_burst_count: 10.0
|
||||||
|
federation_rc_window_size: 1000
|
||||||
|
federation_rc_sleep_limit: 10
|
||||||
|
federation_rc_sleep_delay: 500
|
||||||
|
federation_rc_reject_limit: 50
|
||||||
|
federation_rc_concurrent: 3
|
||||||
|
|
||||||
|
## Files ##
|
||||||
|
media_store_path: "/data/media"
|
||||||
|
uploads_path: "/data/uploads"
|
||||||
|
max_upload_size: "50M"
|
||||||
|
max_image_pixels: "32M"
|
||||||
|
dynamic_thumbnails: false
|
||||||
|
|
||||||
|
# List of thumbnail to precalculate when an image is uploaded.
|
||||||
|
thumbnail_sizes:
|
||||||
|
- width: 96
|
||||||
|
height: 96
|
||||||
|
method: crop
|
||||||
|
- width: 320
|
||||||
|
height: 240
|
||||||
|
method: scale
|
||||||
|
- width: 800
|
||||||
|
height: 600
|
||||||
|
method: scale
|
||||||
|
|
||||||
|
url_preview_enabled: False
|
||||||
|
max_spider_size: "10M"
|
||||||
|
|
||||||
|
## Turn ##
|
||||||
|
enable_registration: False
|
||||||
|
registration_shared_secret: "INSERT KEY HERE"
|
||||||
|
bcrypt_rounds: 12
|
||||||
|
allow_guest_access: False
|
||||||
|
enable_group_creation: true
|
||||||
|
|
||||||
|
# The list of identity servers trusted to verify third party
|
||||||
|
# identifiers by this server.
|
||||||
|
#
|
||||||
|
# Also defines the ID server which will be called when an account is
|
||||||
|
# deactivated (one will be picked arbitrarily).
|
||||||
|
trusted_third_party_id_servers:
|
||||||
|
- matrix.org
|
||||||
|
- vector.im
|
||||||
|
|
||||||
|
## Metrics ###
|
||||||
|
enable_metrics: True
|
||||||
|
report_stats: True
|
||||||
|
|
||||||
|
## API Configuration ##
|
||||||
|
|
||||||
|
room_invite_state_types:
|
||||||
|
- "m.room.join_rules"
|
||||||
|
- "m.room.canonical_alias"
|
||||||
|
- "m.room.avatar"
|
||||||
|
- "m.room.name"
|
||||||
|
|
||||||
|
app_service_config_files: []
|
||||||
|
|
||||||
|
macaroon_secret_key: "INSERT KEY HERE"
|
||||||
|
expire_access_token: False
|
||||||
|
|
||||||
|
## Signing Keys ##
|
||||||
|
|
||||||
|
signing_key_path: "/data/matrix-signing.key"
|
||||||
|
old_signing_keys: {}
|
||||||
|
key_refresh_interval: "1d" # 1 Day.
|
||||||
|
|
||||||
|
# The trusted servers to download signing keys from.
|
||||||
|
|
||||||
|
suppress_key_server_warning: true
|
||||||
|
perspectives:
|
||||||
|
servers:
|
||||||
|
"matrix.org":
|
||||||
|
verify_keys:
|
||||||
|
"ed25519:auto":
|
||||||
|
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
|
||||||
|
|
||||||
|
password_config:
|
||||||
|
enabled: true
|
|
@ -0,0 +1,86 @@
|
||||||
|
---
|
||||||
|
- hosts: teier.eu
|
||||||
|
gather_facts: no
|
||||||
|
tasks:
|
||||||
|
- name: Install curl for healthcheck
|
||||||
|
apt: name=curl state=latest
|
||||||
|
|
||||||
|
- name: Check dc directory
|
||||||
|
stat:
|
||||||
|
path: /dc/synapse
|
||||||
|
register: synapse_dc_dir_stat
|
||||||
|
|
||||||
|
- name: Create synapse dc directory
|
||||||
|
file:
|
||||||
|
path: /dc/synapse
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
when: synapse_dc_dir_stat.islnk is not defined
|
||||||
|
|
||||||
|
- name: Check data directory
|
||||||
|
stat:
|
||||||
|
path: /var/synapse
|
||||||
|
register: synapse_data_dir_stat
|
||||||
|
|
||||||
|
- name: Create synapse data directory
|
||||||
|
file:
|
||||||
|
path: /var/synapse
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
when: synapse_data_dir_stat.islnk is not defined
|
||||||
|
|
||||||
|
- name: Check uploads directory
|
||||||
|
stat:
|
||||||
|
path: /var/synapse/uploads
|
||||||
|
register: synapse_upload_dir_stat
|
||||||
|
|
||||||
|
- name: Create synapse upload directory
|
||||||
|
file:
|
||||||
|
path: /var/synapse/uploads
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
when: synapse_upload_dir_stat.islnk is not defined
|
||||||
|
|
||||||
|
- name: Check media directory
|
||||||
|
stat:
|
||||||
|
path: /var/synapse/media
|
||||||
|
register: synapse_media_dir_stat
|
||||||
|
|
||||||
|
- name: Create synapse media directory
|
||||||
|
file:
|
||||||
|
path: /var/synapse/media
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
when: synapse_media_dir_stat.islnk is not defined
|
||||||
|
|
||||||
|
- name: Copy config
|
||||||
|
copy:
|
||||||
|
src: config/homeserver.yaml
|
||||||
|
dest: /var/synapse/homeserver.yaml
|
||||||
|
|
||||||
|
- name: Copy Log config
|
||||||
|
copy:
|
||||||
|
src: config/log.yaml
|
||||||
|
dest: /var/synapse/log.yaml
|
||||||
|
|
||||||
|
- name: Copy signing key
|
||||||
|
copy:
|
||||||
|
src: config/matrix-signing.key
|
||||||
|
dest: /var/synapse/matrix-signing.key
|
||||||
|
|
||||||
|
|
||||||
|
- name: Copy compose file
|
||||||
|
copy:
|
||||||
|
src: docker-compose.yml
|
||||||
|
dest: /dc/synapse
|
||||||
|
|
||||||
|
- name: Start Synapse
|
||||||
|
shell: "cd /dc/synapse && docker-compose up -d"
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- hosts: teier.eu
|
||||||
|
gather_facts: no
|
||||||
|
tasks:
|
||||||
|
- name: Stop Synapse
|
||||||
|
shell: "cd /dc/synapse && docker-compose stop"
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- hosts: teier.eu
|
||||||
|
gather_facts: no
|
||||||
|
tasks:
|
||||||
|
tasks:
|
||||||
|
- name: Teardown Synapse
|
||||||
|
shell: "cd /dc/synapse && docker-compose down"
|
|
@ -40,6 +40,12 @@
|
||||||
rule: allow
|
rule: allow
|
||||||
port: '21025'
|
port: '21025'
|
||||||
proto: tcp
|
proto: tcp
|
||||||
|
|
||||||
|
- name: Allow Matrix federation
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: '8448'
|
||||||
|
proto: tcp
|
||||||
|
|
||||||
- name: Allow all access from RFC1918 networks to this host
|
- name: Allow all access from RFC1918 networks to this host
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
|
|
Loading…
Reference in New Issue