diff --git a/webserver/docker_matrix/tasks/main.yml b/webserver/docker_matrix/tasks/main.yml
index d5bd8b7210d4680f1700300a6e799211ff811ca1..e84abd4be367f7d17b966f66f1f4e5d89097cbf7 100644
--- a/webserver/docker_matrix/tasks/main.yml
+++ b/webserver/docker_matrix/tasks/main.yml
@@ -16,8 +16,8 @@
with_items:
- "/srv/matrix/"
- "/srv/matrix/db/"
- - "/srv/matrix/mxisd-config/"
- - "/srv/matrix/mxisd-data/"
+ - "/srv/matrix/ma1sd-config/"
+ - "/srv/matrix/ma1sd-data/"
- "/srv/matrix/synapse-data/"
@@ -27,7 +27,7 @@
- Dockerfile
- docker-compose.yml
- rest_auth_provider.py
- - mxisd-config/mxisd.yaml
+ - ma1sd-config/ma1sd.yaml
- synapse-data/homeserver.log.config
- synapse-data/homeserver.yaml
register: configs
diff --git a/webserver/docker_matrix/templates/docker-compose.yml b/webserver/docker_matrix/templates/docker-compose.yml
index 552a39ba5975488eef5b8d7e0fabee084e33f42e..61daba778c4e2af17929124d3869f5a68e09f444 100644
--- a/webserver/docker_matrix/templates/docker-compose.yml
+++ b/webserver/docker_matrix/templates/docker-compose.yml
@@ -16,11 +16,11 @@ services:
synapse:
- image: matrixdotorg/synapse:v1.12.4-py3
+ image: matrixdotorg/synapse:v1.21.2
restart: always
depends_on:
- db
- - mxisd
+ - ma1sd
ports:
- 127.0.0.1:18008:8008
- 127.0.0.1:18448:8448
@@ -31,13 +31,12 @@ services:
environment:
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
- mxisd:
+ ma1sd:
- # TODO: Migrate to https://github.com/ma1uta/ma1sd
- image: kamax/mxisd:1.4.6
+ image: ma1uta/ma1sd:2.4.0
restart: always
ports:
- 127.0.0.1:18090:8090
volumes:
- - /srv/matrix/mxisd-config/:/etc/mxisd
- - /srv/matrix/mxisd-data/:/var/mxisd
+ - /srv/matrix/ma1sd-config/:/etc/ma1sd
+ - /srv/matrix/ma1sd-data/:/var/ma1sd
diff --git a/webserver/docker_matrix/templates/ma1sd-config/ma1sd.yaml b/webserver/docker_matrix/templates/ma1sd-config/ma1sd.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..dd8b2422e75ea3deb49a769f8b038b0f9c44539b
--- /dev/null
+++ b/webserver/docker_matrix/templates/ma1sd-config/ma1sd.yaml
@@ -0,0 +1,231 @@
+
+#######################
+# Matrix config items #
+#######################
+# Matrix domain, same as the domain configure in your Homeserver configuration.
+# NOTE: in Synapse Homeserver, the Matrix domain is defined as 'server_name' in configuration file.
+#
+# This is used to build the various identifiers in all the features.
+#
+# If the hostname of the public URL used to reach your Matrix services is different from your Matrix domain,
+# per example matrix.domain.tld vs domain.tld, then use the server.name configuration option.
+# See the "Configure" section of the Getting Started guide for more info.
+#
+matrix:
+ domain: 'matrix.warpzone.ms'
+ v1: true # deprecated
+ v2: true # MSC2140 API v2. Riot require enabled V2 API.
+
+
+################
+# Signing keys #
+################
+# Absolute path for the Identity Server signing keys database.
+# /!\ THIS MUST **NOT** BE YOUR HOMESERVER KEYS FILE /!\
+# If this path does not exist, it will be auto-generated.
+#
+# During testing, /var/tmp/ma1sd/keys is a possible value
+# For production, recommended location shall be one of the following:
+# - /var/lib/ma1sd/keys
+# - /var/opt/ma1sd/keys
+# - /var/local/ma1sd/keys
+#
+key:
+ path: '/var/ma1sd/keys'
+
+
+# Path to the SQLite DB file for ma1sd internal storage
+# /!\ THIS MUST **NOT** BE YOUR HOMESERVER DATABASE /!\
+#
+# Examples:
+# - /var/opt/ma1sd/store.db
+# - /var/local/ma1sd/store.db
+# - /var/lib/ma1sd/store.db
+#
+storage:
+# backend: sqlite # or postgresql
+ provider:
+ sqlite:
+ database: '/var/ma1sd/store.db'
+# postgresql:
+# # Wrap all string values with quotes to avoid yaml parsing mistakes
+# database: '//localhost/ma1sd' # or full variant //192.168.1.100:5432/ma1sd_database
+# username: 'ma1sd_user'
+# password: 'ma1sd_password'
+#
+# # Pool configuration for postgresql backend.
+# #######
+# # Enable or disable pooling
+# pool: false
+#
+# #######
+# # Check database connection before get from pool
+# testBeforeGetFromPool: false # or true
+#
+# #######
+# # There is an internal thread which checks each of the database connections as a keep-alive mechanism. This set the
+# # number of milliseconds it sleeps between checks -- default is 30000. To disable the checking thread, set this to
+# # 0 before you start using the connection source.
+# checkConnectionsEveryMillis: 30000
+#
+# #######
+# # Set the number of connections that can be unused in the available list.
+# maxConnectionsFree: 5
+#
+# #######
+# # Set the number of milliseconds that a connection can stay open before being closed. Set to 9223372036854775807 to have
+# # the connections never expire.
+# maxConnectionAgeMillis: 3600000
+
+###################
+# Identity Stores #
+###################
+# If you are using synapse standalone and do not have an Identity store,
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md#synapse-identity-store
+#
+# If you would like to integrate with your AD/Samba/LDAP server,
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/ldap.md
+#
+# For any other Identity store, or to simply discover them,
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md
+
+ldap:
+ enabled: true
+ connection:
+ host: '{{ ldap_ip_ext }}'
+ port: 389
+ bindDn: '{{ ldap_readonly_bind_dn }}'
+ bindPassword: '{{ ldap_readonly_pass }}'
+ baseDNs:
+ - '{{ ldap_base_dn }}'
+ filter: '(&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))'
+ attribute:
+ uid:
+ type: 'uid'
+ value: 'uid'
+ name: 'uid'
+ threepid:
+ email:
+ - 'mail'
+ msisdn:
+ - 'phone'
+
+#################################################
+# Notifications for invites/addition to profile #
+#################################################
+# This is mandatory to deal with anything e-mail related.
+#
+# For an introduction to sessions, invites and 3PIDs in general,
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/session/session.md#3pid-sessions
+#
+# If you would like to change the content of the notifications,
+# see https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md
+#
+#### E-mail connector
+threepid:
+ medium:
+ email:
+ identity:
+ # The e-mail to send as.
+ from: "matrix-identity@warpzone.ms"
+
+ connectors:
+ smtp:
+ # SMTP host
+ host: "{{ smtp_host }}"
+
+ # TLS mode for the connection
+ # Possible values:
+ # 0 Disable any kind of TLS entirely
+ # 1 Enable STARTLS if supported by server (default)
+ # 2 Force STARTLS and fail if not available
+ # 3 Use full TLS/SSL instead of STARTLS
+ #
+ tls: 1
+
+ # SMTP port
+ # Be sure to adapt depending on your TLS choice, if changed from default
+ port: "{{ smtp_port }}"
+
+ # Login for SMTP
+ login: "{{ noreply_email_user }}"
+
+ # Password for the account
+ password: "{{ noreply_email_pass }}"
+
+
+#### MSC2134 (hash lookup)
+
+#hashing:
+# enabled: false # enable or disable the hash lookup MSC2140 (default is false)
+# pepperLength: 20 # length of the pepper value (default is 20)
+# rotationPolicy: per_requests # or `per_seconds` how often the hashes will be updating
+# hashStorageType: sql # or `in_memory` where the hashes will be stored
+# algorithms:
+# - none # the same as v1 bulk lookup
+# - sha256 # hash the 3PID and pepper.
+# delay: 2m # how often hashes will be updated if rotation policy = per_seconds (default is 10s)
+# requests: 10 # how many lookup requests will be performed before updating hashes if rotation policy = per_requests (default is 10)
+
+### hash lookup for synapseSql provider.
+# synapseSql:
+# lookup:
+# query: 'select user_id as mxid, medium, address from user_threepid_id_server' # query for retrive 3PIDs for hashes.
+# legacyRoomNames: false # use the old query to get room names.
+
+### hash lookup for ldap provider (with example of the ldap configuration)
+# ldap:
+# enabled: true
+# lookup: true # hash lookup
+# activeDirectory: false
+# defaultDomain: ''
+# connection:
+# host: 'ldap.domain.tld'
+# port: 389
+# bindDn: 'cn=admin,dc=domain,dc=tld'
+# bindPassword: 'Secret'
+# baseDNs:
+# - 'dc=domain,dc=tld'
+# attribute:
+# uid:
+# type: 'uid' # or mxid
+# value: 'cn'
+# name: 'displayName'
+# identity:
+# filter: '(objectClass=inetOrgPerson)'
+
+#### MSC2140 (Terms)
+#policy:
+# policies:
+# term_name: # term name
+# version: 1.0 # version
+# terms:
+# en: # lang
+# name: term name en # localized name
+# url: https://ma1sd.host.tld/term_en.html # localized url
+# fe: # lang
+# name: term name fr # localized name
+# url: https://ma1sd.host.tld/term_fr.html # localized url
+# regexp:
+# - '/_matrix/identity/v2/account.*'
+# - '/_matrix/identity/v2/hash_details'
+# - '/_matrix/identity/v2/lookup'
+#
+
+# logging:
+# root: error # default level for all loggers (apps and thirdparty libraries)
+# app: info # log level only for the ma1sd
+# requests: false # or true to dump full requests and responses
+
+dns:
+ overwrite:
+ homeserver:
+ client:
+ - name: 'matrix.warpzone.ms'
+ value: 'http://synapse:8008'
+
+
+session:
+ policy:
+ validation:
+ enabled: false
diff --git a/webserver/docker_matrix/templates/mxisd-config/mxisd.yaml b/webserver/docker_matrix/templates/mxisd-config/mxisd.yaml
deleted file mode 100644
index a1c583fb41fb3e6b3f45872745489a12d887cbe8..0000000000000000000000000000000000000000
--- a/webserver/docker_matrix/templates/mxisd-config/mxisd.yaml
+++ /dev/null
@@ -1,135 +0,0 @@
-
-#######################
-# Matrix config items #
-#######################
-# Matrix domain, same as the domain configure in your Homeserver configuration.
-# NOTE: in Synapse Homeserver, the Matrix domain is defined as 'server_name' in configuration file.
-#
-# This is used to build the various identifiers in all the features.
-#
-# If the hostname of the public URL used to reach your Matrix services is different from your Matrix domain,
-# per example matrix.domain.tld vs domain.tld, then use the server.name configuration option.
-# See the "Configure" section of the Getting Started guide for more info.
-#
-matrix:
- domain: 'matrix.warpzone.ms'
-
-
-################
-# Signing keys #
-################
-# Absolute path for the Identity Server signing keys database.
-# /!\ THIS MUST **NOT** BE YOUR HOMESERVER KEYS FILE /!\
-# If this path does not exist, it will be auto-generated.
-#
-# During testing, /var/tmp/mxisd/keys is a possible value
-# For production, recommended location shall be one of the following:
-# - /var/lib/mxisd/keys
-# - /var/opt/mxisd/keys
-# - /var/local/mxisd/keys
-#
-key:
- path: '/var/mxisd/keys'
-
-
-# Path to the SQLite DB file for mxisd internal storage
-# /!\ THIS MUST **NOT** BE YOUR HOMESERVER DATABASE /!\
-#
-# Examples:
-# - /var/opt/mxisd/store.db
-# - /var/local/mxisd/store.db
-# - /var/lib/mxisd/store.db
-#
-storage:
- provider:
- sqlite:
- database: '/var/mxisd/store.db'
-
-
-###################
-# Identity Stores #
-###################
-# If you are using synapse standalone and do not have an Identity store,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md#synapse-identity-store
-#
-# If you would like to integrate with your AD/Samba/LDAP server,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md
-#
-# For any other Identity store, or to simply discover them,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/README.md
-
-ldap:
- enabled: true
- connection:
- host: '{{ ldap_ip_ext }}'
- port: 389
- bindDn: '{{ ldap_readonly_bind_dn }}'
- bindPassword: '{{ ldap_readonly_pass }}'
- baseDNs:
- - '{{ ldap_base_dn }}'
- filter: '(&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))'
- attribute:
- uid:
- type: 'uid'
- value: 'uid'
- name: 'uid'
- threepid:
- email:
- - 'mail'
- msisdn:
- - 'phone'
-
-#################################################
-# Notifications for invites/addition to profile #
-#################################################
-# This is mandatory to deal with anything e-mail related.
-#
-# For an introduction to sessions, invites and 3PIDs in general,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#3pid-sessions
-#
-# If you would like to change the content of the notifications,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notification/template-generator.md
-#
-#### E-mail connector
-threepid:
- medium:
- email:
- identity:
- # The e-mail to send as.
- from: "matrix-identity@warpzone.ms"
-
- connectors:
- smtp:
- # SMTP host
- host: "{{ smtp_host }}"
-
- # SMTP port
- port: {{ smtp_port }}
-
- # STARTLS mode for the connection.
- # SSL/TLS is currently not supported. See https://github.com/kamax-matrix/mxisd/issues/125
- #
- # Possible values:
- # 0 Disable any kind of TLS entirely
- # 1 Enable STARTLS if supported by server (default)
- # 2 Force STARTLS and fail if not available
- #
- tls: 1
-
- # Login for SMTP
- login: "{{ noreply_email_user }}"
-
- # Password for the account
- password: "{{ noreply_email_pass }}"
-
-dns:
- overwrite:
- homeserver:
- client:
- - name: 'matrix.warpzone.ms'
- value: 'http://synapse:8008'
-
-session:
- policy:
- validation:
- enabled: false
diff --git a/webserver/docker_matrix/templates/synapse-data/homeserver.yaml b/webserver/docker_matrix/templates/synapse-data/homeserver.yaml
index f27d76aed192f0e2609d61a13516c3376e51e875..2d011dc8a6ce31119cbc20574bd5579705955a3d 100644
--- a/webserver/docker_matrix/templates/synapse-data/homeserver.yaml
+++ b/webserver/docker_matrix/templates/synapse-data/homeserver.yaml
@@ -57,7 +57,7 @@ pid_file: /tmp/homeserver.pid
# use synapse with a reverse proxy, this should be the URL to reach
# synapse via the proxy.
#
-public_baseurl: {{ matrix.public_url }}/
+public_baseurl: "{{ matrix.public_url }}/"
# Set the soft limit on the number of file descriptors synapse can use
# Zero is used to indicate synapse should set the soft limit to the
@@ -295,7 +295,7 @@ database:
# Arguments to pass to the engine
args:
user: synapse
- password: {{ postgres_user_pass }}
+ password: "{{ postgres_user_pass }}"
database: synapse
host: db
cp_min: 5
@@ -634,7 +634,7 @@ enable_registration: false
# This setting is ignored unless public_baseurl is also set.)
#
#default_identity_server: https://matrix.org
-default_identity_server: {{ matrix.identity_server }}
+default_identity_server: "{{ matrix.identity_server }}"
# The list of identity servers trusted to verify third party
# identifiers by this server.
@@ -646,8 +646,8 @@ default_identity_server: {{ matrix.identity_server }}
# - matrix.org
# - vector.im
trusted_third_party_id_servers:
- - {{ matrix.domain }}
-
+ - "{{ matrix.domain }}"
+
# Users who register on this homeserver will automatically be joined
# to these rooms
#
@@ -842,7 +842,7 @@ password_config:
email:
enable_notifs: true
smtp_host: "{{ smtp_host }}"
- smtp_port: {{ smtp_port }}
+ smtp_port: "{{ smtp_port }}"
smtp_user: "{{ noreply_email_user }}"
smtp_pass: "{{ noreply_email_pass }}"
require_transport_security: True
@@ -860,7 +860,7 @@ email:
password_providers:
- module: "rest_auth_provider.RestAuthProvider"
config:
- endpoint: "http://mxisd:8090"
+ endpoint: "http://ma1sd:8090"
#password_providers:
# - module: "ldap_auth_provider.LdapAuthProvider"
@@ -1064,6 +1064,3 @@ user_directory:
# alias: "*"
# room_id: "*"
# action: allow
-
-
-