mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-30 23:07:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support for controlling Matrix federation

Browse Source
This commit is contained in:
Slavi Pantaleev
2018-10-25 18:02:04 +03:00
parent caa32b6d76
commit 67a445a74a
6 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@@ -1,3 +1,10 @@
# 2018-10-25
## Support for controlling Matrix federation
The playbook can now help you with [Controlling Matrix federation](docs/configuration-playbook-federation.md), should you wish to run a more private (isolated) server.
# 2018-10-24 # 2018-10-24
## Disabling riot-web guests ## Disabling riot-web guests

28
docs/configuration-playbook-federation.md Normal file
View File

@@ -0,0 +1,28 @@
# Controlling Matrix federation
By default, your server federates with the whole Matrix network.
That is, people on your server can communicate with people on any other Matrix server.
## Federating only with select servers
To make your server only federate with servers of your choosing, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
```yaml
matrix_synapse_federation_domain_whitelist:
- example.com
- another.com
```
If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
## Disabling federation
To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
```yaml
matrix_synapse_federation_enabled: false
```
With that, your server's users will only be able to talk among themselves, but not to anyone who is on another server.

2
docs/configuring-playbook.md
View File

@@ -23,6 +23,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
## Other configuration options ## Other configuration options
- [Controlling Matrix federation](configuration-playbook-federation.md) (optional)
- [Adjusting email-sending settings](configuring-playbook-email.md) (optional) - [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional) - [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)

9
roles/matrix-server/defaults/main.yml
View File

@@ -86,6 +86,15 @@ matrix_synapse_event_cache_size: "100K"
# - https://github.com/matrix-org/synapse/issues/3939 # - https://github.com/matrix-org/synapse/issues/3939
matrix_synapse_cache_factor: 0.5 matrix_synapse_cache_factor: 0.5
# Controls whether Matrix Synapse will federate at all.
# Disable this to completely isolate your server from the rest of the Matrix network.
matrix_synapse_federation_enabled: true
# A list of domain names that are allowed to federate with the given Matrix Synapse server.
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
matrix_synapse_federation_domain_whitelist: ~
# A list of additional "volumes" to mount in the container. # A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Synapse extensions that have been enabled. # This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}

5
roles/matrix-server/templates/synapse/homeserver.yaml.j2
View File

@@ -119,12 +119,16 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
# - lon.example.com # - lon.example.com
# - nyc.example.com # - nyc.example.com
# - syd.example.com # - syd.example.com
{% if matrix_synapse_federation_domain_whitelist is not none %}
federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
{% endif %}
# List of ports that Synapse should listen on, their purpose and their # List of ports that Synapse should listen on, their purpose and their
# configuration. # configuration.
listeners: listeners:
# Main HTTPS listener # Main HTTPS listener
# For when matrix traffic is sent directly to synapse. # For when matrix traffic is sent directly to synapse.
{% if matrix_synapse_federation_enabled %}
- -
# The port to listen for HTTPS requests on. # The port to listen for HTTPS requests on.
port: 8448 port: 8448
@@ -157,6 +161,7 @@ listeners:
# "/_matrix/my/custom/endpoint": # "/_matrix/my/custom/endpoint":
# module: my_module.CustomRequestHandler # module: my_module.CustomRequestHandler
# config: {} # config: {}
{% endif %}
# Unsecure HTTP listener, # Unsecure HTTP listener,
# For when matrix traffic passes through loadbalancer that unwraps TLS. # For when matrix traffic passes through loadbalancer that unwraps TLS.

2
roles/matrix-server/templates/systemd/matrix-synapse.service.j2
View File

@@ -29,7 +29,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
--log-driver=none \ --log-driver=none \
--env-file={{ matrix_environment_variables_data_path }}/synapse \ --env-file={{ matrix_environment_variables_data_path }}/synapse \
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
{% if matrix_synapse_federation_enabled %}
-p 8448:8448 \ -p 8448:8448 \
{% endif %}
{% if not matrix_nginx_proxy_enabled %} {% if not matrix_nginx_proxy_enabled %}
-p 127.0.0.1:8008:8008 \ -p 127.0.0.1:8008:8008 \
{% endif %} {% endif %}