null31
/
synapse_gnu_moe
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

This commit is contained in:
null31 2025-02-19 12:17:32 +01:00
commit a7a41789da
Signed by: null31
GPG Key ID: CAB4CF4EE49720FF
12 changed files with 619 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.env Normal file
View File

@ -0,0 +1,7 @@
REDIS_IMAGE=redis:7.4.2-alpine
SYNAPSE_IMAGE=matrixdotorg/synapse:v1.124.0
SYNAPSE_DATA_PATH=/app_data/synapse_gnu:/data:rw
SYNAPSE_HS_CONF=./hs.yaml:/data/hs.yaml:ro
SYNAPSE_LOG_CONF=./gnu.moe.log.config:/data/gnu.moe.log.config:ro
SYNAPSE_SHARED_CONF=/data/hs.yaml
SYNAPSE_SIGNING_KEY=/app_data/synapse_gnu/keys/gnu.moe.signing.key:/data/keys/gnu.moe.signing.key:ro

11
acl_matrix_admin.conf Normal file
View File

@ -0,0 +1,11 @@
allow 2a01:4f9:4a:33d0::f:2/128;
allow 2a01:4f9:4a:33d0::e:3/128;
allow 2605:6400:c985::d2/128;
allow 2a02:e00:fff0:3d6::2;
allow 95.217.118.120;
allow 185.45.114.164;
allow 104.244.77.29;
allow 2605:6400:30:f394::f63a;
allow 127.0.0.1;
allow ::1;
deny all;

77
bg.log.config Normal file
View File

@ -0,0 +1,77 @@
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# Synapse also supports structured logging for machine readable logs which can
# be ingested by ELK stacks. See [2] for details.
#
# [1]: https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema
# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
file:
class: logging.handlers.TimedRotatingFileHandler
formatter: precise
filename: /data/logs/bg.log
when: midnight
backupCount: 3 # Does not include the current log file.
encoding: utf8
# Default to buffering writes to log file for efficiency.
# WARNING/ERROR logs will still be flushed immediately, but there will be a
# delay (of up to `period` seconds, or until the buffer is full with
# `capacity` messages) before INFO/DEBUG logs get written.
buffer:
class: synapse.logging.handlers.PeriodicallyFlushingMemoryHandler
target: file
# The capacity is the maximum number of log lines that are buffered
# before being written to disk. Increasing this will lead to better
# performance, at the expensive of it taking longer for log lines to
# be written to disk.
# This parameter is required.
capacity: 10
# Logs with a level at or above the flush level will cause the buffer to
# be flushed immediately.
# Default value: 40 (ERROR)
# Other values: 50 (CRITICAL), 30 (WARNING), 20 (INFO), 10 (DEBUG)
flushLevel: 30 # Flush immediately for WARNING logs and higher
# The period of time, in seconds, between forced flushes.
# Messages will not be delayed for longer than this time.
# Default value: 5 seconds
period: 5
# A handler that writes logs to stderr. Unused by default, but can be used
# instead of "buffer" and "file" in the logger handlers.
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
# Write logs to the `buffer` handler, which will buffer them together in memory,
# then write them to a file.
#
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
# also need to update the configuration for the `twisted` logger above, in
# this case.)
#
handlers: [buffer]
disable_existing_loggers: false

104
compose.yaml Normal file
View File

@ -0,0 +1,104 @@
name: gnu
services:
synapse.main:
image: ${SYNAPSE_IMAGE}
restart: unless-stopped
environment:
- SYNAPSE_CONFIG_PATH=${SYNAPSE_SHARED_CONF}
networks:
- synapse
ports:
- 127.0.0.1:8208:8008
# - 127.0.0.1:8300:8800
healthcheck:
disable: true
volumes:
- ${SYNAPSE_DATA_PATH}
- ${SYNAPSE_HS_CONF}
- ${SYNAPSE_SIGNING_KEY}
- ${SYNAPSE_LOG_CONF}
depends_on:
- redis
synapse.media:
image: ${SYNAPSE_IMAGE}
restart: unless-stopped
command: ["run", "--config-path=${SYNAPSE_SHARED_CONF}", "--config-path=/data/worker-media.yaml"]
environment:
SYNAPSE_WORKER: synapse.app.media_repository
networks:
- synapse
ports:
- 127.0.0.1:8209:8009
- 127.0.0.1:8301:8800
healthcheck:
disable: true
volumes:
- ${SYNAPSE_DATA_PATH}
- ${SYNAPSE_HS_CONF}
- ${SYNAPSE_SIGNING_KEY}
- ./media.log.config:/data/media.log.config:ro
- ./worker-media.yaml:/data/worker-media.yaml:ro
depends_on:
- synapse.main
synapse.federation:
image: ${SYNAPSE_IMAGE}
restart: unless-stopped
command: ["run", "--config-path=${SYNAPSE_SHARED_CONF}", "--config-path=/data/worker-federation.yaml"]
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
networks:
- synapse
ports:
- 127.0.0.1:8210:8010
- 127.0.0.1:8302:8800
healthcheck:
disable: true
volumes:
- ${SYNAPSE_DATA_PATH}
- ${SYNAPSE_HS_CONF}
- ${SYNAPSE_SIGNING_KEY}
- ./federation.log.config:/data/federation.log.config:ro
- ./worker-federation.yaml:/data/worker-federation.yaml:ro
depends_on:
- synapse.main
synapse.bg:
image: ${SYNAPSE_IMAGE}
restart: unless-stopped
command: ["run", "--config-path=${SYNAPSE_SHARED_CONF}", "--config-path=/data/worker-background.yaml"]
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
networks:
- synapse
ports:
- 127.0.0.1:8303:8800
healthcheck:
disable: true
volumes:
- ${SYNAPSE_DATA_PATH}
- ${SYNAPSE_HS_CONF}
- ${SYNAPSE_SIGNING_KEY}
- ./bg.log.config:/data/bg.log.config:ro
- ./worker-background.yaml:/data/worker-background.yaml:ro
depends_on:
- synapse.main
redis:
image: ${REDIS_IMAGE}
restart: unless-stopped
networks:
- synapse
volumes:
- redis_data:/data
networks:
synapse:
ipam:
config:
- subnet: 300f:0:0:2000::/124
gateway: 300f:0:0:2000::1
volumes:
redis_data:

77
federation.log.config Normal file
View File

@ -0,0 +1,77 @@
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# Synapse also supports structured logging for machine readable logs which can
# be ingested by ELK stacks. See [2] for details.
#
# [1]: https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema
# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
file:
class: logging.handlers.TimedRotatingFileHandler
formatter: precise
filename: /data/logs/federation.log
when: midnight
backupCount: 3 # Does not include the current log file.
encoding: utf8
# Default to buffering writes to log file for efficiency.
# WARNING/ERROR logs will still be flushed immediately, but there will be a
# delay (of up to `period` seconds, or until the buffer is full with
# `capacity` messages) before INFO/DEBUG logs get written.
buffer:
class: synapse.logging.handlers.PeriodicallyFlushingMemoryHandler
target: file
# The capacity is the maximum number of log lines that are buffered
# before being written to disk. Increasing this will lead to better
# performance, at the expensive of it taking longer for log lines to
# be written to disk.
# This parameter is required.
capacity: 10
# Logs with a level at or above the flush level will cause the buffer to
# be flushed immediately.
# Default value: 40 (ERROR)
# Other values: 50 (CRITICAL), 30 (WARNING), 20 (INFO), 10 (DEBUG)
flushLevel: 30 # Flush immediately for WARNING logs and higher
# The period of time, in seconds, between forced flushes.
# Messages will not be delayed for longer than this time.
# Default value: 5 seconds
period: 5
# A handler that writes logs to stderr. Unused by default, but can be used
# instead of "buffer" and "file" in the logger handlers.
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
# Write logs to the `buffer` handler, which will buffer them together in memory,
# then write them to a file.
#
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
# also need to update the configuration for the `twisted` logger above, in
# this case.)
#
handlers: [buffer]
disable_existing_loggers: false

77
gnu.moe.log.config Normal file
View File

@ -0,0 +1,77 @@
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# Synapse also supports structured logging for machine readable logs which can
# be ingested by ELK stacks. See [2] for details.
#
# [1]: https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema
# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
file:
class: logging.handlers.TimedRotatingFileHandler
formatter: precise
filename: /data/logs/homeserver.log
when: midnight
backupCount: 3 # Does not include the current log file.
encoding: utf8
# Default to buffering writes to log file for efficiency.
# WARNING/ERROR logs will still be flushed immediately, but there will be a
# delay (of up to `period` seconds, or until the buffer is full with
# `capacity` messages) before INFO/DEBUG logs get written.
buffer:
class: synapse.logging.handlers.PeriodicallyFlushingMemoryHandler
target: file
# The capacity is the maximum number of log lines that are buffered
# before being written to disk. Increasing this will lead to better
# performance, at the expensive of it taking longer for log lines to
# be written to disk.
# This parameter is required.
capacity: 10
# Logs with a level at or above the flush level will cause the buffer to
# be flushed immediately.
# Default value: 40 (ERROR)
# Other values: 50 (CRITICAL), 30 (WARNING), 20 (INFO), 10 (DEBUG)
flushLevel: 30 # Flush immediately for WARNING logs and higher
# The period of time, in seconds, between forced flushes.
# Messages will not be delayed for longer than this time.
# Default value: 5 seconds
period: 5
# A handler that writes logs to stderr. Unused by default, but can be used
# instead of "buffer" and "file" in the logger handlers.
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
# Write logs to the `buffer` handler, which will buffer them together in memory,
# then write them to a file.
#
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
# also need to update the configuration for the `twisted` logger above, in
# this case.)
#
handlers: [buffer]
disable_existing_loggers: false

78
hs.yaml Normal file
View File

@ -0,0 +1,78 @@
server_name: "gnu.moe"
public_baseurl: https://matrix.gnu.moe
admin_contact: 'mailto:gear@topnep.net'
listeners:
- port: 9090
type: http
resources:
- names: [replication]
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation, metrics]
compress: false
worker_replication_secret: "somesecret"
instance_map:
main:
host: synapse.main
port: 9090
media1:
host: synapse.media
port: 9091
federation1:
host: synapse.federation
port: 9092
bg_jobs:
host: synapse.bg
port: 9093
database:
name: psycopg2
args:
user: mitt_user
password: lösenord
database: synapse
hostaddr: fd80::151
cp_min: 5
cp_max: 10
redis:
enabled: true
host: redis
port: 6379
send_federation: false
federation_sender_instances:
- federation1
outbound_federation_restricted_to:
- federation1
run_background_tasks_on: bg_jobs
log_config: /data/gnu.moe.log.config
enable_media_repo: false
media_store_path: /data/media_store
max_upload_size: 32M
enable_metrics: true
enable_registration: false
mau_stats_only: true
report_stats: false
registration_shared_secret: "himitsu desu"
macaroon_secret_key: "himitsu desu"
form_secret: "himitsu desu"
signing_key_path: /data/keys/gnu.moe.signing.key
suppress_key_server_warning: false
trusted_key_servers:
- server_name: "matrix.org"
# vim:ft=yaml

77
media.log.config Normal file
View File

@ -0,0 +1,77 @@
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# Synapse also supports structured logging for machine readable logs which can
# be ingested by ELK stacks. See [2] for details.
#
# [1]: https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema
# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
file:
class: logging.handlers.TimedRotatingFileHandler
formatter: precise
filename: /data/logs/media.log
when: midnight
backupCount: 3 # Does not include the current log file.
encoding: utf8
# Default to buffering writes to log file for efficiency.
# WARNING/ERROR logs will still be flushed immediately, but there will be a
# delay (of up to `period` seconds, or until the buffer is full with
# `capacity` messages) before INFO/DEBUG logs get written.
buffer:
class: synapse.logging.handlers.PeriodicallyFlushingMemoryHandler
target: file
# The capacity is the maximum number of log lines that are buffered
# before being written to disk. Increasing this will lead to better
# performance, at the expensive of it taking longer for log lines to
# be written to disk.
# This parameter is required.
capacity: 10
# Logs with a level at or above the flush level will cause the buffer to
# be flushed immediately.
# Default value: 40 (ERROR)
# Other values: 50 (CRITICAL), 30 (WARNING), 20 (INFO), 10 (DEBUG)
flushLevel: 30 # Flush immediately for WARNING logs and higher
# The period of time, in seconds, between forced flushes.
# Messages will not be delayed for longer than this time.
# Default value: 5 seconds
period: 5
# A handler that writes logs to stderr. Unused by default, but can be used
# instead of "buffer" and "file" in the logger handlers.
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
# Write logs to the `buffer` handler, which will buffer them together in memory,
# then write them to a file.
#
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
# also need to update the configuration for the `twisted` logger above, in
# this case.)
#
handlers: [buffer]
disable_existing_loggers: false

66
synapse_gnu.conf Normal file
View File

@ -0,0 +1,66 @@
server {
listen 0.0.0.0:443 ssl;
listen 0.0.0.0:443 quic;
listen [2603:c021:c001:31fa:780:b000:0:415]:443 ssl;
listen [2603:c021:c001:31fa:780:b000:0:415]:443 quic;
http2 on;
http3 on;
server_name matrix.gnu.moe;
ssl_certificate /etc/letsencrypt/live/gnu.moe/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gnu.moe/privkey.pem;
access_log off;
error_log /var/log/nginx/matrix.error.log;
add_header Alt-Svc 'h3=":443"; ma=86400';
# media endpoints
location ~* ^(/_matrix/media/|/_matrix/client/v1/media/|/_matrix/federation/v1/media/) { proxy_pass http://127.0.0.1:8209; }
location ~* ^(/_synapse/admin/v1/purge_media_cache$|/_synapse/admin/v1/room/.*/media.*$|/_synapse/admin/v1/user/.*/media.*$|/_synapse/admin/v1/media/.*$|/_synapse/admin/v1/quarantine_media/.*$|/_synapse/admin/v1/users/.*/media$) {
proxy_pass http://127.0.0.1:8209;
include acl_matrix_admin.conf;
}
# federation endpoints
location ~* ^(/_matrix/federation/v1/event/|/_matrix/federation/v1/state/|/_matrix/federation/v1/state_ids/|/_matrix/federation/v1/backfill/|/_matrix/federation/v1/get_missing_events/|/_matrix/federation/v1/publicRooms|/_matrix/federation/v1/query/|/_matrix/federation/v1/make_join/|/_matrix/federation/v1/make_leave/|/_matrix/federation/(v1|v2)/send_join/|/_matrix/federation/(v1|v2)/send_leave/) { proxy_pass http://127.0.0.1:8210; }
location ~* ^(/_matrix/federation/v1/make_knock/|/_matrix/federation/v1/send_knock/|/_matrix/federation/(v1|v2)/invite/|/_matrix/federation/v1/event_auth/|/_matrix/federation/v1/timestamp_to_event/|/_matrix/federation/v1/exchange_third_party_invite/|/_matrix/federation/v1/user/devices/|/_matrix/key/v2/query|/_matrix/federation/v1/hierarchy/|/_matrix/federation/v1/send/) { proxy_pass http://127.0.0.1:8210; }
# common endpoints
location ~* ^(/_matrix|/_synapse/client) { proxy_pass http://127.0.0.1:8208; }
# metrics endpoitns
location = /_syn/media {
proxy_pass http://127.0.0.1:8301/_synapse/metrics;
include acl_matrix_admin.conf;
}
location = /_syn/fedi {
proxy_pass http://127.0.0.1:8302/_synapse/metrics;
include acl_matrix_admin.conf;
}
location = /_syn/bgj {
proxy_pass http://127.0.0.1:8303/_synapse/metrics;
include acl_matrix_admin.conf;
}
# admin endpoints
location ~* ^(/_synapse/metrics|/_synapse/admin|/health) {
proxy_pass http://127.0.0.1:8208;
include acl_matrix_admin.conf;
}
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_http_version 1.1;
client_max_body_size 32M;
location /.well-known/matrix/server { return 200 '{ "m.server": "matrix.gnu.moe:443" }\n'; }
location /.well-known/matrix/client { return 200 '{ "m.homeserver": { "base_url": "https://matrix.gnu.moe" } }\n'; }
include robots.conf;
location / { return 418; }
}

12
worker-background.yaml Normal file
View File

@ -0,0 +1,12 @@
worker_app: synapse.app.generic_worker
worker_name: bg_jobs
worker_listeners:
- type: http
port: 9093
resources:
- names: [replication]
- type: metrics
port: 8800
worker_log_config: /data/bg.log.config

16
worker-federation.yaml Normal file
View File

@ -0,0 +1,16 @@
worker_app: synapse.app.generic_worker
worker_name: federation1
worker_listeners:
- type: http
port: 9092
resources:
- names: [replication]
- type: metrics
port: 8800
- type: http
port: 8010
resources:
- names: [federation]
worker_log_config: /data/federation.log.config

17
worker-media.yaml Normal file
View File

@ -0,0 +1,17 @@
worker_app: synapse.app.media_repository
worker_name: media1
worker_listeners:
- type: http
port: 9091
resources:
- names: [replication]
- type: metrics
port: 8800
- type: http
port: 8009
x_forwarded: true
resources:
- names: [media]
worker_log_config: /data/media.log.config