dump
This commit is contained in:
commit
5bda5ad095
|
@ -0,0 +1,130 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
# archlinux db
|
||||
- name: OS install
|
||||
become: no
|
||||
hosts: yoshika.midov.pl
|
||||
vars_files:
|
||||
- vars/main.yaml
|
||||
tasks:
|
||||
- name: arch basic setup
|
||||
import_tasks: ../arch_basic_setup.yaml
|
||||
- name: update and install
|
||||
import_tasks: ../update_and_install.yaml
|
||||
- name: basic shell config
|
||||
import_tasks: ../shell.yaml
|
||||
|
||||
- name: pacman install
|
||||
pacman:
|
||||
name:
|
||||
- matrix-synapse
|
||||
- element-web
|
||||
- redis
|
||||
- python-txredisapi
|
||||
- hiredis
|
||||
- python-hiredis
|
||||
- python-psycopg2
|
||||
state: present
|
||||
|
||||
- name: start redis service
|
||||
systemd:
|
||||
name: redis
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: copy synapse config
|
||||
copy:
|
||||
src: files/homeserver.yaml
|
||||
dest: /etc/synapse
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy synapse service files
|
||||
copy:
|
||||
src: files/matrix-synapse-worker@.service
|
||||
dest: /etc/systemd/system/
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy synapse service files
|
||||
copy:
|
||||
src: files/matrix-synapse.service
|
||||
dest: /etc/systemd/system/
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy synapse service files
|
||||
copy:
|
||||
src: files/matrix-synapse.target
|
||||
dest: /etc/systemd/system/
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy synapse log config
|
||||
copy:
|
||||
src: files/midov.pl.log.config
|
||||
dest: /etc/synapse
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy steambridge
|
||||
copy:
|
||||
src: files/steamregistration.yaml
|
||||
dest: /etc/synapse
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy ircbridge
|
||||
copy:
|
||||
src: files/appservice-registration-irc.yaml
|
||||
dest: /etc/synapse
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy discordbridge
|
||||
copy:
|
||||
src: files/discord-registration.yaml
|
||||
dest: /etc/synapse
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy ldap provider
|
||||
copy:
|
||||
src: files/rest_auth_provider.py
|
||||
dest: /usr/lib/python3.9/site-packages/
|
||||
|
||||
- name: copy worker config files
|
||||
import_tasks: copyconfigfiles.yaml
|
||||
- name: enable worker services
|
||||
import_tasks: enableservices.yaml
|
||||
|
||||
- name: ensure systemd matrix-synapse is enabled
|
||||
systemd:
|
||||
name: matrix-synapse
|
||||
daemon-reload: yes
|
||||
enabled: yes
|
||||
|
||||
- name: ensure synapse target is started and enabled
|
||||
systemd:
|
||||
name: matrix-synapse.target
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
handlers:
|
||||
- name: restartsynapse
|
||||
systemd:
|
||||
name: matrix-synapse.target
|
||||
state: restarted
|
||||
|
||||
|
||||
- name: update nginx
|
||||
become: no
|
||||
hosts: chino.midov.pl
|
||||
tasks:
|
||||
- name: send matrix.conf
|
||||
copy:
|
||||
src: files/matrix.conf
|
||||
dest: /etc/nginx/matrix
|
||||
notify: reloadnginx
|
||||
|
||||
- name: send upstream.conf
|
||||
copy:
|
||||
src: files/upstream.conf
|
||||
dest: /etc/nginx/matrix
|
||||
notify: reloadnginx
|
||||
|
||||
handlers:
|
||||
- name: reloadnginx
|
||||
shell: /usr/sbin/nginx -s reload
|
|
@ -0,0 +1,91 @@
|
|||
# workers
|
||||
- name: create workers dir
|
||||
file:
|
||||
path: /etc/synapse/workers
|
||||
state: directory
|
||||
|
||||
|
||||
- name: copy worker logs
|
||||
copy:
|
||||
src: files/worker_log_config.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy client0
|
||||
copy:
|
||||
src: files/client0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy client1
|
||||
copy:
|
||||
src: files/client1.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy client2
|
||||
copy:
|
||||
src: files/client2.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy worker0
|
||||
copy:
|
||||
src: files/worker0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy worker4
|
||||
copy:
|
||||
src: files/worker4.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy worker5
|
||||
copy:
|
||||
src: files/worker5.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy worker6
|
||||
copy:
|
||||
src: files/worker6.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy receiver0
|
||||
copy:
|
||||
src: files/receiver0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver1
|
||||
copy:
|
||||
src: files/receiver1.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver2
|
||||
copy:
|
||||
src: files/receiver2.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver3
|
||||
copy:
|
||||
src: files/receiver3.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver4
|
||||
copy:
|
||||
src: files/receiver4.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy persister0
|
||||
copy:
|
||||
src: files/persister0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy persister1
|
||||
copy:
|
||||
src: files/persister1.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy persister2
|
||||
copy:
|
||||
src: files/persister2.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
|
@ -0,0 +1,73 @@
|
|||
### CLIENT WORKERS
|
||||
#sync worker
|
||||
- name: ensure client0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@client0.service
|
||||
enabled: yes
|
||||
#clientapi
|
||||
- name: ensure client1 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@client1.service
|
||||
enabled: yes
|
||||
#eventsender
|
||||
- name: ensure client2 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@client2.service
|
||||
enabled: yes
|
||||
### inne
|
||||
# user_dir
|
||||
- name: ensure worker0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker0.service
|
||||
enabled: yes
|
||||
#federationrequests
|
||||
- name: ensure worker4 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker4.service
|
||||
enabled: yes
|
||||
#federationsender
|
||||
- name: ensure worker5 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker5.service
|
||||
enabled: yes
|
||||
#mediarepo
|
||||
- name: ensure worker6 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker6.service
|
||||
enabled: yes
|
||||
|
||||
# federationreceiver
|
||||
- name: ensure receiver0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver0.service
|
||||
enabled: yes
|
||||
- name: ensure receiver1 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver1.service
|
||||
enabled: yes
|
||||
- name: ensure receiver2 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver2.service
|
||||
enabled: yes
|
||||
- name: ensure receiver3 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver3.service
|
||||
enabled: yes
|
||||
- name: ensure receiver4 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver4.service
|
||||
enabled: yes
|
||||
|
||||
# persister
|
||||
- name: ensure persister0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@persister0.service
|
||||
enabled: yes
|
||||
- name: ensure persister1 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@persister1.service
|
||||
enabled: yes
|
||||
- name: ensure persister2 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@persister2.service
|
||||
enabled: yes
|
|
@ -0,0 +1,16 @@
|
|||
id: 3921e49173897124c6b4f161b52b7ff95506b821c524384d83ddce73dfdf0f06
|
||||
hs_token: 894348cc013dc8ac17f652318191182de85fa969fdb5b0ae344ef0244346e66f
|
||||
as_token: 6c17b5916a7efdef170fa10cd09018c3c53f40f19441450ef6bbbeadb933583b
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: true
|
||||
regex: '@irc_.*:midov\.pl'
|
||||
aliases: []
|
||||
rooms:
|
||||
- exclusive: false
|
||||
regex: '!kaQXcNeHmlNSEkpzBv:midov.pl'
|
||||
url: 'http://honoka.midov.pl'
|
||||
sender_localpart: irc_bot
|
||||
rate_limited: false
|
||||
protocols:
|
||||
- irc
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: client0
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 5080
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: client1
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 5081
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: client2
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 5082
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,16 @@
|
|||
id: 07812359248975221ec900bb57181480aedda8d1e28e169bdf23fe07403187e1
|
||||
hs_token: 392ec5cf5a2ffcb34bb439babc6908a3c511b76d3913b1434e19fb7b6ea032d6
|
||||
as_token: daa0ec403531bbf3e10b7986f0e50d3b89ddf5893a4e3c9953d8b732d14cd723
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: true
|
||||
regex: '@_discord_.*'
|
||||
aliases:
|
||||
- exclusive: true
|
||||
regex: '#_discord_.*'
|
||||
rooms: []
|
||||
url: 'http://moka.midov.pl:9005'
|
||||
sender_localpart: _discord_bot
|
||||
rate_limited: false
|
||||
protocols:
|
||||
- discord
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,24 @@
|
|||
[Unit]
|
||||
Description=Synapse %i
|
||||
AssertPathExists=/etc/synapse/workers/%i.yaml
|
||||
|
||||
# This service should be restarted when the synapse target is restarted.
|
||||
PartOf=matrix-synapse.target
|
||||
|
||||
# if this is started at the same time as the main, let the main process start
|
||||
# first, to initialise the database schema.
|
||||
After=matrix-synapse.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=main
|
||||
User=synapse
|
||||
WorkingDirectory=/var/lib/synapse
|
||||
ExecStart=/usr/bin/python3 -m synapse.app.generic_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
SyslogIdentifier=matrix-synapse-%i
|
||||
|
||||
[Install]
|
||||
WantedBy=matrix-synapse.target
|
|
@ -0,0 +1,20 @@
|
|||
[Unit]
|
||||
Description=Synapse master
|
||||
|
||||
# This service should be restarted when the synapse target is restarted.
|
||||
PartOf=matrix-synapse.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=main
|
||||
User=synapse
|
||||
WorkingDirectory=/var/lib/synapse
|
||||
ExecStartPre=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/synapse/homeserver.yaml --generate-keys
|
||||
ExecStart=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/synapse/homeserver.yaml
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
SyslogIdentifier=synapse
|
||||
|
||||
[Install]
|
||||
WantedBy=matrix-synapse.target
|
|
@ -0,0 +1,6 @@
|
|||
[Unit]
|
||||
Description=Synapse parent target
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,367 @@
|
|||
# user_dir
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$ {
|
||||
proxy_pass http://userdir;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
# mediarepo worker
|
||||
location ~ /_matrix/media/ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/purge_media_cache$ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/room/.*/media.*$ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/user/.*/media.*$ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/media/.*$ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/quarantine_media/.*$ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
# federationrequests worker
|
||||
location ~ ^/_matrix/federation/v1/event/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/state/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/state_ids/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/backfill/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/get_missing_events/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/publicRooms {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/query/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/make_join/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/make_leave/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/send_join/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v2/send_leave/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/invite/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v2/invite/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/query_auth/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/event_auth/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/exchange_third_party_invite/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/user/devices/ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/federation/v1/get_groups_publicised$ {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/key/v2/query {
|
||||
proxy_pass http://federationrequests;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
# Inbound federation transaction request
|
||||
location ~ ^/_matrix/federation/v1/send/ {
|
||||
proxy_pass http://federationstransaction;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
# sync worker
|
||||
location ~ ^/_matrix/client/(v2_alpha|r0)/sync$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|v2_alpha|r0)/events$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0)/initialSync$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
|
||||
#clientapi worker
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/query$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/changes$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/versions$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
#eventsend worker
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/join/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/profile/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
|
||||
##### KONIEC WORKEROW ######
|
||||
# logi registracji
|
||||
location /_matrix/client/r0/register {
|
||||
access_log /tmp/register.log;
|
||||
error_log /var/log/nginx/matrixregister/error.log;
|
||||
proxy_pass http://matrix_backend/_matrix/client/r0/register;
|
||||
#proxy_pass http://1.2.3.4/_matrix/client/r0/register;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
# mxisd ldap
|
||||
location /_matrix/client/r0/user_directory {
|
||||
access_log /var/log/nginx/shinobu/access.log;
|
||||
error_log /var/log/nginx/shinobu/error.log;
|
||||
proxy_pass http://shinobu.midov.pl:8090/_matrix/client/r0/user_directory;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
# mxisd base
|
||||
location /_matrix/identity {
|
||||
access_log /var/log/nginx/shinobu/access.log;
|
||||
error_log /var/log/nginx/shinobu/error.log;
|
||||
proxy_pass http://shinobu.midov.pl:8090/_matrix/identity;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
# matrix we wlasnej osobie
|
||||
location /_matrix {
|
||||
access_log off;
|
||||
proxy_pass http://matrix_backend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
version: 1
|
||||
|
||||
# In systemd's journal, loglevel is implicitly stored, so let's omit it
|
||||
# from the message text.
|
||||
formatters:
|
||||
journal_fmt:
|
||||
format: '%(name)s: [%(request)s] %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
journal:
|
||||
class: systemd.journal.JournalHandler
|
||||
formatter: journal_fmt
|
||||
filters: [context]
|
||||
SYSLOG_IDENTIFIER: synapse
|
||||
|
||||
root:
|
||||
level: ERROR
|
||||
handlers: [journal]
|
||||
|
||||
disable_existing_loggers: False
|
|
@ -0,0 +1,23 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: persister0
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- port: 8030
|
||||
bind_address: '127.0.0.1'
|
||||
type: http
|
||||
resources:
|
||||
- names: [replication]
|
||||
|
||||
- type: http
|
||||
port: 8092
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,23 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: persister1
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- port: 8031
|
||||
bind_address: '127.0.0.1'
|
||||
type: http
|
||||
resources:
|
||||
- names: [replication]
|
||||
|
||||
- type: http
|
||||
port: 8093
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,23 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: persister2
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- port: 8032
|
||||
bind_address: '127.0.0.1'
|
||||
type: http
|
||||
resources:
|
||||
- names: [replication]
|
||||
|
||||
- type: http
|
||||
port: 8094
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: receiver0
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6080
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: receiver1
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6081
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: receiver2
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6082
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: receiver3
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6083
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: receiver4
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6084
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,217 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# REST endpoint Authentication module for Matrix synapse
|
||||
# Copyright (C) 2017 Kamax Sarl
|
||||
#
|
||||
# https://www.kamax.io/
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
import logging
|
||||
from twisted.internet import defer
|
||||
import requests
|
||||
import json
|
||||
import time
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class RestAuthProvider(object):
|
||||
|
||||
def __init__(self, config, account_handler):
|
||||
self.account_handler = account_handler
|
||||
|
||||
if not config.endpoint:
|
||||
raise RuntimeError('Missing endpoint config')
|
||||
|
||||
self.endpoint = config.endpoint
|
||||
self.regLower = config.regLower
|
||||
self.config = config
|
||||
|
||||
logger.info('Endpoint: %s', self.endpoint)
|
||||
logger.info('Enforce lowercase username during registration: %s', self.regLower)
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def check_password(self, user_id, password):
|
||||
logger.info("Got password check for " + user_id)
|
||||
data = {'user': {'id': user_id, 'password': password}}
|
||||
r = requests.post(self.endpoint + '/_matrix-internal/identity/v1/check_credentials', json=data)
|
||||
r.raise_for_status()
|
||||
r = r.json()
|
||||
if not r["auth"]:
|
||||
reason = "Invalid JSON data returned from REST endpoint"
|
||||
logger.warning(reason)
|
||||
raise RuntimeError(reason)
|
||||
|
||||
auth = r["auth"]
|
||||
if not auth["success"]:
|
||||
logger.info("User not authenticated")
|
||||
defer.returnValue(False)
|
||||
|
||||
localpart = user_id.split(":", 1)[0][1:]
|
||||
logger.info("User %s authenticated", user_id)
|
||||
|
||||
registration = False
|
||||
if not (yield self.account_handler.check_user_exists(user_id)):
|
||||
logger.info("User %s does not exist yet, creating...", user_id)
|
||||
|
||||
if localpart != localpart.lower() and self.regLower:
|
||||
logger.info('User %s was cannot be created due to username lowercase policy', localpart)
|
||||
defer.returnValue(False)
|
||||
|
||||
user_id, access_token = (yield self.account_handler.register(localpart=localpart))
|
||||
registration = True
|
||||
logger.info("Registration based on REST data was successful for %s", user_id)
|
||||
else:
|
||||
logger.info("User %s already exists, registration skipped", user_id)
|
||||
|
||||
if auth["profile"]:
|
||||
logger.info("Handling profile data")
|
||||
profile = auth["profile"]
|
||||
|
||||
# fixme: temporary fix
|
||||
try:
|
||||
store = yield self.account_handler._hs.get_profile_handler().store # for synapse >= 1.9.0
|
||||
except AttributeError:
|
||||
store = yield self.account_handler.hs.get_profile_handler().store # for synapse < 1.9.0
|
||||
|
||||
if "display_name" in profile and ((registration and self.config.setNameOnRegister) or (self.config.setNameOnLogin)):
|
||||
display_name = profile["display_name"]
|
||||
logger.info("Setting display name to '%s' based on profile data", display_name)
|
||||
yield store.set_profile_displayname(localpart, display_name)
|
||||
else:
|
||||
logger.info("Display name was not set because it was not given or policy restricted it")
|
||||
|
||||
if (self.config.updateThreepid):
|
||||
if "three_pids" in profile:
|
||||
logger.info("Handling 3PIDs")
|
||||
|
||||
external_3pids = []
|
||||
for threepid in profile["three_pids"]:
|
||||
medium = threepid["medium"].lower()
|
||||
address = threepid["address"].lower()
|
||||
external_3pids.append({"medium": medium, "address": address})
|
||||
logger.info("Looking for 3PID %s:%s in user profile", medium, address)
|
||||
|
||||
validated_at = time_msec()
|
||||
if not (yield store.get_user_id_by_threepid(medium, address)):
|
||||
logger.info("3PID is not present, adding")
|
||||
yield store.user_add_threepid(
|
||||
user_id,
|
||||
medium,
|
||||
address,
|
||||
validated_at,
|
||||
validated_at
|
||||
)
|
||||
else:
|
||||
logger.info("3PID is present, skipping")
|
||||
|
||||
if (self.config.replaceThreepid):
|
||||
for threepid in (yield store.user_get_threepids(user_id)):
|
||||
medium = threepid["medium"].lower()
|
||||
address = threepid["address"].lower()
|
||||
if {"medium": medium, "address": address} not in external_3pids:
|
||||
logger.info("3PID is not present in external datastore, deleting")
|
||||
yield store.user_delete_threepid(
|
||||
user_id,
|
||||
medium,
|
||||
address
|
||||
)
|
||||
|
||||
else:
|
||||
logger.info("3PIDs were not updated due to policy")
|
||||
else:
|
||||
logger.info("No profile data")
|
||||
|
||||
defer.returnValue(True)
|
||||
|
||||
@staticmethod
|
||||
def parse_config(config):
|
||||
# verify config sanity
|
||||
_require_keys(config, ["endpoint"])
|
||||
|
||||
class _RestConfig(object):
|
||||
endpoint = ''
|
||||
regLower = True
|
||||
setNameOnRegister = True
|
||||
setNameOnLogin = False
|
||||
updateThreepid = True
|
||||
replaceThreepid = False
|
||||
|
||||
rest_config = _RestConfig()
|
||||
rest_config.endpoint = config["endpoint"]
|
||||
|
||||
try:
|
||||
rest_config.regLower = config['policy']['registration']['username']['enforceLowercase']
|
||||
except TypeError:
|
||||
# we don't care
|
||||
pass
|
||||
except KeyError:
|
||||
# we don't care
|
||||
pass
|
||||
|
||||
try:
|
||||
rest_config.setNameOnRegister = config['policy']['registration']['profile']['name']
|
||||
except TypeError:
|
||||
# we don't care
|
||||
pass
|
||||
except KeyError:
|
||||
# we don't care
|
||||
pass
|
||||
|
||||
try:
|
||||
rest_config.setNameOnLogin = config['policy']['login']['profile']['name']
|
||||
except TypeError:
|
||||
# we don't care
|
||||
pass
|
||||
except KeyError:
|
||||
# we don't care
|
||||
pass
|
||||
|
||||
try:
|
||||
rest_config.updateThreepid = config['policy']['all']['threepid']['update']
|
||||
except TypeError:
|
||||
# we don't care
|
||||
pass
|
||||
except KeyError:
|
||||
# we don't care
|
||||
pass
|
||||
|
||||
try:
|
||||
rest_config.replaceThreepid = config['policy']['all']['threepid']['replace']
|
||||
except TypeError:
|
||||
# we don't care
|
||||
pass
|
||||
except KeyError:
|
||||
# we don't care
|
||||
pass
|
||||
|
||||
return rest_config
|
||||
|
||||
|
||||
def _require_keys(config, required):
|
||||
missing = [key for key in required if key not in config]
|
||||
if missing:
|
||||
raise Exception(
|
||||
"REST Auth enabled but missing required config values: {}".format(
|
||||
", ".join(missing)
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def time_msec():
|
||||
"""Get the current timestamp in milliseconds
|
||||
"""
|
||||
return int(time.time() * 1000)
|
|
@ -0,0 +1,15 @@
|
|||
as_token: be9c0272-2a96-4eb9-b155-b8bca30d7011
|
||||
hs_token: 64975784-2fea-4cd3-a0d0-adeaf29bf9e5
|
||||
id: steam-puppet
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: true
|
||||
regex: '@_steampuppet_.*'
|
||||
rooms: []
|
||||
aliases:
|
||||
- exclusive: true
|
||||
regex: '#_steampuppet_.*'
|
||||
protocols: []
|
||||
rate_limited: false
|
||||
sender_localpart: _steampuppet_bot
|
||||
url: 'http://steambridge.midov.pl:6000'
|
|
@ -0,0 +1,46 @@
|
|||
# primary matrix process
|
||||
upstream matrix_backend {
|
||||
server yoshika.midov.pl:8008;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
# sync worker client0
|
||||
upstream synchrotron {
|
||||
server yoshika.midov.pl:5080;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
# clientapi worker client1
|
||||
upstream clientapi {
|
||||
server yoshika.midov.pl:5081;
|
||||
keepalive 16;
|
||||
}
|
||||
# eventsend worker client2
|
||||
upstream eventsend {
|
||||
server yoshika.midov.pl:5082;
|
||||
keepalive 16;
|
||||
}
|
||||
# federationrequests worker
|
||||
upstream federationrequests {
|
||||
server yoshika.midov.pl:8086;
|
||||
keepalive 16;
|
||||
}
|
||||
# mediarepo worker
|
||||
upstream mediarepo {
|
||||
server yoshika.midov.pl:8088;
|
||||
keepalive 16;
|
||||
}
|
||||
# user_dir worker0
|
||||
upstream userdir {
|
||||
server yoshika.midov.pl:6030;
|
||||
keepalive 16;
|
||||
}
|
||||
# federationstransaction
|
||||
upstream federationstransaction {
|
||||
ip_hash;
|
||||
server yoshika.midov.pl:6080;
|
||||
server yoshika.midov.pl:6081;
|
||||
server yoshika.midov.pl:6082;
|
||||
server yoshika.midov.pl:6083;
|
||||
server yoshika.midov.pl:6084;
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.user_dir
|
||||
worker_name: worker0.yaml
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6030
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: worker4
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 8086
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.federation_sender
|
||||
worker_name: worker5
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 8087
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.media_repository
|
||||
worker_name: worker6
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 8088
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names:
|
||||
- media
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -0,0 +1,25 @@
|
|||
version: 1
|
||||
|
||||
# In systemd's journal, loglevel is implicitly stored, so let's omit it
|
||||
# from the message text.
|
||||
formatters:
|
||||
journal_fmt:
|
||||
format: '%(name)s: [%(request)s] %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
journal:
|
||||
class: systemd.journal.JournalHandler
|
||||
formatter: journal_fmt
|
||||
filters: [context]
|
||||
SYSLOG_IDENTIFIER: synapse-worker
|
||||
|
||||
root:
|
||||
level: ERROR
|
||||
handlers: [journal]
|
||||
|
||||
disable_existing_loggers: False
|
|
@ -0,0 +1,6 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39336131343632613632306462306363353464303064633463396661343062613235613233303264
|
||||
6130333332386661623666393165383234613763646334360a393065353737633234383465323166
|
||||
63633534653431376163623936346530663832663237613831383535656336333939616637353632
|
||||
3462326263636139620a303932663439333434643566313865646637643432303731626330616166
|
||||
6366
|
Loading…
Reference in New Issue