updated for 2023
This commit is contained in:
parent
5bda5ad095
commit
ecbd69a16a
|
@ -1,91 +0,0 @@
|
|||
# workers
|
||||
- name: create workers dir
|
||||
file:
|
||||
path: /etc/synapse/workers
|
||||
state: directory
|
||||
|
||||
|
||||
- name: copy worker logs
|
||||
copy:
|
||||
src: files/worker_log_config.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy client0
|
||||
copy:
|
||||
src: files/client0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy client1
|
||||
copy:
|
||||
src: files/client1.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy client2
|
||||
copy:
|
||||
src: files/client2.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy worker0
|
||||
copy:
|
||||
src: files/worker0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy worker4
|
||||
copy:
|
||||
src: files/worker4.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy worker5
|
||||
copy:
|
||||
src: files/worker5.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy worker6
|
||||
copy:
|
||||
src: files/worker6.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy receiver0
|
||||
copy:
|
||||
src: files/receiver0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver1
|
||||
copy:
|
||||
src: files/receiver1.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver2
|
||||
copy:
|
||||
src: files/receiver2.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver3
|
||||
copy:
|
||||
src: files/receiver3.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy receiver4
|
||||
copy:
|
||||
src: files/receiver4.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy persister0
|
||||
copy:
|
||||
src: files/persister0.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy persister1
|
||||
copy:
|
||||
src: files/persister1.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
||||
- name: copy persister2
|
||||
copy:
|
||||
src: files/persister2.yaml
|
||||
dest: /etc/synapse/workers
|
||||
notify: restartsynapse
|
|
@ -1,73 +0,0 @@
|
|||
### CLIENT WORKERS
|
||||
#sync worker
|
||||
- name: ensure client0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@client0.service
|
||||
enabled: yes
|
||||
#clientapi
|
||||
- name: ensure client1 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@client1.service
|
||||
enabled: yes
|
||||
#eventsender
|
||||
- name: ensure client2 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@client2.service
|
||||
enabled: yes
|
||||
### inne
|
||||
# user_dir
|
||||
- name: ensure worker0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker0.service
|
||||
enabled: yes
|
||||
#federationrequests
|
||||
- name: ensure worker4 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker4.service
|
||||
enabled: yes
|
||||
#federationsender
|
||||
- name: ensure worker5 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker5.service
|
||||
enabled: yes
|
||||
#mediarepo
|
||||
- name: ensure worker6 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@worker6.service
|
||||
enabled: yes
|
||||
|
||||
# federationreceiver
|
||||
- name: ensure receiver0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver0.service
|
||||
enabled: yes
|
||||
- name: ensure receiver1 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver1.service
|
||||
enabled: yes
|
||||
- name: ensure receiver2 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver2.service
|
||||
enabled: yes
|
||||
- name: ensure receiver3 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver3.service
|
||||
enabled: yes
|
||||
- name: ensure receiver4 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@receiver4.service
|
||||
enabled: yes
|
||||
|
||||
# persister
|
||||
- name: ensure persister0 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@persister0.service
|
||||
enabled: yes
|
||||
- name: ensure persister1 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@persister1.service
|
||||
enabled: yes
|
||||
- name: ensure persister2 is enabled
|
||||
systemd:
|
||||
name: matrix-synapse-worker@persister2.service
|
||||
enabled: yes
|
|
@ -0,0 +1,50 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Copyright © 2016, 2017 Mohamed El Morabity <melmorabity@fedoraproject.com>
|
||||
#
|
||||
# This module is free software: you can redistribute it and/or modify it under
|
||||
# the terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# This software is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
PLUGINDIR=$(dirname $0)
|
||||
. $PLUGINDIR/utils.sh
|
||||
|
||||
|
||||
if [[ $# -ne 1 ]]; then
|
||||
echo "Usage: ${0##*/} <service name>"
|
||||
exit $STATE_UNKNOWN
|
||||
fi
|
||||
|
||||
service=$1
|
||||
|
||||
|
||||
status=$(systemctl is-enabled $service 2>/dev/null)
|
||||
r=$?
|
||||
if [[ -z "$status" ]]; then
|
||||
echo "ERROR: service $service doesn't exist"
|
||||
exit $STATE_CRITICAL
|
||||
fi
|
||||
|
||||
if [[ $r -ne 0 ]]; then
|
||||
echo "ERROR: service $service is $status"
|
||||
exit $STATE_CRITICAL
|
||||
fi
|
||||
|
||||
|
||||
systemctl --quiet is-active $service
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "ERROR: service $service is not running"
|
||||
exit $STATE_CRITICAL
|
||||
fi
|
||||
|
||||
echo "OK: service $service is running"
|
||||
exit $STATE_OK
|
|
@ -1,16 +0,0 @@
|
|||
id: 07812359248975221ec900bb57181480aedda8d1e28e169bdf23fe07403187e1
|
||||
hs_token: 392ec5cf5a2ffcb34bb439babc6908a3c511b76d3913b1434e19fb7b6ea032d6
|
||||
as_token: daa0ec403531bbf3e10b7986f0e50d3b89ddf5893a4e3c9953d8b732d14cd723
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: true
|
||||
regex: '@_discord_.*'
|
||||
aliases:
|
||||
- exclusive: true
|
||||
regex: '#_discord_.*'
|
||||
rooms: []
|
||||
url: 'http://moka.midov.pl:9005'
|
||||
sender_localpart: _discord_bot
|
||||
rate_limited: false
|
||||
protocols:
|
||||
- discord
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,129 @@
|
|||
no_tls: True
|
||||
server_name: "{{ matrix_server_name }}"
|
||||
use_presence: true
|
||||
|
||||
listeners:
|
||||
- port: 9093
|
||||
bind_address: '127.0.0.1'
|
||||
type: http
|
||||
resources:
|
||||
- names: [replication]
|
||||
- port: 8008
|
||||
tls: false
|
||||
bind_addresses: ['0.0.0.0']
|
||||
type: http
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
database:
|
||||
name: "psycopg2"
|
||||
args:
|
||||
user: "{{ postgres_user }}"
|
||||
password: "{{ postgres_user_password }}"
|
||||
database: "{{ postgres_database }}"
|
||||
host: "{{ postgres_host }}"
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
|
||||
log_config: "/etc/synapse/{{ matrix_server_name }}.log.config"
|
||||
|
||||
rc_joins:
|
||||
local:
|
||||
per_second: 0.2
|
||||
bust_count: 10
|
||||
remote:
|
||||
per_second: 0.001
|
||||
burst_count: 6
|
||||
rc_federation:
|
||||
window_size: 1000
|
||||
sleep_limit: 100
|
||||
sleep_delay: 100
|
||||
reject_limit: 350
|
||||
concurrent: 50
|
||||
|
||||
media_store_path: "/var/lib/synapse/media_store"
|
||||
uploads_path: "/var/lib/synapse/uploads"
|
||||
max_upload_size: "30M"
|
||||
max_image_pixels: "32M"
|
||||
|
||||
url_preview_enabled: false
|
||||
|
||||
turn_uris: [ {{ turn_uris }} ]
|
||||
turn_shared_secret: {{ turn_password }}
|
||||
turn_user_lifetime: 86400000
|
||||
|
||||
enable_registration: False
|
||||
|
||||
registration_shared_secret: "{{ registration_secret }}"
|
||||
|
||||
allow_guest_access: False
|
||||
|
||||
default_identity_server: https://{{ matrix_server_name }}
|
||||
|
||||
trusted_third_party_id_servers:
|
||||
- {{ matrix_server_name }}
|
||||
|
||||
auto_join_rooms:
|
||||
- "#public:{{ matrix_server_name }}"
|
||||
|
||||
enable_metrics: True
|
||||
report_stats: true
|
||||
|
||||
app_service_config_files:
|
||||
- "/etc/synapse/appservice-registration-irc.yaml"
|
||||
- "/etc/synapse/steamregistration.yaml"
|
||||
|
||||
macaroon_secret_key: "{{ macaroon_secret }}"
|
||||
|
||||
form_secret: "{{ form_secret }}"
|
||||
|
||||
signing_key_path: "/etc/synapse/{{ matrix_server_name }}.signing.key"
|
||||
|
||||
email:
|
||||
enable_notifs: true
|
||||
smtp_host: "midomail.midov.pl"
|
||||
smtp_port: 587
|
||||
require_transport_security: True
|
||||
notif_from: "ENLARGE YOUR PENIS TODAY <notify@midov.pl>"
|
||||
app_name: Matrix
|
||||
riot_base_url: "https://midov.pl/matrix"
|
||||
|
||||
password_providers:
|
||||
- module: "rest_auth_provider.RestAuthProvider"
|
||||
config:
|
||||
endpoint: "http://shinobu.midov.pl:8090"
|
||||
|
||||
enable_group_creation: true
|
||||
|
||||
suppress_key_server_warning: true
|
||||
allow_public_rooms_without_auth: true
|
||||
allow_public_rooms_over_federation: true
|
||||
allow_profile_lookup_over_federation: true
|
||||
allow_device_name_lookup_over_federation: true
|
||||
|
||||
worker_replication_secret: "{{ worker_secret }}"
|
||||
redis:
|
||||
enabled: true
|
||||
|
||||
send_federation: False
|
||||
enable_media_repo: False
|
||||
update_user_directory: True
|
||||
|
||||
instance_map:
|
||||
persister0:
|
||||
host: 127.0.0.1
|
||||
port: 8030
|
||||
persister1:
|
||||
host: 127.0.0.1
|
||||
port: 8031
|
||||
persister2:
|
||||
host: 127.0.0.1
|
||||
port: 8032
|
||||
|
||||
stream_writers:
|
||||
events:
|
||||
- persister0
|
||||
- persister1
|
||||
- persister2
|
|
@ -1,15 +1,10 @@
|
|||
# user_dir
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$ {
|
||||
proxy_pass http://userdir;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
# mediarepo worker
|
||||
location ~ /_matrix/media/ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
access_log off;
|
||||
#access_log /var/log/nginx/matrix/media.log;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/purge_media_cache$ {
|
||||
|
@ -42,6 +37,12 @@
|
|||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/users/.*/media$ {
|
||||
proxy_pass http://mediarepo;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
# federationrequests worker
|
||||
location ~ ^/_matrix/federation/v1/event/ {
|
||||
|
@ -164,34 +165,40 @@
|
|||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
access_log off;
|
||||
#access_log /var/log/nginx/matrix/sendacces.log;
|
||||
}
|
||||
# sync worker
|
||||
location ~ ^/_matrix/client/(v2_alpha|r0)/sync$ {
|
||||
location ~ ^/_matrix/client/(v2_alpha|r0|v3)/sync$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
limit_req zone=synchro burst=1200 nodelay;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|v2_alpha|r0)/events$ {
|
||||
location ~ ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
limit_req zone=synchro burst=1200 nodelay;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0)/initialSync$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
limit_req zone=synchro burst=1200 nodelay;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
|
||||
proxy_pass http://synchrotron;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
limit_req zone=synchro burst=1200 nodelay;
|
||||
}
|
||||
|
||||
|
||||
|
@ -204,91 +211,129 @@
|
|||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ {
|
||||
# ratelimiting robieniapokoi
|
||||
limit_req zone=roomcreate burst=50 nodelay;
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/query$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/changes$ {
|
||||
location ~ ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/versions$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/ {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ {
|
||||
proxy_pass http://clientapi;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
|
@ -296,70 +341,102 @@
|
|||
}
|
||||
|
||||
#eventsend worker
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
|
||||
# login invitow
|
||||
access_log off;
|
||||
# access_log /var/log/nginx/matrixinvite/access.log;
|
||||
# ratelimiting invitow
|
||||
limit_req zone=invite burst=60 nodelay;
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/ {
|
||||
proxy_pass http://eventsend;
|
||||
# frontendproxy worker
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload {
|
||||
proxy_pass http://frontendproxy;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
|
||||
proxy_pass http://eventsend;
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status {
|
||||
proxy_pass http://frontendproxy;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/join/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/profile/ {
|
||||
proxy_pass http://eventsend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
|
||||
##### KONIEC WORKEROW ######
|
||||
# logi registracji
|
||||
location /_matrix/client/r0/register {
|
||||
access_log /tmp/register.log;
|
||||
error_log /var/log/nginx/matrixregister/error.log;
|
||||
proxy_pass http://matrix_backend/_matrix/client/r0/register;
|
||||
#proxy_pass http://1.2.3.4/_matrix/client/r0/register;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
### registration is off now
|
||||
#location /_matrix/client/r0/register {
|
||||
# # ratelimiting rejestracji
|
||||
# limit_req zone=register burst=60 nodelay;
|
||||
# # logi registracji
|
||||
# access_log /var/log/nginx/matrixregister/access.log;
|
||||
# proxy_pass http://matrix_backend/_matrix/client/r0/register;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#}
|
||||
### registration is off now
|
||||
|
||||
# mxisd ldap
|
||||
location /_matrix/client/r0/user_directory {
|
||||
access_log /var/log/nginx/shinobu/access.log;
|
||||
error_log /var/log/nginx/shinobu/error.log;
|
||||
proxy_pass http://shinobu.midov.pl:8090/_matrix/client/r0/user_directory;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
# mxisd base
|
||||
location /_matrix/identity {
|
||||
access_log /var/log/nginx/shinobu/access.log;
|
||||
error_log /var/log/nginx/shinobu/error.log;
|
||||
proxy_pass http://shinobu.midov.pl:8090/_matrix/identity;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
# matrix we wlasnej osobie
|
||||
location /_matrix {
|
||||
access_log off;
|
||||
#access_log /var/log/nginx/matrix/synapse_access.log;
|
||||
proxy_pass http://matrix_backend;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,362 @@
|
|||
#############################################################################
|
||||
#
|
||||
# Sample NRPE Config File
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# This is a sample configuration file for the NRPE daemon. It needs to be
|
||||
# located on the remote host that is running the NRPE daemon, not the host
|
||||
# from which the check_nrpe client is being executed.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
|
||||
# LOG FACILITY
|
||||
# The syslog facility that should be used for logging purposes.
|
||||
|
||||
log_facility=daemon
|
||||
|
||||
|
||||
|
||||
# LOG FILE
|
||||
# If a log file is specified in this option, nrpe will write to
|
||||
# that file instead of using syslog.
|
||||
|
||||
#log_file=/usr/var/nrpe.log
|
||||
|
||||
|
||||
|
||||
# DEBUGGING OPTION
|
||||
# This option determines whether or not debugging messages are logged to the
|
||||
# syslog facility.
|
||||
# Values: 0=debugging off, 1=debugging on
|
||||
|
||||
debug=0
|
||||
|
||||
|
||||
|
||||
# PID FILE
|
||||
# The name of the file in which the NRPE daemon should write it's process ID
|
||||
# number. The file is only written if the NRPE daemon is started by the root
|
||||
# user and is running in standalone mode.
|
||||
|
||||
pid_file=/run/nrpe/nrpe.pid
|
||||
|
||||
|
||||
|
||||
# PORT NUMBER
|
||||
# Port number we should wait for connections on.
|
||||
# NOTE: This must be a non-privileged port (i.e. > 1024).
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
server_port=5666
|
||||
|
||||
|
||||
|
||||
# SERVER ADDRESS
|
||||
# Address that nrpe should bind to in case there are more than one interface
|
||||
# and you do not want nrpe to bind on all interfaces.
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
#server_address=127.0.0.1
|
||||
|
||||
|
||||
|
||||
# LISTEN QUEUE SIZE
|
||||
# Listen queue size (backlog) for serving incoming connections.
|
||||
# You may want to increase this value under high load.
|
||||
|
||||
#listen_queue_size=5
|
||||
|
||||
|
||||
|
||||
# NRPE USER
|
||||
# This determines the effective user that the NRPE daemon should run as.
|
||||
# You can either supply a username or a UID.
|
||||
#
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
nrpe_user=nrpe
|
||||
|
||||
|
||||
|
||||
# NRPE GROUP
|
||||
# This determines the effective group that the NRPE daemon should run as.
|
||||
# You can either supply a group name or a GID.
|
||||
#
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
nrpe_group=nrpe
|
||||
|
||||
|
||||
|
||||
# ALLOWED HOST ADDRESSES
|
||||
# This is an optional comma-delimited list of IP address or hostnames
|
||||
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
|
||||
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
|
||||
# supported.
|
||||
#
|
||||
# Note: The daemon only does rudimentary checking of the client's IP
|
||||
# address. I would highly recommend adding entries in your /etc/hosts.allow
|
||||
# file to allow only the specified host to connect to the port
|
||||
# you are running this daemon on.
|
||||
#
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
allowed_hosts=rize.midov.pl
|
||||
|
||||
|
||||
|
||||
# COMMAND ARGUMENT PROCESSING
|
||||
# This option determines whether or not the NRPE daemon will allow clients
|
||||
# to specify arguments to commands that are executed. This option only works
|
||||
# if the daemon was configured with the --enable-command-args configure script
|
||||
# option.
|
||||
#
|
||||
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
|
||||
# Read the SECURITY file for information on some of the security implications
|
||||
# of enabling this variable.
|
||||
#
|
||||
# Values: 0=do not allow arguments, 1=allow command arguments
|
||||
|
||||
dont_blame_nrpe=0
|
||||
|
||||
|
||||
|
||||
# BASH COMMAND SUBSTITUTION
|
||||
# This option determines whether or not the NRPE daemon will allow clients
|
||||
# to specify arguments that contain bash command substitutions of the form
|
||||
# $(...). This option only works if the daemon was configured with both
|
||||
# the --enable-command-args and --enable-bash-command-substitution configure
|
||||
# script options.
|
||||
#
|
||||
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
|
||||
# Read the SECURITY file for information on some of the security implications
|
||||
# of enabling this variable.
|
||||
#
|
||||
# Values: 0=do not allow bash command substitutions,
|
||||
# 1=allow bash command substitutions
|
||||
|
||||
allow_bash_command_substitution=0
|
||||
|
||||
|
||||
|
||||
# COMMAND PREFIX
|
||||
# This option allows you to prefix all commands with a user-defined string.
|
||||
# A space is automatically added between the specified prefix string and the
|
||||
# command line from the command definition.
|
||||
#
|
||||
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
|
||||
# Usage scenario:
|
||||
# Execute restricted commmands using sudo. For this to work, you need to add
|
||||
# the nagios user to your /etc/sudoers. An example entry for allowing
|
||||
# execution of the plugins from might be:
|
||||
#
|
||||
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
|
||||
#
|
||||
# This lets the nagios user run all commands in that directory (and only them)
|
||||
# without asking for a password. If you do this, make sure you don't give
|
||||
# random users write access to that directory or its contents!
|
||||
|
||||
# command_prefix=/usr/bin/sudo
|
||||
|
||||
|
||||
# MAX COMMANDS
|
||||
# This specifies how many children processes may be spawned at any one
|
||||
# time, essentially limiting the fork()s that occur.
|
||||
# Default (0) is set to unlimited
|
||||
# max_commands=0
|
||||
|
||||
|
||||
|
||||
# COMMAND TIMEOUT
|
||||
# This specifies the maximum number of seconds that the NRPE daemon will
|
||||
# allow plugins to finish executing before killing them off.
|
||||
|
||||
command_timeout=60
|
||||
|
||||
|
||||
|
||||
# CONNECTION TIMEOUT
|
||||
# This specifies the maximum number of seconds that the NRPE daemon will
|
||||
# wait for a connection to be established before exiting. This is sometimes
|
||||
# seen where a network problem stops the SSL being established even though
|
||||
# all network sessions are connected. This causes the nrpe daemons to
|
||||
# accumulate, eating system resources. Do not set this too low.
|
||||
|
||||
connection_timeout=300
|
||||
|
||||
|
||||
|
||||
# WEAK RANDOM SEED OPTION
|
||||
# This directive allows you to use SSL even if your system does not have
|
||||
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
|
||||
# were not applied). The random number generator will be seeded from a file
|
||||
# which is either a file pointed to by the environment valiable $RANDFILE
|
||||
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
|
||||
# be initialized and a warning will be issued.
|
||||
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
|
||||
|
||||
#allow_weak_random_seed=1
|
||||
|
||||
|
||||
|
||||
# SSL/TLS OPTIONS
|
||||
# These directives allow you to specify how to use SSL/TLS.
|
||||
|
||||
# SSL VERSION
|
||||
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
|
||||
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
|
||||
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
|
||||
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
|
||||
# TLSv1.2+ (use TLSv1.2 or above)
|
||||
# If an "or above" version is used, the best will be negotiated. So if both
|
||||
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
|
||||
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
|
||||
|
||||
#ssl_version=SSLv2+
|
||||
|
||||
# SSL USE ADH
|
||||
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
|
||||
# ADH or 2 to require ADH. 1 is currently the default but will be changed
|
||||
# in a later version.
|
||||
|
||||
#ssl_use_adh=1
|
||||
|
||||
# SSL CIPHER LIST
|
||||
# This lists which ciphers can be used. For backward compatibility, this
|
||||
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,
|
||||
# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and
|
||||
# greater.
|
||||
|
||||
#ssl_cipher_list=ALL:!MD5:@STRENGTH
|
||||
#ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
|
||||
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
|
||||
|
||||
# SSL Certificate and Private Key Files
|
||||
|
||||
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
|
||||
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
|
||||
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
|
||||
|
||||
# SSL USE CLIENT CERTS
|
||||
# This options determines client certificate usage.
|
||||
# Values: 0 = Don't ask for or require client certificates (default)
|
||||
# 1 = Ask for client certificates
|
||||
# 2 = Require client certificates
|
||||
|
||||
#ssl_client_certs=0
|
||||
|
||||
# SSL LOGGING
|
||||
# This option determines which SSL messages are send to syslog. OR values
|
||||
# together to specify multiple options.
|
||||
|
||||
# Values: 0x00 (0) = No additional logging (default)
|
||||
# 0x01 (1) = Log startup SSL/TLS parameters
|
||||
# 0x02 (2) = Log remote IP address
|
||||
# 0x04 (4) = Log SSL/TLS version of connections
|
||||
# 0x08 (8) = Log which cipher is being used for the connection
|
||||
# 0x10 (16) = Log if client has a certificate
|
||||
# 0x20 (32) = Log details of client's certificate if it has one
|
||||
# -1 or 0xff or 0x2f = All of the above
|
||||
|
||||
#ssl_logging=0x00
|
||||
|
||||
|
||||
|
||||
# NASTY METACHARACTERS
|
||||
# This option allows you to override the list of characters that cannot
|
||||
# be passed to the NRPE daemon.
|
||||
|
||||
# nasty_metachars="|`&><'\\[]{};\r\n"
|
||||
|
||||
|
||||
|
||||
# COMMAND DEFINITIONS
|
||||
# Command definitions that this daemon will run. Definitions
|
||||
# are in the following format:
|
||||
#
|
||||
# command[<command_name>]=<command_line>
|
||||
#
|
||||
# When the daemon receives a request to return the results of <command_name>
|
||||
# it will execute the command specified by the <command_line> argument.
|
||||
#
|
||||
# Unlike Nagios, the command line cannot contain macros - it must be
|
||||
# typed exactly as it should be executed.
|
||||
#
|
||||
# Note: Any plugins that are used in the command lines must reside
|
||||
# on the machine that this daemon is running on! The examples below
|
||||
# assume that you have plugins installed in a /usr/local/nagios/libexec
|
||||
# directory. Also note that you will have to modify the definitions below
|
||||
# to match the argument format the plugins expect. Remember, these are
|
||||
# examples only!
|
||||
|
||||
|
||||
# The following examples use hardcoded command arguments...
|
||||
# This is by far the most secure method of using NRPE
|
||||
|
||||
command[check_systemd_synapse]=/usr/lib/monitoring-plugins/check_systemd matrix-synapse.service
|
||||
command[check_users]=/usr/lib/monitoring-plugins/check_users -w 5 -c 10
|
||||
command[check_load]=/usr/lib/monitoring-plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20
|
||||
command[check_hda1]=/usr/lib/monitoring-plugins/check_disk -w 20% -c 10% -p /dev/hda1
|
||||
command[check_zombie_procs]=/usr/lib/monitoring-plugins/check_procs -w 5 -c 10 -s Z
|
||||
command[check_total_procs]=/usr/lib/monitoring-plugins/check_procs -w 150 -c 200
|
||||
|
||||
|
||||
# The following examples allow user-supplied arguments and can
|
||||
# only be used if the NRPE daemon was compiled with support for
|
||||
# command arguments *AND* the dont_blame_nrpe directive in this
|
||||
# config file is set to '1'. This poses a potential security risk, so
|
||||
# make sure you read the SECURITY file before doing this.
|
||||
|
||||
### MISC SYSTEM METRICS ###
|
||||
#command[check_users]=/usr/lib/monitoring-plugins/check_users $ARG1$
|
||||
#command[check_load]=/usr/lib/monitoring-plugins/check_load $ARG1$
|
||||
#command[check_disk]=/usr/lib/monitoring-plugins/check_disk $ARG1$
|
||||
#command[check_swap]=/usr/lib/monitoring-plugins/check_swap $ARG1$
|
||||
#command[check_cpu_stats]=/usr/lib/monitoring-plugins/check_cpu_stats.sh $ARG1$
|
||||
#command[check_mem]=/usr/lib/monitoring-plugins/custom_check_mem -n $ARG1$
|
||||
|
||||
### GENERIC SERVICES ###
|
||||
#command[check_init_service]=sudo /usr/lib/monitoring-plugins/check_init_service $ARG1$
|
||||
#command[check_services]=/usr/lib/monitoring-plugins/check_services -p $ARG1$
|
||||
|
||||
### SYSTEM UPDATES ###
|
||||
#command[check_yum]=/usr/lib/monitoring-plugins/check_yum
|
||||
#command[check_apt]=/usr/lib/monitoring-plugins/check_apt
|
||||
|
||||
### PROCESSES ###
|
||||
#command[check_all_procs]=/usr/lib/monitoring-plugins/custom_check_procs
|
||||
#command[check_procs]=/usr/lib/monitoring-plugins/check_procs $ARG1$
|
||||
|
||||
### OPEN FILES ###
|
||||
#command[check_open_files]=/usr/lib/monitoring-plugins/check_open_files.pl $ARG1$
|
||||
|
||||
### NETWORK CONNECTIONS ###
|
||||
#command[check_netstat]=/usr/lib/monitoring-plugins/check_netstat.pl -p $ARG1$ $ARG2$
|
||||
|
||||
### ASTERISK ###
|
||||
#command[check_asterisk]=/usr/lib/monitoring-plugins/check_asterisk.pl $ARG1$
|
||||
#command[check_sip]=/usr/lib/monitoring-plugins/check_sip $ARG1$
|
||||
#command[check_asterisk_sip_peers]=sudo /usr/lib/monitoring-plugins/check_asterisk_sip_peers.sh $ARG1$
|
||||
#command[check_asterisk_version]=/usr/lib/monitoring-plugins/nagisk.pl -c version
|
||||
#command[check_asterisk_peers]=/usr/lib/monitoring-plugins/nagisk.pl -c peers
|
||||
#command[check_asterisk_channels]=/usr/lib/monitoring-plugins/nagisk.pl -c channels
|
||||
#command[check_asterisk_zaptel]=/usr/lib/monitoring-plugins/nagisk.pl -c zaptel
|
||||
#command[check_asterisk_span]=/usr/lib/monitoring-plugins/nagisk.pl -c span -s 1
|
||||
|
||||
|
||||
|
||||
# INCLUDE CONFIG FILE
|
||||
# This directive allows you to include definitions from an external config file.
|
||||
|
||||
#include=<somefile.cfg>
|
||||
|
||||
|
||||
|
||||
# INCLUDE CONFIG DIRECTORY
|
||||
# This directive allows you to include definitions from config files (with a
|
||||
# .cfg extension) in one or more directories (with recursion).
|
||||
|
||||
#include_dir=<somedirectory>
|
||||
#include_dir=<someotherdirectory>
|
|
@ -1,3 +1,17 @@
|
|||
geo $limit {
|
||||
default 1;
|
||||
10.0.0.0/24 0;
|
||||
}
|
||||
|
||||
map $limit $limit_key {
|
||||
0 "";
|
||||
1 $binary_remote_addr;
|
||||
}
|
||||
limit_req_zone $limit_key zone=synchro:10m rate=900r/m;
|
||||
limit_req_zone $limit_key zone=invite:10m rate=30r/m;
|
||||
limit_req_zone $binary_remote_addr zone=roomcreate:10m rate=30r/m;
|
||||
#limit_req_zone $limit_key zone=register:10m rate=30r/m;
|
||||
|
||||
# primary matrix process
|
||||
upstream matrix_backend {
|
||||
server yoshika.midov.pl:8008;
|
||||
|
@ -6,7 +20,13 @@
|
|||
|
||||
# sync worker client0
|
||||
upstream synchrotron {
|
||||
hash $remote_addr;
|
||||
|
||||
server yoshika.midov.pl:5080;
|
||||
server yoshika.midov.pl:5083;
|
||||
server yoshika.midov.pl:5084;
|
||||
server yoshika.midov.pl:5085;
|
||||
server yoshika.midov.pl:5086;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
|
@ -38,9 +58,18 @@
|
|||
# federationstransaction
|
||||
upstream federationstransaction {
|
||||
ip_hash;
|
||||
#hash $remote_addr;
|
||||
|
||||
server yoshika.midov.pl:6080;
|
||||
server yoshika.midov.pl:6081;
|
||||
server yoshika.midov.pl:6082;
|
||||
server yoshika.midov.pl:6083;
|
||||
server yoshika.midov.pl:6084;
|
||||
#server yoshika.midov.pl:6083;
|
||||
#server yoshika.midov.pl:6084;
|
||||
#server yoshika.midov.pl:6085;
|
||||
#server yoshika.midov.pl:6086;
|
||||
}
|
||||
# frontendproxy
|
||||
upstream frontendproxy {
|
||||
server yoshika.midov.pl:6025;
|
||||
keepalive 16;
|
||||
}
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
worker_app: synapse.app.federation_sender
|
||||
worker_name: worker5
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 8087
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: client3
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 5083
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: client4
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 5084
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: client5
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 5085
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: client6
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 5086
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,18 @@
|
|||
worker_app: synapse.app.frontend_proxy
|
||||
worker_name: frontendproxy
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6025
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
||||
worker_main_http_uri: http://127.0.0.1:8008
|
|
@ -20,4 +20,4 @@ worker_listeners:
|
|||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -20,4 +20,4 @@ worker_listeners:
|
|||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -20,4 +20,4 @@ worker_listeners:
|
|||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: receiver4
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6085
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,17 @@
|
|||
worker_app: synapse.app.generic_worker
|
||||
worker_name: receiver4
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_listeners:
|
||||
- type: http
|
||||
port: 6086
|
||||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [client]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -11,7 +11,7 @@ worker_listeners:
|
|||
bind_addresses: ['0.0.0.0']
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -0,0 +1,8 @@
|
|||
worker_app: synapse.app.federation_sender
|
||||
worker_name: worker5
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host: 127.0.0.1
|
||||
worker_replication_http_port: 9093
|
||||
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -14,4 +14,4 @@ worker_listeners:
|
|||
- names:
|
||||
- media
|
||||
|
||||
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
|
||||
worker_log_config: /etc/synapse/midov.pl.log.config
|
|
@ -1,18 +1,17 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
# archlinux db
|
||||
- name: OS install
|
||||
- name: Synapse Config
|
||||
become: no
|
||||
hosts: yoshika.midov.pl
|
||||
vars_files:
|
||||
- vars/main.yaml
|
||||
- vars/passwords.yaml
|
||||
roles:
|
||||
- archlinux
|
||||
- shell
|
||||
- mail
|
||||
tasks:
|
||||
- name: arch basic setup
|
||||
import_tasks: ../arch_basic_setup.yaml
|
||||
- name: update and install
|
||||
import_tasks: ../update_and_install.yaml
|
||||
- name: basic shell config
|
||||
import_tasks: ../shell.yaml
|
||||
|
||||
- name: pacman install
|
||||
pacman:
|
||||
|
@ -24,6 +23,8 @@
|
|||
- hiredis
|
||||
- python-hiredis
|
||||
- python-psycopg2
|
||||
- nrpe
|
||||
- monitoring-plugins
|
||||
state: present
|
||||
|
||||
- name: start redis service
|
||||
|
@ -33,9 +34,9 @@
|
|||
enabled: yes
|
||||
|
||||
- name: copy synapse config
|
||||
copy:
|
||||
src: files/homeserver.yaml
|
||||
dest: /etc/synapse
|
||||
template:
|
||||
src: files/homeserver.yaml.j2
|
||||
dest: /etc/synapse/homeserver.yaml
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy synapse service files
|
||||
|
@ -74,21 +75,26 @@
|
|||
dest: /etc/synapse
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy discordbridge
|
||||
copy:
|
||||
src: files/discord-registration.yaml
|
||||
dest: /etc/synapse
|
||||
notify: restartsynapse
|
||||
|
||||
- name: copy ldap provider
|
||||
copy:
|
||||
src: files/rest_auth_provider.py
|
||||
dest: /usr/lib/python3.9/site-packages/
|
||||
dest: /usr/lib/python{{ ansible_python_version.split(".")[0] }}.{{ansible_python_version.split(".")[1] }}/site-packages/
|
||||
|
||||
- name: create workers dir
|
||||
file:
|
||||
path: /etc/synapse/workers
|
||||
state: directory
|
||||
|
||||
- name: copy worker files
|
||||
synchronize:
|
||||
src: files/workers
|
||||
dest: /etc/synapse/
|
||||
|
||||
- name: copy worker config files
|
||||
import_tasks: copyconfigfiles.yaml
|
||||
- name: enable worker services
|
||||
import_tasks: enableservices.yaml
|
||||
systemd:
|
||||
name: "matrix-synapse-worker@{{ item.name }}.service"
|
||||
enabled: yes
|
||||
with_items: "{{ workers }}"
|
||||
|
||||
- name: ensure systemd matrix-synapse is enabled
|
||||
systemd:
|
||||
|
@ -102,12 +108,42 @@
|
|||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: copy nagios plugin
|
||||
copy:
|
||||
src: files/check_systemd
|
||||
dest: /usr/lib/monitoring-plugins/check_systemd
|
||||
mode: 0755
|
||||
|
||||
- name: copy nrpe config
|
||||
copy:
|
||||
src: files/nrpe.cfg
|
||||
dest: /etc/nrpe/nrpe.cfg
|
||||
notify: restartnrpe
|
||||
|
||||
- name: start and enable nrpe
|
||||
systemd:
|
||||
name: nrpe
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
# doesnt work?
|
||||
#- name: pip the mjolnir module
|
||||
# pip:
|
||||
# name: "git+https://github.com/matrix-org/mjolnir.git#egg=mjolnir&subdirectory=synapse_antispam"
|
||||
|
||||
|
||||
handlers:
|
||||
- name: restartsynapse
|
||||
systemd:
|
||||
name: matrix-synapse.target
|
||||
state: restarted
|
||||
|
||||
- name: restartnrpe
|
||||
systemd:
|
||||
name: nrpe.service
|
||||
state: restarted
|
||||
|
||||
#### chino.midov.pl
|
||||
|
||||
- name: update nginx
|
||||
become: no
|
|
@ -1,6 +1,20 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39336131343632613632306462306363353464303064633463396661343062613235613233303264
|
||||
6130333332386661623666393165383234613763646334360a393065353737633234383465323166
|
||||
63633534653431376163623936346530663832663237613831383535656336333939616637353632
|
||||
3462326263636139620a303932663439333434643566313865646637643432303731626330616166
|
||||
6366
|
||||
workers:
|
||||
- name: client0
|
||||
- name: client1
|
||||
- name: client2
|
||||
- name: client3
|
||||
- name: client4
|
||||
- name: client5
|
||||
- name: client6
|
||||
- name: worker4
|
||||
- name: worker5
|
||||
- name: worker6
|
||||
- name: receiver0
|
||||
- name: receiver1
|
||||
- name: receiver2
|
||||
- name: persister0
|
||||
- name: persister1
|
||||
- name: persister2
|
||||
- name: frontendproxy
|
||||
|
||||
matrix_server_name: "midov.pl"
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31336130653337666339353434623166636236626563396634386232346237613734636266646634
|
||||
3438643334616631326461363631656461623935336462370a616137313636653565656362366333
|
||||
64326537623339356234346264393430383336333532656265323538613335303663373232653332
|
||||
3763326363386538360a313739376662383661646665366433626537613535616232633832623138
|
||||
31303339333631323834356436346333646637346233353835366365323632393433663864306236
|
||||
62666139363435323635323964383430613464666432346461663637313332313031653763303463
|
||||
37356164616433623262373538613065643564303462626363346665353636643036666465656230
|
||||
34306635313461623234333631323336616564623536343966393933356434323366623635383738
|
||||
61636533623638303635396465306432633765373132626162663233363331633631376131613065
|
||||
37643964656438666564353233663535333037636433626165383630323832626639663834303235
|
||||
37656365343439326663383933333737366331386634323832643238656264623165626536613936
|
||||
39313164616432643562623737373031373564333036303961363533366337396364363263356561
|
||||
32323133353234656337633638303631633761373362366663313663336463353535386335326634
|
||||
30663364373933343637386336663330383533303434303835303963366166636338333138616264
|
||||
31643263633463653039343433666230313463613965623036633630366638663731313533356136
|
||||
36366331653962386365376163623739373261323931646366316332333331363039626161643362
|
||||
66343633663433623030643630646635643333343837373434366661333539616235646433373361
|
||||
31316433373266626134336337316436643163356666303635356264396532666661346235376334
|
||||
63663035656635346332303031316434313331663335633666353762373963306130616566366431
|
||||
31633636303462373161646461363039646135393032643537333139376462346462313931333738
|
||||
35636661613639393334393438313764383562356435303232353231643734363735313831613163
|
||||
36353737613961383137383633653835643930356163343164383464356364623034353163356137
|
||||
31376438386533613239303766363631666537663862663639386362623836356166393038653962
|
||||
66633565616530313364626462643534626636316263346438373964626365386330393439353565
|
||||
35333432333939353264663232333136633130386161303262363366313461623138306633646433
|
||||
30353439623365303662333931653164313266616462353463333430333739646139616135333030
|
||||
33396232653435363263623837396436333130393638626536653662313731343566393931633636
|
||||
61386364643764396632613235333730383630333834376436373436633935313461313065623961
|
||||
35383039353932306634326133623337323237383333613832323131343862316461376131343765
|
||||
38353339616366616362363466666365343436633634613730616430633961646537653464313135
|
||||
64636238383733323666613130636436663730633061626466663464363731616564613435363363
|
||||
63653436316534626133356166623139313436353934666235663362323631393866333164383834
|
||||
39386432353430663634656436343562363937343730363166326364616434303364663061663634
|
||||
34323338633962616636623462363536333530653631393865613632303764616439366238313938
|
||||
35313736366537346239623666303930373636663463653038303933666438653164393139326466
|
||||
39613438323863333039
|
Loading…
Reference in New Issue