Browse Source

feat: more privacy friendly defaults

See #22
pull/27/head
decentral1se 6 months ago
parent
commit
c807a7813d
No known key found for this signature in database
GPG Key ID: 3789458B3D0C410
  1. 14
      .env.sample
  2. 2
      abra.sh
  3. 7
      compose.yml
  4. 30
      homeserver.yaml.tmpl
  5. 4
      log.config.tmpl

14
.env.sample

@ -18,6 +18,20 @@ COMPOSE_FILE="compose.yml"
#AUTO_JOIN_ROOM_ENABLED=1
#AUTO_JOIN_ROOM="#example:example.com"
SQL_LOG_LEVEL=WARN
ROOT_LOG_LEVEL=WARN
REDACTION_RETENTION_PERIOD=7d
RETENTION_MAX_LIFETIME=1m
ENABLE_3PID_LOOKUP=true
USER_IPS_MAX_AGE=1d
#ENABLE_ALLOWLIST=1
#FEDERATION_ALLOWLIST="[]"
#COMPOSE_FILE="compose.yml:compose.keycloak.yml"
#KEYCLOAK_ENABLED=1
#KEYCLOAK_NAME=

2
abra.sh

@ -1,4 +1,4 @@
export ENTRYPOINT_CONF_VERSION=v1
export NGINX_CONFIG_VERSION=v1
export HOMESERVER_YAML_VERSION=v2
export HOMESERVER_YAML_VERSION=v3
export LOG_CONFIG_VERSION=v1

7
compose.yml

@ -16,11 +16,18 @@ services:
- AUTO_JOIN_ROOM_ENABLED
- DISABLE_FEDERATION
- DOMAIN
- ENABLE_3PID_LOOKUP
- ENABLE_ALLOWLIST
- FEDERATION_ALLOWLIST
- LETSENCRYPT_HOST=${DOMAIN}
- REDACTION_RETENTION_PERIOD
- ROOT_LOG_LEVEL
- SQL_LOG_LEVEL
- STACK_NAME
- SYNAPSE_ADMIN_EMAIL
- SYNAPSE_REPORT_STATS=no
- SYNAPSE_SERVER_NAME=${DOMAIN}
- USER_IPS_MAX_AGE
- VIRTUAL_HOST=${DOMAIN}
- VIRTUAL_PORT=8008
networks:

30
homeserver.yaml.tmpl

@ -128,12 +128,12 @@ presence:
# public rooms directory through the client API, meaning that anyone can
# query the room directory. Defaults to 'false'.
#
#allow_public_rooms_without_auth: true
allow_public_rooms_without_auth: false
# If set to 'true', allows any other homeserver to fetch the server's public
# rooms directory via federation. Defaults to 'false'.
#
#allow_public_rooms_over_federation: true
allow_public_rooms_over_federation: false
# The default room version for newly created rooms.
#
@ -468,13 +468,13 @@ limit_remote_rooms:
#
# Defaults to `7d`. Set to `null` to disable.
#
#redaction_retention_period: 28d
redaction_retention_period: {{ env "REDACTION_RETENTION_PERIOD" }}
# How long to track users' last seen time and IPs in the database.
#
# Defaults to `28d`. Set to `null` to disable clearing out of old rows.
#
#user_ips_max_age: 14d
user_ips_max_age: {{ env "USER_IPS_MAX_AGE" }}
# Inhibits the /requestToken endpoints from returning an error that might leak
# information about whether an e-mail address is in use or not on this
@ -533,15 +533,15 @@ retention:
# The message retention policies feature is disabled by default. Uncomment the
# following line to enable it.
#
#enabled: true
enabled: true
# Default retention policy. If set, Synapse will apply it to rooms that lack the
# 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't
# matter much because Synapse doesn't take it into account yet.
#
#default_policy:
# min_lifetime: 1d
# max_lifetime: 1y
default_policy:
min_lifetime: 1d
max_lifetime: {{ env "RETENTION_MAX_LIFETIME" }}
# Retention policy limits. If set, and the state of a room contains a
# 'm.room.retention' event in its state which contains a 'min_lifetime' or a
@ -581,11 +581,11 @@ retention:
# Synapse's database (which is done using the range specified in a purge job's
# configuration).
#
#purge_jobs:
# - longest_max_lifetime: 3d
# interval: 12h
# - shortest_max_lifetime: 3d
# interval: 1d
purge_jobs:
- longest_max_lifetime: 3d
interval: 12h
- shortest_max_lifetime: 3d
interval: 1d
## TLS ##
@ -662,6 +662,8 @@ retention:
# - syd.example.com
{{ if eq (env "DISABLE_FEDERATION") "1" }}
federation_domain_whitelist: []
{{ else if eq (env "ENABLE_ALLOWLIST") "1" }}
federation_domain_whitelist: {{ env "FEDERATION_ALLOWLIST" }}
{{ end }}
# Report prometheus metrics on the age of PDUs being sent to and received from
@ -1204,7 +1206,7 @@ turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
# Enable 3PIDs lookup requests to identity servers from this server.
#
#enable_3pid_lookup: true
enable_3pid_lookup: {{ env "ENABLE_3PID_LOOKUP" }}
# Require users to submit a token during registration.
# Tokens can be managed using the admin API:

4
log.config.tmpl

@ -11,10 +11,10 @@ handlers:
loggers:
synapse.storage.SQL:
level: INFO
level: {{ env "SQL_LOG_LEVEL" }}
root:
level: INFO
level: {{ env "ROOT_LOG_LEVEL" }}
handlers: [console]
disable_existing_loggers: false

Loading…
Cancel
Save