diff --git a/.env.sample b/.env.sample index 4cffa95..5f449fb 100644 --- a/.env.sample +++ b/.env.sample @@ -68,6 +68,14 @@ ENCRYPTED_BY_DEFAULT=all # Set these to keyservers you trust - usually the same as your federation allowlist #TRUSTED_KEYSERVERS="trusted_key_servers:\n - server_name: 'example.com'\n - server_name: 'example2.com'" +# some optional configs to increase privacy and security +#REQUIRE_AUTH_FOR_PROFILE_REQUESTS=true +#LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS=true +#DELETE_STALE_DEVICES_AFTER=1y +#SESSION_LIFETIME=60d +#TRACK_PUPPETED_USER_IPS=true + + ## Retention ALLOWED_LIFETIME_MAX=4w @@ -126,6 +134,13 @@ RETENTION_MAX_LIFETIME=4w #SMTP_USER= #SECRET_SMTP_PASSWORD_VERSION=v1 +## USER-DIRECTORY + +#USER_DIRECTORY_ENABLED=true +#USER_DIRECTORY_SEARCH_ALL_USERS=true +#USER_DIRECTORY_PREFER_LOCAL_USERS=true +#USER_DIRECTORY_SHOW_LOCKED_USERS=false + ## App services #APP_SERVICES_ENABLED=1 diff --git a/abra.sh b/abra.sh index f7e3a93..76f9495 100644 --- a/abra.sh +++ b/abra.sh @@ -1,6 +1,6 @@ export DISCORD_BRIDGE_YAML_VERSION=v2 export ENTRYPOINT_CONF_VERSION=v3 -export HOMESERVER_YAML_VERSION=v30 +export HOMESERVER_YAML_VERSION=v31 export LOG_CONFIG_VERSION=v2 export SHARED_SECRET_AUTH_VERSION=v2 export SIGNAL_BRIDGE_YAML_VERSION=v6 diff --git a/compose.yml b/compose.yml index 0ddd2ac..abd6e89 100644 --- a/compose.yml +++ b/compose.yml @@ -55,7 +55,16 @@ services: - ENABLE_REGISTRATION - REGISTRATION_REQUIRES_TOKEN - ENCRYPTED_BY_DEFAULT + - USER_DIRECTORY_ENABLED=${USER_DIRECTORY_ENABLED:-true} + - USER_DIRECTORY_SEARCH_ALL_USERS=${USER_DIRECTORY_SEARCH_ALL_USERS:-true} + - USER_DIRECTORY_PREFER_LOCAL_USERS=${USER_DIRECTORY_PREFER_LOCAL_USERS:-true} + - USER_DIRECTORY_SHOW_LOCKED_USERS=${USER_DIRECTORY_SHOW_LOCKED_USERS:-false} - FEDERATION_ALLOWLIST + - REQUIRE_AUTH_FOR_PROFILE_REQUESTS=${REQUIRE_AUTH_FOR_PROFILE_REQUESTS:-false} + - LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS=${LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS:-false} + - DELETE_STALE_DEVICES_AFTER + - SESSION_LIFETIME + - TRACK_PUPPETED_USER_IPS=${TRACK_PUPPETED_USER_IPS:-false} - LETSENCRYPT_HOST=${DOMAIN} - MEDIA_RETENTION_LOCAL_LIFETIME - MEDIA_RETENTION_REMOTE_LIFETIME diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl index 9e40d9f..c020f79 100644 --- a/homeserver.yaml.tmpl +++ b/homeserver.yaml.tmpl @@ -16,6 +16,12 @@ server_name: {{ or (env "SERVER_NAME") (env "DOMAIN") }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#public_baseurl public_baseurl: https://{{ env "DOMAIN" }}/ +# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#require_auth_for_profile_requests +require_auth_for_profile_requests: {{ env "REQUIRE_AUTH_FOR_PROFILE_REQUESTS" }} + +# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_profile_requests_to_users_who_share_rooms +limit_profile_requests_to_users_who_share_rooms: {{ env "LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS" }} + # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#serve_server_wellknown serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }} @@ -52,6 +58,11 @@ listeners: {{ end }} {{ end }} +# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#delete_stale_devices_after +{{ if (env "DELETE_STALE_DEVICES_AFTER") }} +delete_stale_devices_after: {{ env "DELETE_STALE_DEVICES_AFTER" }} +{{ end }} + # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#admin_contact admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}' @@ -132,6 +143,7 @@ turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_registration enable_registration: {{ env "ENABLE_REGISTRATION" }} +# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_requires_token registration_requires_token: {{ env "REGISTRATION_REQUIRES_TOKEN" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_3pid_lookup @@ -149,9 +161,17 @@ auto_join_rooms: - "{{ env "AUTO_JOIN_ROOM" }}" {{ end }} +# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#session_lifetime +{{ if (env "SESSION_LIFETIME") }} +session_lifetime: {{ env "SESSION_LIFETIME" }} +{{ end }} + # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#report_stats report_stats: false +# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#track_puppeted_user_ips +track_puppeted_user_ips: {{ env "TRACK_PUPPETED_USER_IPS" }} + {{ if eq (env "APP_SERVICES_ENABLED") "1" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#app_service_config_files app_service_config_files: {{ env "APP_SERVICE_CONFIGS" }} @@ -248,9 +268,10 @@ encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_directory user_directory: - enabled: true - search_all_users: true - prefer_local_users: true + enabled: {{ env "USER_DIRECTORY_ENABLED" }} + search_all_users: {{ env "USER_DIRECTORY_SEARCH_ALL_USERS" }} + prefer_local_users: {{ env "USER_DIRECTORY_PREFER_LOCAL_USERS" }} + show_locked_users: {{ env "USER_DIRECTORY_SHOW_LOCKED_USERS" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_retention media_retention: