f05ce478f0
* Add Pushserver component with Pushers API Co-authored-by: Tommie Gannert <tommie@gannert.se> Co-authored-by: Dan Peleg <dan@globekeeper.com> * Wire Pushserver component Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> * Add PushGatewayClient. The full event format is required for Sytest. * Add a pushrules module. * Change user API account creation to use the new pushrules module's defaults. Introduces "scope" as required by client API, and some small field tweaks to make some 61push Sytests pass. * Add push rules query/put API in Pushserver. This manipulates account data over User API, and fires sync messages for changes. Those sync messages should, according to an existing TODO in clientapi, be moved to userapi. Forks clientapi/producers/syncapi.go to pushserver/ for later extension. * Add clientapi routes for push rules to Pushserver. A cleanup would be to move more of the name-splitting logic into pushrules.go, to depollute routing.go. * Output rooms.join.unread_notifications in /sync. This is the read-side. Pushserver will be the write-side. * Implement pushserver/storage for notifications. * Use PushGatewayClient and the pushrules module in Pushserver's room consumer. * Use one goroutine per user to avoid locking up the entire server for one bad push gateway. * Split pushing by format. * Send one device per push. Sytest does not support coalescing multiple devices into one push. Matches Synapse. Either we change Sytest, or remove the group-by-url-and-format logic. * Write OutputNotificationData from push server. Sync API is already the consumer. * Implement read receipt consumers in Pushserver. Supports m.read and m.fully_read receipts. * Add clientapi route for /unstable/notifications. * Rename to UpsertPusher for clarity and handle pusher update * Fix linter errors * Ignore body.Close() error check * Fix push server internal http wiring * Add 40 newly passing 61push tests to whitelist * Add next 12 newly passing 61push tests to whitelist * Send notification data before notifying users in EDU server consumer * NATS JetStream * Goodbye sarama * Fix `NewStreamTokenFromString` * Consume on the correct topic for the roomserver * Don't panic, NAK instead * Move push notifications into the User API * Don't set null values since that apparently causes Element upsetti * Also set omitempty on conditions * Fix bug so that we don't override the push rules unnecessarily * Tweak defaults * Update defaults * More tweaks * Move `/notifications` onto `r0`/`v3` mux * User API will consume events and read/fully read markers from the sync API with stream positions, instead of consuming directly Co-authored-by: Piotr Kozimor <p1996k@gmail.com> Co-authored-by: Tommie Gannert <tommie@gannert.se> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
355 lines
12 KiB
YAML
355 lines
12 KiB
YAML
# This is the Dendrite configuration file.
|
|
#
|
|
# The configuration is split up into sections - each Dendrite component has a
|
|
# configuration section, in addition to the "global" section which applies to
|
|
# all components.
|
|
#
|
|
# At a minimum, to get started, you will need to update the settings in the
|
|
# "global" section for your deployment, and you will need to check that the
|
|
# database "connection_string" line in each component section is correct.
|
|
#
|
|
# Each component with a "database" section can accept the following formats
|
|
# for "connection_string":
|
|
# SQLite: file:filename.db
|
|
# file:///path/to/filename.db
|
|
# PostgreSQL: postgresql://user:pass@hostname/database?params=...
|
|
#
|
|
# SQLite is embedded into Dendrite and therefore no further prerequisites are
|
|
# needed for the database when using SQLite mode. However, performance with
|
|
# PostgreSQL is significantly better and recommended for multi-user deployments.
|
|
# SQLite is typically around 20-30% slower than PostgreSQL when tested with a
|
|
# small number of users and likely will perform worse still with a higher volume
|
|
# of users.
|
|
#
|
|
# The "max_open_conns" and "max_idle_conns" settings configure the maximum
|
|
# number of open/idle database connections. The value 0 will use the database
|
|
# engine default, and a negative value will use unlimited connections. The
|
|
# "conn_max_lifetime" option controls the maximum length of time a database
|
|
# connection can be idle in seconds - a negative value is unlimited.
|
|
|
|
# The version of the configuration file.
|
|
version: 2
|
|
|
|
# Global Matrix configuration. This configuration applies to all components.
|
|
global:
|
|
# The domain name of this homeserver.
|
|
server_name: example.com
|
|
|
|
# The path to the signing private key file, used to sign requests and events.
|
|
private_key: matrix_key.pem
|
|
|
|
# The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
|
|
# to old signing private keys that were formerly in use on this domain. These
|
|
# keys will not be used for federation request or event signing, but will be
|
|
# provided to any other homeserver that asks when trying to verify old events.
|
|
# old_private_keys:
|
|
# - private_key: old_matrix_key.pem
|
|
# expired_at: 1601024554498
|
|
|
|
# How long a remote server can cache our server signing key before requesting it
|
|
# again. Increasing this number will reduce the number of requests made by other
|
|
# servers for our key but increases the period that a compromised key will be
|
|
# considered valid by other homeservers.
|
|
key_validity_period: 168h0m0s
|
|
|
|
# The server name to delegate server-server communications to, with optional port
|
|
# e.g. localhost:443
|
|
well_known_server_name: ""
|
|
|
|
# Lists of domains that the server will trust as identity servers to verify third
|
|
# party identifiers such as phone numbers and email addresses.
|
|
trusted_third_party_id_servers:
|
|
- matrix.org
|
|
- vector.im
|
|
|
|
# Configuration for NATS JetStream
|
|
jetstream:
|
|
# A list of NATS Server addresses to connect to. If none are specified, an
|
|
# internal NATS server will be started automatically when running Dendrite
|
|
# in monolith mode. It is required to specify the address of at least one
|
|
# NATS Server node if running in polylith mode.
|
|
addresses:
|
|
- jetstream:4222
|
|
|
|
# Keep all NATS streams in memory, rather than persisting it to the storage
|
|
# path below. This option is present primarily for integration testing and
|
|
# should not be used on a real world Dendrite deployment.
|
|
in_memory: false
|
|
|
|
# Persistent directory to store JetStream streams in. This directory
|
|
# should be preserved across Dendrite restarts.
|
|
storage_path: ./
|
|
|
|
# The prefix to use for stream names for this homeserver - really only
|
|
# useful if running more than one Dendrite on the same NATS deployment.
|
|
topic_prefix: Dendrite
|
|
|
|
# Configuration for Prometheus metric collection.
|
|
metrics:
|
|
# Whether or not Prometheus metrics are enabled.
|
|
enabled: false
|
|
|
|
# HTTP basic authentication to protect access to monitoring.
|
|
basic_auth:
|
|
username: metrics
|
|
password: metrics
|
|
|
|
# DNS cache options. The DNS cache may reduce the load on DNS servers
|
|
# if there is no local caching resolver available for use.
|
|
dns_cache:
|
|
# Whether or not the DNS cache is enabled.
|
|
enabled: false
|
|
|
|
# Maximum number of entries to hold in the DNS cache, and
|
|
# for how long those items should be considered valid in seconds.
|
|
cache_size: 256
|
|
cache_lifetime: 300
|
|
|
|
# Configuration for the Appservice API.
|
|
app_service_api:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7777
|
|
connect: http://appservice_api:7777
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_appservice?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Appservice configuration files to load into this homeserver.
|
|
config_files: []
|
|
|
|
# Configuration for the Client API.
|
|
client_api:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7771
|
|
connect: http://client_api:7771
|
|
external_api:
|
|
listen: http://0.0.0.0:8071
|
|
|
|
# Prevents new users from being able to register on this homeserver, except when
|
|
# using the registration shared secret below.
|
|
registration_disabled: false
|
|
|
|
# If set, allows registration by anyone who knows the shared secret, regardless of
|
|
# whether registration is otherwise disabled.
|
|
registration_shared_secret: ""
|
|
|
|
# Whether to require reCAPTCHA for registration.
|
|
enable_registration_captcha: false
|
|
|
|
# Settings for ReCAPTCHA.
|
|
recaptcha_public_key: ""
|
|
recaptcha_private_key: ""
|
|
recaptcha_bypass_secret: ""
|
|
recaptcha_siteverify_api: ""
|
|
|
|
# TURN server information that this homeserver should send to clients.
|
|
turn:
|
|
turn_user_lifetime: ""
|
|
turn_uris: []
|
|
turn_shared_secret: ""
|
|
turn_username: ""
|
|
turn_password: ""
|
|
|
|
# Settings for rate-limited endpoints. Rate limiting will kick in after the
|
|
# threshold number of "slots" have been taken by requests from a specific
|
|
# host. Each "slot" will be released after the cooloff time in milliseconds.
|
|
rate_limiting:
|
|
enabled: true
|
|
threshold: 5
|
|
cooloff_ms: 500
|
|
|
|
# Configuration for the EDU server.
|
|
edu_server:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7778
|
|
connect: http://edu_server:7778
|
|
|
|
# Configuration for the Federation API.
|
|
federation_api:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7772
|
|
connect: http://federation_api:7772
|
|
external_api:
|
|
listen: http://0.0.0.0:8072
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_federationapi?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# List of paths to X.509 certificates to be used by the external federation listeners.
|
|
# These certificates will be used to calculate the TLS fingerprints and other servers
|
|
# will expect the certificate to match these fingerprints. Certificates must be in PEM
|
|
# format.
|
|
federation_certificates: []
|
|
|
|
# How many times we will try to resend a failed transaction to a specific server. The
|
|
# backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc.
|
|
send_max_retries: 16
|
|
|
|
# Disable the validation of TLS certificates of remote federated homeservers. Do not
|
|
# enable this option in production as it presents a security risk!
|
|
disable_tls_validation: false
|
|
|
|
# Use the following proxy server for outbound federation traffic.
|
|
proxy_outbound:
|
|
enabled: false
|
|
protocol: http
|
|
host: localhost
|
|
port: 8080
|
|
|
|
# Perspective keyservers to use as a backup when direct key fetches fail. This may
|
|
# be required to satisfy key requests for servers that are no longer online when
|
|
# joining some rooms.
|
|
key_perspectives:
|
|
- server_name: matrix.org
|
|
keys:
|
|
- key_id: ed25519:auto
|
|
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
|
|
- key_id: ed25519:a_RXGa
|
|
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
|
|
|
|
# This option will control whether Dendrite will prefer to look up keys directly
|
|
# or whether it should try perspective servers first, using direct fetches as a
|
|
# last resort.
|
|
prefer_direct_fetch: false
|
|
|
|
# Configuration for the Key Server (for end-to-end encryption).
|
|
key_server:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7779
|
|
connect: http://key_server:7779
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_keyserver?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Configuration for the Media API.
|
|
media_api:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7774
|
|
connect: http://media_api:7774
|
|
external_api:
|
|
listen: http://0.0.0.0:8074
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_mediaapi?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Storage path for uploaded media. May be relative or absolute.
|
|
base_path: /var/dendrite/media
|
|
|
|
# The maximum allowed file size (in bytes) for media uploads to this homeserver
|
|
# (0 = unlimited).
|
|
max_file_size_bytes: 10485760
|
|
|
|
# Whether to dynamically generate thumbnails if needed.
|
|
dynamic_thumbnails: false
|
|
|
|
# The maximum number of simultaneous thumbnail generators to run.
|
|
max_thumbnail_generators: 10
|
|
|
|
# A list of thumbnail sizes to be generated for media content.
|
|
thumbnail_sizes:
|
|
- width: 32
|
|
height: 32
|
|
method: crop
|
|
- width: 96
|
|
height: 96
|
|
method: crop
|
|
- width: 640
|
|
height: 480
|
|
method: scale
|
|
|
|
# Configuration for experimental MSC's
|
|
mscs:
|
|
# A list of enabled MSC's
|
|
# Currently valid values are:
|
|
# - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
|
|
# - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
|
|
mscs: []
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_mscs?sslmode=disable
|
|
max_open_conns: 5
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Configuration for the Room Server.
|
|
room_server:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7770
|
|
connect: http://room_server:7770
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_roomserver?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Configuration for the Sync API.
|
|
sync_api:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7773
|
|
connect: http://sync_api:7773
|
|
external_api:
|
|
listen: http://0.0.0.0:8073
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_syncapi?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Configuration for the User API.
|
|
user_api:
|
|
internal_api:
|
|
listen: http://0.0.0.0:7781
|
|
connect: http://user_api:7781
|
|
account_database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_userapi_accounts?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
device_database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_userapi_devices?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Configuration for the Push Server API.
|
|
push_server:
|
|
internal_api:
|
|
listen: http://localhost:7782
|
|
connect: http://localhost:7782
|
|
database:
|
|
connection_string: postgresql://dendrite:itsasecret@postgres/dendrite_pushserver?sslmode=disable
|
|
max_open_conns: 10
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
|
|
# Configuration for Opentracing.
|
|
# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
|
|
# how this works and how to set it up.
|
|
tracing:
|
|
enabled: false
|
|
jaeger:
|
|
serviceName: ""
|
|
disabled: false
|
|
rpc_metrics: false
|
|
tags: []
|
|
sampler: null
|
|
reporter: null
|
|
headers: null
|
|
baggage_restrictions: null
|
|
throttler: null
|
|
|
|
# Logging configuration, in addition to the standard logging that is sent to
|
|
# stdout by Dendrite.
|
|
logging:
|
|
- type: file
|
|
level: info
|
|
params:
|
|
path: /var/log/dendrite
|