From a793b482784ee437ddccf134371ad7bc669f60f6 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Mon, 11 Apr 2022 11:48:01 +0100 Subject: [PATCH] Remove Synapse-specific dockerfiles https://github.com/matrix-org/synapse/pull/12404 moved these to the Synapse repo. --- .github/workflows/ci.yaml | 6 +- README.md | 15 ++- dockerfiles/README.md | 2 +- dockerfiles/Synapse.Dockerfile | 36 ------- dockerfiles/SynapseWorkers.Dockerfile | 73 ------------- dockerfiles/keys/README.md | 9 -- dockerfiles/keys/ca.crt | 21 ---- dockerfiles/keys/ca.key | 27 ----- dockerfiles/synapse/caddy.complement.json | 76 -------------- dockerfiles/synapse/homeserver.yaml | 121 ---------------------- dockerfiles/synapse/log_config.yaml | 24 ----- dockerfiles/synapse/start.sh | 28 ----- dockerfiles/synapse/workers-shared.yaml | 77 -------------- 13 files changed, 14 insertions(+), 501 deletions(-) delete mode 100644 dockerfiles/Synapse.Dockerfile delete mode 100644 dockerfiles/SynapseWorkers.Dockerfile delete mode 100644 dockerfiles/keys/README.md delete mode 100644 dockerfiles/keys/ca.crt delete mode 100644 dockerfiles/keys/ca.key delete mode 100644 dockerfiles/synapse/caddy.complement.json delete mode 100644 dockerfiles/synapse/homeserver.yaml delete mode 100644 dockerfiles/synapse/log_config.yaml delete mode 100755 dockerfiles/synapse/start.sh delete mode 100644 dockerfiles/synapse/workers-shared.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 370f7099..eca0aa4d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -68,13 +68,13 @@ jobs: # Build homeserver image # Build the base Synapse dockerfile and then build a Complement-specific image from that base. - - run: docker build -t matrixdotorg/synapse:latest -f docker/Dockerfile . + - run: | + docker build -t matrixdotorg/synapse:latest -f docker/Dockerfile . + docker build -t homeserver -f docker/complement/Dockerfile docker/compelment if: ${{ matrix.homeserver == 'Synapse' }} working-directory: homeserver env: DOCKER_BUILDKIT: 1 - - run: docker build -t homeserver -f dockerfiles/${{ matrix.homeserver }}.Dockerfile dockerfiles/ - if: ${{ matrix.homeserver == 'Synapse' }} # Build the Complement-specific dendrite image from the dockerfile in the Dendrite repo. # We don't use the dockerfiles in the Complement repo as they tend to get stale quickly. diff --git a/README.md b/README.md index e76f509d..cda80a74 100644 --- a/README.md +++ b/README.md @@ -51,17 +51,22 @@ $ COMPLEMENT_BASE_IMAGE=complement-dendrite:latest go test -v ./tests/... If you're looking to run Complement against a local dev instance of Synapse, see [`matrix-org/synapse` -> `scripts-dev/complement.sh`](https://github.com/matrix-org/synapse/blob/develop/scripts-dev/complement.sh). -If you want to develop Complement tests while working on a local dev instance of Synapse, use the [`scripts-dev/complement.sh`](https://github.com/matrix-org/synapse/blob/develop/scripts-dev/complement.sh) script and set the `COMPLEMENT_DIR` environment variable to the filepath of your local Complement checkout. A regex that matches against test names can also be supplied as an argument to the script, i.e: +If you want to develop Complement tests while working on a local dev instance +of Synapse, use the +[`scripts-dev/complement.sh`](https://github.com/matrix-org/synapse/blob/develop/scripts-dev/complement.sh) +script and set the `COMPLEMENT_DIR` environment variable to the filepath of +your local Complement checkout. Arguments to `go test` can be supplied as an argument to the script, e.g.: ```sh -COMPLEMENT_DIR=/path/to/complement scripts-dev/complement.sh "TestOutboundFederation(Profile|Send)" +COMPLEMENT_DIR=/path/to/complement scripts-dev/complement.sh -run "TestOutboundFederation(Profile|Send)" ``` -To run Complement against a specific release of Synapse, set the -`SYNAPSE_VERSION` build argument. For example: +To run Complement against a specific release of Synapse, build the +"complement-synapse" image with a `SYNAPSE_VERSION` build argument. For +example: ```sh -docker build -t complement-synapse:v1.36.0 -f dockerfiles/Synapse.Dockerfile --build-arg=SYNAPSE_VERSION=v1.36.0 dockerfiles +(cd synapse && docker build -t complement-synapse:v1.36.0 -f docker/complement/Dockerfile --build-arg=SYNAPSE_VERSION=v1.36.0 docker/complement) COMPLEMENT_BASE_IMAGE=complement-synapse:v1.36.0 go test ./tests/... ``` diff --git a/dockerfiles/README.md b/dockerfiles/README.md index 2eff79d1..48c81b53 100644 --- a/dockerfiles/README.md +++ b/dockerfiles/README.md @@ -6,4 +6,4 @@ end up copying the Dockerfiles in this directory to their own repository. In an duplication, we now point to dockerfiles in respective repositories rather than have them directly here. - Dendrite: https://github.com/matrix-org/dendrite/blob/v0.6.3/build/scripts/Complement.Dockerfile -- Synapse: https://github.com/matrix-org/synapse/blob/v1.52.0/scripts-dev/complement.sh +- Synapse: https://github.com/matrix-org/synapse/blob/develop/docker/complement/Dockerfile diff --git a/dockerfiles/Synapse.Dockerfile b/dockerfiles/Synapse.Dockerfile deleted file mode 100644 index fe86cc5d..00000000 --- a/dockerfiles/Synapse.Dockerfile +++ /dev/null @@ -1,36 +0,0 @@ -# A dockerfile which builds an image suitable for testing Synapse under -# complement. -# -# Currently this is based on the published 'synapse:latest' image -- ie, the -# most recent Synapse release. -# -# Also... none of the tests seem to pass yet. They do run though. -# -# To use it: -# -# (cd dockerfiles && docker build -t complement-synapse -f Synapse.Dockerfile .) -# COMPLEMENT_BASE_IMAGE=complement-synapse go test -v ./tests - -ARG SYNAPSE_VERSION=latest - -FROM matrixdotorg/synapse:${SYNAPSE_VERSION} - -ENV SERVER_NAME=localhost - -COPY synapse/* /conf/ -COPY keys/* /ca/ - -# SSL key for the server (can't make the cert until we know the server name) -RUN openssl genrsa -out /conf/server.tls.key 2048 - -# generate a signing key -RUN generate_signing_key -o /conf/server.signing.key - -WORKDIR /data - -EXPOSE 8008 8448 - -ENTRYPOINT ["/conf/start.sh"] - -HEALTHCHECK --start-period=5s --interval=1s --timeout=1s \ - CMD curl -fSs http://localhost:8008/health || exit 1 diff --git a/dockerfiles/SynapseWorkers.Dockerfile b/dockerfiles/SynapseWorkers.Dockerfile deleted file mode 100644 index 1b420282..00000000 --- a/dockerfiles/SynapseWorkers.Dockerfile +++ /dev/null @@ -1,73 +0,0 @@ -# This dockerfile builds on top of 'docker/Dockerfile-worker' in matrix-org/synapse -# by including a built-in postgres instance, as well as setting up the homeserver so -# that it is ready for testing via Complement. -# -# Instructions for building this image from those it depends on is detailed in this guide: -# https://github.com/matrix-org/synapse/blob/develop/docker/README-testing.md#testing-with-postgresql-and-single-or-multi-process-synapse -FROM matrixdotorg/synapse-workers - -# Download a caddy server to stand in front of nginx and terminate TLS using Complement's -# custom CA. -# We include this near the top of the file in order to cache the result. -RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.3.0/caddy_2.3.0_linux_amd64.tar.gz" && \ - tar xzf caddy_2.3.0_linux_amd64.tar.gz && rm caddy_2.3.0_linux_amd64.tar.gz && mv caddy /root - -# Install postgresql -RUN apt-get update -RUN apt-get install -y postgresql - -# Configure a user and create a database for Synapse -RUN pg_ctlcluster 13 main start && su postgres -c "echo \ - \"ALTER USER postgres PASSWORD 'somesecret'; \ - CREATE DATABASE synapse \ - ENCODING 'UTF8' \ - LC_COLLATE='C' \ - LC_CTYPE='C' \ - template=template0;\" | psql" && pg_ctlcluster 13 main stop - -# Modify the shared homeserver config with postgres support, certificate setup -# and the disabling of rate-limiting -COPY synapse/workers-shared.yaml /conf/workers/shared.yaml - -WORKDIR /data - -# Copy the caddy config -COPY synapse/caddy.complement.json /root/caddy.json - -# Expose caddy's listener ports -EXPOSE 8008 8448 - -ENTRYPOINT \ - # Replace the server name in the caddy config - sed -i "s/{{ server_name }}/${SERVER_NAME}/g" /root/caddy.json && \ - # Start postgres - pg_ctlcluster 13 main start 2>&1 && \ - # Start caddy - /root/caddy start --config /root/caddy.json 2>&1 && \ - # Set the server name of the homeserver - SYNAPSE_SERVER_NAME=${SERVER_NAME} \ - # No need to report stats here - SYNAPSE_REPORT_STATS=no \ - # Set postgres authentication details which will be placed in the homeserver config file - POSTGRES_PASSWORD=somesecret POSTGRES_USER=postgres POSTGRES_HOST=localhost \ - # Specify the workers to test with - SYNAPSE_WORKER_TYPES="\ - event_persister, \ - event_persister, \ - background_worker, \ - frontend_proxy, \ - event_creator, \ - user_dir, \ - media_repository, \ - federation_inbound, \ - federation_reader, \ - federation_sender, \ - synchrotron, \ - appservice, \ - pusher" \ - # Run the script that writes the necessary config files and starts supervisord, which in turn - # starts everything else - /configure_workers_and_start.py - -HEALTHCHECK --start-period=5s --interval=1s --timeout=1s \ - CMD /bin/sh /healthcheck.sh diff --git a/dockerfiles/keys/README.md b/dockerfiles/keys/README.md deleted file mode 100644 index 443266fc..00000000 --- a/dockerfiles/keys/README.md +++ /dev/null @@ -1,9 +0,0 @@ -This directory contains a key and certificate for a dummy Certificate -Authority. This is used to create certificates for the servers under test. - -The files were generated with: - -``` -openssl genrsa -out ca.key 2048 -openssl req -new -x509 -key ca.key -days 3650 -subj "/C=GB/ST=London/O=matrix.org/CN=Complement CA" -out ca.crt -``` diff --git a/dockerfiles/keys/ca.crt b/dockerfiles/keys/ca.crt deleted file mode 100644 index 8539ff19..00000000 --- a/dockerfiles/keys/ca.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIUDZUl0q5DMzWkd/fev4gJurDpuH8wDQYJKoZIhvcNAQEL -BQAwSzELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjETMBEGA1UECgwKbWF0 -cml4Lm9yZzEWMBQGA1UEAwwNQ29tcGxlbWVudCBDQTAeFw0yMDA4MDUxMjAyMDRa -Fw0zMDA4MDMxMjAyMDRaMEsxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24x -EzARBgNVBAoMCm1hdHJpeC5vcmcxFjAUBgNVBAMMDUNvbXBsZW1lbnQgQ0EwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9LfS/T0Y72b9j+M7/43Hry+Cf -UUt7iym5z14su8cve545ceT3Y1SRwrGWRy8GuvhgQyVTzvgslwdsLYwVEaK1ZsWQ -7l+UBD128HWCSo/OFMV3j+allMzj4PO3PnMcU1cq6HuTlYeAFlOelLB7FUGFmOzc -c829XHWvDD/Hjz+SQ4E11nftHyu6Chw+Razfcftzp+qLjozjHeXMLI09peiy65zp -DGYhiB78vTCjtioNlMZ5bTrI5PAG3O0nY0NAiAqrGgijpbJdYigf2vcJ8UQ6e0LH -0nTIhITxRd+hN+FGbsLe+OtzaaEkgdtxQrtjAq7wjsxbchNDjnqh/eTJwBaPAgMB -AAGjUzBRMB0GA1UdDgQWBBRNM7hzjkBvs7Rmw4I7g4wpEy53nDAfBgNVHSMEGDAW -gBRNM7hzjkBvs7Rmw4I7g4wpEy53nDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 -DQEBCwUAA4IBAQAOfCmPTM9NFPbVwu003kbOPfbtHULlDyMvx4LRiYmpvxfpFjGy -Xp2p/ZqzFHvyT5QcCFrkOoQlX8tIzr8KZqbemf2aWfdRzqT1VG7ADErNfQ2JOjLo -jptliOWcnknmCi8elGjBxVmAqWfDyQKYeiK2AyrJywMLr45UlrxRh03d81TaTRYk -rRHMMKJ3iKb8HQKlrfjQrYCCCSzNkp0RP/TyhpB4qIZDg9AbhUlXn24bQ/Gpq9Hw -pGmYXObJ8Uid7SICxxeFm42Nc8Orke+yw77glcQEumLJM0TqzR1UV3aTyE0qrXeG -R8e6WTemuXtcDEeo1MzCwW/75Sd/1exbs2dW ------END CERTIFICATE----- diff --git a/dockerfiles/keys/ca.key b/dockerfiles/keys/ca.key deleted file mode 100644 index 98dae8d4..00000000 --- a/dockerfiles/keys/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAvS30v09GO9m/Y/jO/+Nx68vgn1FLe4spuc9eLLvHL3ueOXHk -92NUkcKxlkcvBrr4YEMlU874LJcHbC2MFRGitWbFkO5flAQ9dvB1gkqPzhTFd4/m -pZTM4+Dztz5zHFNXKuh7k5WHgBZTnpSwexVBhZjs3HPNvVx1rww/x48/kkOBNdZ3 -7R8rugocPkWs33H7c6fqi46M4x3lzCyNPaXosuuc6QxmIYge/L0wo7YqDZTGeW06 -yOTwBtztJ2NDQIgKqxoIo6WyXWIoH9r3CfFEOntCx9J0yISE8UXfoTfhRm7C3vjr -c2mhJIHbcUK7YwKu8I7MW3ITQ456of3kycAWjwIDAQABAoIBAQCt+ctw/IiMlg2q -9K/5J8Qmo1IpcevG7A4tcQUcgnwFsNur3JBC6jhl6/TBTSl0ORIeBOIZFueoqiQL -Wj/PSG6oAKGETZPcXaHg9fY7IjLpxLRs5gupDxT2JHQ9etMFo6cwMKkk6oi4RNAV -sIw0RTICmMaLXnxAvv0DRHKLJbPC33gvJCwXg4PJ8JWkrfn6EdExWTT5V6OSBJW3 -W7hwUp7cZ03yXZg8KLt8A3ZwFA1jSNtgISbGojcjV++ylK8xMV7NOVvBwcGQHOCi -pwvjoHMc2SqpssgsyHPg5s/ZvgNWqMBQms24Sb0tAS3HASiPjL72Oc69kuqTPfbN -Pn24VDBBAoGBAOpAtH/kZOGBe/NEQWUrpnseteQE/482udWt9+3H3VPW8cCYzVWf -xV/anj18wtx+nxZgMtu6p5NiU2Tx1OQLOJElKPqd+MOcYeDm+IutRnNETP4i+2P7 -8HXUAEySZCz4W2ettznnMGHKINV2LEv4v3yMtvVPx/GtTLk7m8axSfEfAoGBAM6+ -CCwpUQwKACQClwNkmrvpWmuj+XkiXJr6rnGNZ2akPSpz7YAbre9kDCGYyo3gsKmP -xmRs6dbHWqbSyCxu+zhjgqGYKsyLcAUHxGDeH2q8Cf8Bf6Jw6dtW5CHka4QIbq7W -hAFFCXTPQM59cOjxbCzQJwb8by7bChhpALVl/PyRAoGAHE4rQVTot7L8tj1mJYJr -wG7Kjb3o33Y+aEp4Ldw7qzjKx3nvPcxrfhSdkFJ1/UyzjnGbU5+vRgjYiNcL4W5V -rHwwAnB6MbDAxvtBxybt31m+b+rsM32q5aHzU01RG3n7GYENJcsAtqBE7WY1Hgz1 -nmgmZ2f3ggVtwugn/49GnwMCgYEAmnOr5Vokm2rpOf3ZVgaV9ubZz2rcWNwL9Rhs -tJagdjUjIREkkL2dDyheS8c7JA2FzdeErsgTVorutYzpURDEjBcDo7fr2Y4ebROl -aXzoWbQLf8Bd2zyh6WSb4JomnKg0EFhgnBY4f1TKpLlgXhbm6v/C+FwksAuiGiRw -DBUakJECgYEAmHcPSXefohshJIflTs8u/M4FMt9scJMXZuOp6npLOKIZp1KuxTst -Kh3GCI51kJI68XvXxPNrNAQ6ay1Ayp/CwCnlkGYTJeACno4u94fgbQBsRLksRM6g -JvQZtOvi5OqrnVz2iTWJhtInV/dIbUtv+yJ9hYOa7AtP3AhiDVePvts= ------END RSA PRIVATE KEY----- diff --git a/dockerfiles/synapse/caddy.complement.json b/dockerfiles/synapse/caddy.complement.json deleted file mode 100644 index db739c60..00000000 --- a/dockerfiles/synapse/caddy.complement.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":8448" - ], - "routes": [ - { - "match": [ - { - "host": [ - "{{ server_name }}" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "handler": "reverse_proxy", - "upstreams": [ - { - "dial": "localhost:8008" - } - ] - } - ] - } - ] - } - ], - "terminal": true - } - ] - } - } - }, - "tls": { - "automation": { - "policies": [ - { - "subjects": [ - "{{ server_name }}" - ], - "issuers": [ - { - "module": "internal" - } - ], - "on_demand": true - } - ] - } - }, - "pki": { - "certificate_authorities": { - "local": { - "name": "Complement CA", - "root": { - "certificate": "/ca/ca.crt", - "private_key": "/ca/ca.key" - }, - "intermediate": { - "certificate": "/ca/ca.crt", - "private_key": "/ca/ca.key" - } - } - } - } - } - } diff --git a/dockerfiles/synapse/homeserver.yaml b/dockerfiles/synapse/homeserver.yaml deleted file mode 100644 index 7eda24ee..00000000 --- a/dockerfiles/synapse/homeserver.yaml +++ /dev/null @@ -1,121 +0,0 @@ -## Server ## - -server_name: SERVER_NAME -log_config: /conf/log_config.yaml -report_stats: False -signing_key_path: /conf/server.signing.key -trusted_key_servers: [] -enable_registration: true -enable_registration_without_verification: true - -## Listeners ## - -tls_certificate_path: /conf/server.tls.crt -tls_private_key_path: /conf/server.tls.key -bcrypt_rounds: 4 -registration_shared_secret: complement - -listeners: - - port: 8448 - bind_addresses: ['::'] - type: http - tls: true - resources: - - names: [federation] - - - port: 8008 - bind_addresses: ['::'] - type: http - - resources: - - names: [client] - -## Database ## - -database: - name: "sqlite3" - args: - # We avoid /data, as it is a volume and is not transferred when the container is committed, - # which is a fundamental necessity in complement. - database: "/conf/homeserver.db" - -## Federation ## - -# disable verification of federation certificates -# -# TODO: this is temporary until https://github.com/matrix-org/complement/pull/28 lands and -# allows homeservers spun up by complement access to the complement CA certificate to trust -federation_verify_certificates: false - -# trust certs signed by the dummy CA -federation_custom_ca_list: -- /ca/ca.crt - -# unblacklist RFC1918 addresses -ip_range_blacklist: [] - -# Disable server rate-limiting -rc_federation: - window_size: 1000 - sleep_limit: 10 - sleep_delay: 500 - reject_limit: 99999 - concurrent: 3 - -rc_message: - per_second: 9999 - burst_count: 9999 - -rc_registration: - per_second: 9999 - burst_count: 9999 - -rc_login: - address: - per_second: 9999 - burst_count: 9999 - account: - per_second: 9999 - burst_count: 9999 - failed_attempts: - per_second: 9999 - burst_count: 9999 - -rc_admin_redaction: - per_second: 9999 - burst_count: 9999 - -rc_joins: - local: - per_second: 9999 - burst_count: 9999 - remote: - per_second: 9999 - burst_count: 9999 - -federation_rr_transactions_per_room_per_second: 9999 - -## API Configuration ## - -# A list of application service config files to use -# -app_service_config_files: -AS_REGISTRATION_FILES - -## Experimental Features ## - -experimental_features: - # Enable spaces support - spaces_enabled: true - # Enable history backfilling support - msc2716_enabled: true - # server-side support for partial state in /send_join - msc3706_enabled: true - # Enable jump to date endpoint - msc3030_enabled: true - -server_notices: - system_mxid_localpart: _server - system_mxid_display_name: "Server Alert" - system_mxid_avatar_url: "" - room_name: "Server Alert" diff --git a/dockerfiles/synapse/log_config.yaml b/dockerfiles/synapse/log_config.yaml deleted file mode 100644 index c33fd6cd..00000000 --- a/dockerfiles/synapse/log_config.yaml +++ /dev/null @@ -1,24 +0,0 @@ -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -filters: - context: - (): synapse.logging.context.LoggingContextFilter - request: "" - -handlers: - console: - class: logging.StreamHandler - formatter: precise - filters: [context] - # log to stdout, for easier use with 'docker logs' - stream: 'ext://sys.stdout' - -root: - level: INFO - handlers: [console] - -disable_existing_loggers: false diff --git a/dockerfiles/synapse/start.sh b/dockerfiles/synapse/start.sh deleted file mode 100755 index eca41cd2..00000000 --- a/dockerfiles/synapse/start.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -set -e - -sed -i "s/SERVER_NAME/${SERVER_NAME}/g" /conf/homeserver.yaml - -# Add the application service registration files to the homeserver.yaml config -for filename in /complement/appservice/*.yaml; do - [ -f "$filename" ] || break - - as_id=$(basename "$filename" .yaml) - - # Insert the path to the registration file and the AS_REGISTRATION_FILES marker after - # so we can add the next application service in the next iteration of this for loop - sed -i "s/AS_REGISTRATION_FILES/ - \/complement\/appservice\/${as_id}.yaml\nAS_REGISTRATION_FILES/g" /conf/homeserver.yaml -done -# Remove the AS_REGISTRATION_FILES entry -sed -i "s/AS_REGISTRATION_FILES//g" /conf/homeserver.yaml - -# generate an ssl cert for the server, signed by our dummy CA -openssl req -new -key /conf/server.tls.key -out /conf/server.tls.csr \ - -subj "/CN=${SERVER_NAME}" -openssl x509 -req -in /conf/server.tls.csr \ - -CA /ca/ca.crt -CAkey /ca/ca.key -set_serial 1 \ - -out /conf/server.tls.crt - -exec python -m synapse.app.homeserver -c /conf/homeserver.yaml "$@" - diff --git a/dockerfiles/synapse/workers-shared.yaml b/dockerfiles/synapse/workers-shared.yaml deleted file mode 100644 index 8fa7cf80..00000000 --- a/dockerfiles/synapse/workers-shared.yaml +++ /dev/null @@ -1,77 +0,0 @@ -## Server ## -report_stats: False -trusted_key_servers: [] -enable_registration: true -enable_registration_without_verification: true -bcrypt_rounds: 4 - -## Federation ## - -# disable verification of federation certificates -# -# TODO: Figure out why this is still needed even though we are making use of the custom CA -federation_verify_certificates: false - -# trust certs signed by Complement's CA -federation_custom_ca_list: -- /ca/ca.crt - -# unblacklist RFC1918 addresses -federation_ip_range_blacklist: [] - -# Disable server rate-limiting -rc_federation: - window_size: 1000 - sleep_limit: 10 - sleep_delay: 500 - reject_limit: 99999 - concurrent: 3 - -rc_message: - per_second: 9999 - burst_count: 9999 - -rc_registration: - per_second: 9999 - burst_count: 9999 - -rc_login: - address: - per_second: 9999 - burst_count: 9999 - account: - per_second: 9999 - burst_count: 9999 - failed_attempts: - per_second: 9999 - burst_count: 9999 - -rc_admin_redaction: - per_second: 9999 - burst_count: 9999 - -rc_joins: - local: - per_second: 9999 - burst_count: 9999 - remote: - per_second: 9999 - burst_count: 9999 - -federation_rr_transactions_per_room_per_second: 9999 - -## Experimental Features ## - -experimental_features: - # Enable history backfilling support - msc2716_enabled: true - # Enable spaces support - spaces_enabled: true - # Enable jump to date endpoint - msc3030_enabled: true - -server_notices: - system_mxid_localpart: _server - system_mxid_display_name: "Server Alert" - system_mxid_avatar_url: "" - room_name: "Server Alert"