# HG changeset patch
# User Luke Hoersten <luke@hoersten.org>
# Date 1689970464 18000
# Node ID dd52907adff94ed2f55d78ab11e4e8aaf0312a6b
# Parent  3069b7d001f73613ae7e874c898df5ece0ededab
Split dendrite build out of install role.

diff -r 3069b7d001f7 -r dd52907adff9 dendrite/build/defaults/main.yaml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/build/defaults/main.yaml	Fri Jul 21 15:14:24 2023 -0500
@@ -0,0 +1,7 @@
+---
+
+dendrite_user: "dendrite"
+dendrite_version: "0.13.1"
+# https://github.com/matrix-org/dendrite/releases
+dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz"
+dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}"
diff -r 3069b7d001f7 -r dd52907adff9 dendrite/build/tasks/main.yaml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/build/tasks/main.yaml	Fri Jul 21 15:14:24 2023 -0500
@@ -0,0 +1,23 @@
+---
+
+- name: snap install golang
+  become: yes
+  snap: name="go" classic="yes"
+
+- name: unarchive dendrite
+  unarchive:
+    remote_src: yes
+    src: "{{dendrite_tar}}"
+    dest: "/tmp/"
+    creates: "{{dendrite_build_dir}}"
+
+- name: check if dendrite build exists
+  stat:
+    path: "{{dendrite_build_dir}}/bin"
+  register: build_file
+
+- name: build dendrite
+  command: "{{dendrite_build_dir}}/build.sh"
+  args:
+    chdir: "{{dendrite_build_dir}}"
+  when: not build_file.stat.exists
diff -r 3069b7d001f7 -r dd52907adff9 dendrite/server/defaults/main.yaml
--- a/dendrite/server/defaults/main.yaml	Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/defaults/main.yaml	Fri Jul 21 15:14:24 2023 -0500
@@ -1,10 +1,6 @@
 ---
 
-dendrite_user: "dendrite"
-dendrite_version: "0.13.1"
-# https://github.com/matrix-org/dendrite/releases
-dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz"
-dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}"
+dendrite_bin_dir: "/tmp/dendrite-{{dendrite_version}}"
 dendrite_old_key: false
 dendrite_registration_disabled: true
 dendrite_registration_secret: ""
diff -r 3069b7d001f7 -r dd52907adff9 dendrite/server/tasks/main.yaml
--- a/dendrite/server/tasks/main.yaml	Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/tasks/main.yaml	Fri Jul 21 15:14:24 2023 -0500
@@ -4,40 +4,10 @@
   become: yes
   user: name="{{dendrite_user}}" shell="/bin/false" system="yes"
 
-# build
-- name: snap install golang
-  become: yes
-  snap: name="go" classic="yes"
-
-- name: unarchive dendrite
-  become: yes
-  unarchive:
-    remote_src: yes
-    src: "{{dendrite_tar}}"
-    dest: "/tmp/"
-    creates: "{{dendrite_build_dir}}"
-    owner: "{{dendrite_user}}"
-    group: "{{dendrite_user}}"
-
-- name: check if dendrite build exists
-  stat:
-    path: "{{dendrite_build_dir}}/bin"
-  register: build_file
-
-- name: build dendrite
-  become: yes
-  become_user: "{{dendrite_user}}"
-  command: "{{dendrite_build_dir}}/build.sh"
-  args:
-    chdir: "{{dendrite_build_dir}}"
-  when: not build_file.stat.exists
-  notify: restart service
-
-# install
 - name: install dendrite binary
   become: yes
   copy:
-    src: "{{dendrite_build_dir}}/bin/{{item.src}}"
+    src: "{{dendrite_bin_dir}}/{{item.src}}"
     dest: "/usr/local/bin/{{item.dest}}"
     remote_src: yes
     owner: "root"
diff -r 3069b7d001f7 -r dd52907adff9 dendrite/server/templates/dendrite.yaml.j2
--- a/dendrite/server/templates/dendrite.yaml.j2	Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/templates/dendrite.yaml.j2	Fri Jul 21 15:14:24 2023 -0500
@@ -18,7 +18,7 @@
   private_key: matrix_key.pem
 
   # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
-  # to old signing private keys that were formerly in use on this domain. These
+  # to old signing keys that were formerly in use on this domain name. These
   # keys will not be used for federation request or event signing, but will be
   # provided to any other homeserver that asks when trying to verify old events.
   old_private_keys:
@@ -34,7 +34,7 @@
 
   # Global database connection pool, for PostgreSQL monolith deployments only. If
   # this section is populated then you can omit the "database" blocks in all other
-  # sections. For polylith deployments, or monolith deployments using SQLite databases,
+  # sections. For monolith deployments using SQLite databases,
   # you must configure the "database" block for each component instead.
   database:
     connection_string: postgresql://{{dendrite_db_user}}:{{dendrite_db_pass}}@localhost/{{dendrite_db}}?sslmode=disable
@@ -42,10 +42,32 @@
     max_idle_conns: 5
     conn_max_lifetime: -1
 
+  # Configuration for in-memory caches. Caches can often improve performance by
+  # keeping frequently accessed items (like events, identifiers etc.) in memory
+  # rather than having to read them from the database.
+  cache:
+    # The estimated maximum size for the global cache in bytes, or in terabytes,
+    # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or
+    # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a
+    # memory limit for the entire process. A cache that is too small may ultimately
+    # provide little or no benefit.
+    max_size_estimated: 1gb
+
+    # The maximum amount of time that a cache entry can live for in memory before
+    # it will be evicted and/or refreshed from the database. Lower values result in
+    # easier admission of new cache entries but may also increase database load in
+    # comparison to higher values, so adjust conservatively. Higher values may make
+    # it harder for new items to make it into the cache, e.g. if new rooms suddenly
+    # become popular.
+    max_age: 1h
+
   # The server name to delegate server-server communications to, with optional port
   # e.g. localhost:443
   well_known_server_name: ""
 
+  # The base URL to delegate client-server communications to e.g. https://localhost
+  well_known_client_name: ""
+
   # Lists of domains that the server will trust as identity servers to verify third
   # party identifiers such as phone numbers and email addresses.
   trusted_third_party_id_servers:
@@ -68,7 +90,7 @@
   # We use this information to understand how Dendrite is being used in the wild.
   report_stats:
     enabled: false
-    endpoint: https://matrix.org/report-usage-stats/push
+    endpoint: https://panopticon.matrix.org/push
 
   # Server notices allows server admins to send messages to all users on the server.
   server_notices:
@@ -86,11 +108,15 @@
   jetstream:
     # A list of NATS Server addresses to connect to. If none are specified, an
     # internal NATS server will be started automatically when running Dendrite in
-    # monolith mode. For polylith deployments, it is required to specify the address
-    # of at least one NATS Server node.
+    # monolith mode.
     addresses:
     # - localhost:4222
 
+    # Disable the validation of TLS certificates of NATS. This is
+    # not recommended in production since it may allow NATS traffic
+    # to be sent to an insecure endpoint.
+    disable_tls_validation: false
+
     # Persistent directory to store JetStream streams in. This directory should be
     # preserved across Dendrite restarts.
     storage_path: ./
@@ -149,23 +175,30 @@
   recaptcha_bypass_secret: "{{dendrite_recaptcha_bypass_secret}}"
   recaptcha_siteverify_api: "{{dendrite_recaptcha_siteverify_api}}"
 
+
   # TURN server information that this homeserver should send to clients.
   turn:
-    turn_user_lifetime: ""
+    turn_user_lifetime: "5m"
     turn_uris:
     #  - turn:turn.server.org?transport=udp
     #  - turn:turn.server.org?transport=tcp
     turn_shared_secret: ""
-    turn_username: ""
-    turn_password: ""
+    # If your TURN server requires static credentials, then you will need to enter
+    # them here instead of supplying a shared secret. Note that these credentials
+    # will be visible to clients!
+    # turn_username: ""
+    # turn_password: ""
 
   # Settings for rate-limited endpoints. Rate limiting kicks in after the threshold
   # number of "slots" have been taken by requests from a specific host. Each "slot"
-  # will be released after the cooloff time in milliseconds.
+  # will be released after the cooloff time in milliseconds. Server administrators
+  # and appservice users are exempt from rate limiting by default.
   rate_limiting:
     enabled: true
-    threshold: 5
+    threshold: 20
     cooloff_ms: 500
+    exempt_user_ids:
+    #  - "@user:domain.com"
 
 # Configuration for the Federation API.
 federation_api:
@@ -179,6 +212,13 @@
   # enable this option in production as it presents a security risk!
   disable_tls_validation: false
 
+  # Disable HTTP keepalives, which also prevents connection reuse. Dendrite will typically
+  # keep HTTP connections open to remote hosts for 5 minutes as they can be reused much
+  # more quickly than opening new connections each time. Disabling keepalives will close
+  # HTTP connections immediately after a successful request but may result in more CPU and
+  # memory being used on TLS handshakes for each new connection instead.
+  disable_http_keepalives: false
+
   # Perspective keyservers to use as a backup when direct key fetches fail. This may
   # be required to satisfy key requests for servers that are no longer online when
   # joining some rooms.
@@ -226,8 +266,7 @@
 # Configuration for enabling experimental MSCs on this homeserver.
 mscs:
   mscs:
-    - msc2836  # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
-    - msc2946  # (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
+  #  - msc2836  # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
 
 # Configuration for the Sync API.
 sync_api:
@@ -236,6 +275,19 @@
   # a reverse proxy server.
   # real_ip_header: X-Real-IP
 
+  # Configuration for the full-text search engine.
+  search:
+    # Whether or not search is enabled.
+    enabled: false
+
+    # The path where the search index will be created in.
+    index_path: "./searchindex"
+
+    # The language most likely to be used on the server - used when indexing, to
+    # ensure the returned results match expectations. A full list of possible languages
+    # can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
+    language: "en"
+
 # Configuration for the User API.
 user_api:
   # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
@@ -252,6 +304,14 @@
   # The default lifetime is 3600000ms (60 minutes).
   # openid_token_lifetime_ms: 3600000
 
+  # Users who register on this homeserver will automatically be joined to the rooms listed under "auto_join_rooms" option.
+  # By default, any room aliases included in this list will be created as a publicly joinable room
+  # when the first user registers for the homeserver. If the room already exists,
+  # make certain it is a publicly joinable room, i.e. the join rule of the room must be set to 'public'.
+  # As Spaces are just rooms under the hood, Space aliases may also be used.
+  auto_join_rooms:
+  #  - "#main:matrix.org"
+
 # Configuration for Opentracing.
 # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
 # how this works and how to set it up.
diff -r 3069b7d001f7 -r dd52907adff9 dendrite/server/templates/dendrite@.service.j2
--- a/dendrite/server/templates/dendrite@.service.j2	Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/templates/dendrite@.service.j2	Fri Jul 21 15:14:24 2023 -0500
@@ -8,6 +8,7 @@
 Restart=always
 User={{dendrite_user}}
 LimitNOFILE=65535
+Environment="GOMEMLIMIT=2750MiB"
 
 [Install]
 WantedBy=multi-user.target