Split dendrite build out of install role.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/build/defaults/main.yaml Fri Jul 21 15:14:24 2023 -0500
@@ -0,0 +1,7 @@
+---
+
+dendrite_user: "dendrite"
+dendrite_version: "0.13.1"
+# https://github.com/matrix-org/dendrite/releases
+dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz"
+dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/build/tasks/main.yaml Fri Jul 21 15:14:24 2023 -0500
@@ -0,0 +1,23 @@
+---
+
+- name: snap install golang
+ become: yes
+ snap: name="go" classic="yes"
+
+- name: unarchive dendrite
+ unarchive:
+ remote_src: yes
+ src: "{{dendrite_tar}}"
+ dest: "/tmp/"
+ creates: "{{dendrite_build_dir}}"
+
+- name: check if dendrite build exists
+ stat:
+ path: "{{dendrite_build_dir}}/bin"
+ register: build_file
+
+- name: build dendrite
+ command: "{{dendrite_build_dir}}/build.sh"
+ args:
+ chdir: "{{dendrite_build_dir}}"
+ when: not build_file.stat.exists
--- a/dendrite/server/defaults/main.yaml Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/defaults/main.yaml Fri Jul 21 15:14:24 2023 -0500
@@ -1,10 +1,6 @@
---
-dendrite_user: "dendrite"
-dendrite_version: "0.13.1"
-# https://github.com/matrix-org/dendrite/releases
-dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz"
-dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}"
+dendrite_bin_dir: "/tmp/dendrite-{{dendrite_version}}"
dendrite_old_key: false
dendrite_registration_disabled: true
dendrite_registration_secret: ""
--- a/dendrite/server/tasks/main.yaml Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/tasks/main.yaml Fri Jul 21 15:14:24 2023 -0500
@@ -4,40 +4,10 @@
become: yes
user: name="{{dendrite_user}}" shell="/bin/false" system="yes"
-# build
-- name: snap install golang
- become: yes
- snap: name="go" classic="yes"
-
-- name: unarchive dendrite
- become: yes
- unarchive:
- remote_src: yes
- src: "{{dendrite_tar}}"
- dest: "/tmp/"
- creates: "{{dendrite_build_dir}}"
- owner: "{{dendrite_user}}"
- group: "{{dendrite_user}}"
-
-- name: check if dendrite build exists
- stat:
- path: "{{dendrite_build_dir}}/bin"
- register: build_file
-
-- name: build dendrite
- become: yes
- become_user: "{{dendrite_user}}"
- command: "{{dendrite_build_dir}}/build.sh"
- args:
- chdir: "{{dendrite_build_dir}}"
- when: not build_file.stat.exists
- notify: restart service
-
-# install
- name: install dendrite binary
become: yes
copy:
- src: "{{dendrite_build_dir}}/bin/{{item.src}}"
+ src: "{{dendrite_bin_dir}}/{{item.src}}"
dest: "/usr/local/bin/{{item.dest}}"
remote_src: yes
owner: "root"
--- a/dendrite/server/templates/dendrite.yaml.j2 Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/templates/dendrite.yaml.j2 Fri Jul 21 15:14:24 2023 -0500
@@ -18,7 +18,7 @@
private_key: matrix_key.pem
# The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
- # to old signing private keys that were formerly in use on this domain. These
+ # to old signing keys that were formerly in use on this domain name. These
# keys will not be used for federation request or event signing, but will be
# provided to any other homeserver that asks when trying to verify old events.
old_private_keys:
@@ -34,7 +34,7 @@
# Global database connection pool, for PostgreSQL monolith deployments only. If
# this section is populated then you can omit the "database" blocks in all other
- # sections. For polylith deployments, or monolith deployments using SQLite databases,
+ # sections. For monolith deployments using SQLite databases,
# you must configure the "database" block for each component instead.
database:
connection_string: postgresql://{{dendrite_db_user}}:{{dendrite_db_pass}}@localhost/{{dendrite_db}}?sslmode=disable
@@ -42,10 +42,32 @@
max_idle_conns: 5
conn_max_lifetime: -1
+ # Configuration for in-memory caches. Caches can often improve performance by
+ # keeping frequently accessed items (like events, identifiers etc.) in memory
+ # rather than having to read them from the database.
+ cache:
+ # The estimated maximum size for the global cache in bytes, or in terabytes,
+ # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or
+ # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a
+ # memory limit for the entire process. A cache that is too small may ultimately
+ # provide little or no benefit.
+ max_size_estimated: 1gb
+
+ # The maximum amount of time that a cache entry can live for in memory before
+ # it will be evicted and/or refreshed from the database. Lower values result in
+ # easier admission of new cache entries but may also increase database load in
+ # comparison to higher values, so adjust conservatively. Higher values may make
+ # it harder for new items to make it into the cache, e.g. if new rooms suddenly
+ # become popular.
+ max_age: 1h
+
# The server name to delegate server-server communications to, with optional port
# e.g. localhost:443
well_known_server_name: ""
+ # The base URL to delegate client-server communications to e.g. https://localhost
+ well_known_client_name: ""
+
# Lists of domains that the server will trust as identity servers to verify third
# party identifiers such as phone numbers and email addresses.
trusted_third_party_id_servers:
@@ -68,7 +90,7 @@
# We use this information to understand how Dendrite is being used in the wild.
report_stats:
enabled: false
- endpoint: https://matrix.org/report-usage-stats/push
+ endpoint: https://panopticon.matrix.org/push
# Server notices allows server admins to send messages to all users on the server.
server_notices:
@@ -86,11 +108,15 @@
jetstream:
# A list of NATS Server addresses to connect to. If none are specified, an
# internal NATS server will be started automatically when running Dendrite in
- # monolith mode. For polylith deployments, it is required to specify the address
- # of at least one NATS Server node.
+ # monolith mode.
addresses:
# - localhost:4222
+ # Disable the validation of TLS certificates of NATS. This is
+ # not recommended in production since it may allow NATS traffic
+ # to be sent to an insecure endpoint.
+ disable_tls_validation: false
+
# Persistent directory to store JetStream streams in. This directory should be
# preserved across Dendrite restarts.
storage_path: ./
@@ -149,23 +175,30 @@
recaptcha_bypass_secret: "{{dendrite_recaptcha_bypass_secret}}"
recaptcha_siteverify_api: "{{dendrite_recaptcha_siteverify_api}}"
+
# TURN server information that this homeserver should send to clients.
turn:
- turn_user_lifetime: ""
+ turn_user_lifetime: "5m"
turn_uris:
# - turn:turn.server.org?transport=udp
# - turn:turn.server.org?transport=tcp
turn_shared_secret: ""
- turn_username: ""
- turn_password: ""
+ # If your TURN server requires static credentials, then you will need to enter
+ # them here instead of supplying a shared secret. Note that these credentials
+ # will be visible to clients!
+ # turn_username: ""
+ # turn_password: ""
# Settings for rate-limited endpoints. Rate limiting kicks in after the threshold
# number of "slots" have been taken by requests from a specific host. Each "slot"
- # will be released after the cooloff time in milliseconds.
+ # will be released after the cooloff time in milliseconds. Server administrators
+ # and appservice users are exempt from rate limiting by default.
rate_limiting:
enabled: true
- threshold: 5
+ threshold: 20
cooloff_ms: 500
+ exempt_user_ids:
+ # - "@user:domain.com"
# Configuration for the Federation API.
federation_api:
@@ -179,6 +212,13 @@
# enable this option in production as it presents a security risk!
disable_tls_validation: false
+ # Disable HTTP keepalives, which also prevents connection reuse. Dendrite will typically
+ # keep HTTP connections open to remote hosts for 5 minutes as they can be reused much
+ # more quickly than opening new connections each time. Disabling keepalives will close
+ # HTTP connections immediately after a successful request but may result in more CPU and
+ # memory being used on TLS handshakes for each new connection instead.
+ disable_http_keepalives: false
+
# Perspective keyservers to use as a backup when direct key fetches fail. This may
# be required to satisfy key requests for servers that are no longer online when
# joining some rooms.
@@ -226,8 +266,7 @@
# Configuration for enabling experimental MSCs on this homeserver.
mscs:
mscs:
- - msc2836 # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
- - msc2946 # (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
+ # - msc2836 # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
# Configuration for the Sync API.
sync_api:
@@ -236,6 +275,19 @@
# a reverse proxy server.
# real_ip_header: X-Real-IP
+ # Configuration for the full-text search engine.
+ search:
+ # Whether or not search is enabled.
+ enabled: false
+
+ # The path where the search index will be created in.
+ index_path: "./searchindex"
+
+ # The language most likely to be used on the server - used when indexing, to
+ # ensure the returned results match expectations. A full list of possible languages
+ # can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
+ language: "en"
+
# Configuration for the User API.
user_api:
# The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
@@ -252,6 +304,14 @@
# The default lifetime is 3600000ms (60 minutes).
# openid_token_lifetime_ms: 3600000
+ # Users who register on this homeserver will automatically be joined to the rooms listed under "auto_join_rooms" option.
+ # By default, any room aliases included in this list will be created as a publicly joinable room
+ # when the first user registers for the homeserver. If the room already exists,
+ # make certain it is a publicly joinable room, i.e. the join rule of the room must be set to 'public'.
+ # As Spaces are just rooms under the hood, Space aliases may also be used.
+ auto_join_rooms:
+ # - "#main:matrix.org"
+
# Configuration for Opentracing.
# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
# how this works and how to set it up.
--- a/dendrite/server/templates/[email protected] Thu Jul 20 18:07:44 2023 -0500
+++ b/dendrite/server/templates/[email protected] Fri Jul 21 15:14:24 2023 -0500
@@ -8,6 +8,7 @@
Restart=always
User={{dendrite_user}}
LimitNOFILE=65535
+Environment="GOMEMLIMIT=2750MiB"
[Install]
WantedBy=multi-user.target