update configs to the current version

etc/matrix-media-repo/media-repo.yaml

@@ -246,7 +246,7 @@ uploads:
 # Settings related to downloading files from the media repository
 downloads:
   # The maximum number of bytes to download from other servers
-  maxBytes: 104857600 # 100MB default, 0 to disable
+  maxBytes: 268435456 # 100MB default, 0 to disable
 
   # The number of workers to use when downloading remote media. Raise this number if remote
   # media is downloading slowly or timing out.

etc/matrix-synapse/homeserver.yaml

@@ -37,11 +37,11 @@
 
 # Server admins can expand Synapse's functionality with external modules.
 #
-# See https://matrix-org.github.io/synapse/latest/modules.html for more
+# See https://matrix-org.github.io/synapse/latest/modules/index.html for more
 # documentation on how to configure or create custom modules for Synapse.
 #
 modules:
-  - module: mjolnir.AntiSpam
+  - module: mjolnir.Module
     config:
       # Prevent servers/users in the ban lists from inviting users on this
       # server to rooms. Default true.
@@ -64,6 +64,12 @@ modules:
         - "!WuBtumawCeOGEieRrp:matrix.org"
         # matrix-tos-bl
         - "!tUPwPPmVTaiKXMiijj:matrix.org"
+        # tchncs-ban-list
+        - "!hTMIYoLoENZQwslaHP:tchncs.de"
+        # asragr-ban-list
+        - "!YImXsibeOfGBYVaElT:asra.gr"
+        # banlist-spam
+        - "!eVqHGneqdbqBDmQwXs:systemtest.tk"
 
 
 ## Server ##
@@ -177,12 +183,12 @@ allow_public_rooms_over_federation: true
 # The default room version for newly created rooms.
 #
 # Known room versions are listed here:
-# https://matrix.org/docs/spec/#complete-list-of-room-versions
+# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions
 #
 # For example, for room version 1, default_room_version should be set
 # to "1".
 #
-#default_room_version: "6"
+#default_room_version: "9"
 
 # The GC threshold parameters to pass to `gc.set_threshold`, if defined
 #
@@ -337,7 +343,7 @@ listeners:
   #  bind_addresses: ['0.0.0.0']
 
   #  resources:
-  #    - names: [client, webclient]
+  #    - names: [client]
   #      compress: true
   #    - names: [federation]
   #      compress: false
@@ -508,6 +514,20 @@ limit_remote_rooms:
 #
 #allow_per_room_profiles: false
 
+# The largest allowed file size for a user avatar. Defaults to no restriction.
+#
+# Note that user avatar changes will not work if this is set without
+# using Synapse's media repository.
+#
+#max_avatar_size: 10M
+
+# The MIME types allowed for user avatars. Defaults to no restriction.
+#
+# Note that user avatar changes will not work if this is set without
+# using Synapse's media repository.
+#
+#allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"]
+
 # How long to keep redacted events in unredacted form in the database. After
 # this period redacted events get replaced with their redacted form in the DB.
 #
@@ -694,8 +714,8 @@ retention:
 #
 #federation_certificate_verification_whitelist:
 #  - lon.example.com
-#  - *.domain.com
+#  - "*.domain.com"
-#  - *.onion
+#  - "*.onion"
 
 # List of custom certificate authorities for federation traffic.
 #
@@ -794,11 +814,16 @@ caches:
     #get_joined_profile_from_event_id: 5.0
     #get_users_who_share_room_with_user: 2.0
 
-  # Controls how long an entry can be in a cache without having been
+  # Controls whether cache entries are evicted after a specified time
-  # accessed before being evicted. Defaults to None, which means
+  # period. Defaults to true. Uncomment to disable this feature.
-  # entries are never evicted based on time.
   #
-  #expiry_time: 24h
+  #expire_caches: false
+
+  # If expire_caches is enabled, this flag controls how long an entry can
+  # be in a cache without having been accessed before being evicted.
+  # Defaults to 30m. Uncomment to set a different time to live for cache entries.
+  #
+  #cache_entry_ttl: 30m
 
   # Controls how long the results of a /sync request are cached for after
   # a successful response is returned. A higher duration can help clients with
@@ -886,6 +911,9 @@ log_config: "/etc/matrix-synapse/log.yaml"
 #   - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
 #   - two for ratelimiting how often invites can be sent in a room or to a
 #     specific user.
+#   - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID
+#     such as an email address or a phone number) based on the account that's
+#     sending the invite.
 #
 # The defaults are as shown below.
 #
@@ -935,6 +963,9 @@ log_config: "/etc/matrix-synapse/log.yaml"
 #  per_user:
 #    per_second: 0.003
 #    burst_count: 5
+#rc_third_party_invite:
+#  per_second: 0.2
+#  burst_count: 10
 
 # Ratelimiting settings for incoming federation
 #
@@ -1176,18 +1207,18 @@ oembed:
 # This homeserver's ReCAPTCHA public key. Must be specified if
 # enable_registration_captcha is enabled.
 #
-#recaptcha_public_key: "YOUR_PUBLIC_KEY"
+recaptcha_public_key: "xxx"
 
 # This homeserver's ReCAPTCHA private key. Must be specified if
 # enable_registration_captcha is enabled.
 #
-#recaptcha_private_key: "YOUR_PRIVATE_KEY"
+recaptcha_private_key: "xxx"
 
 # Uncomment to enable ReCaptcha checks when registering, preventing signup
 # unless a captcha is answered. Requires a valid ReCaptcha
 # public/private key. Defaults to 'false'.
 #
-#enable_registration_captcha: true
+enable_registration_captcha: true
 
 # The API endpoint to use for verifying m.login.recaptcha responses.
 # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
@@ -1477,6 +1508,16 @@ autocreate_auto_join_rooms: true
 #
 #auto_join_rooms_for_guests: false
 
+# Whether to inhibit errors raised when registering a new account if the user ID
+# already exists. If turned on, that requests to /register/available will always
+# show a user ID as available, and Synapse won't raise an error when starting
+# a registration with a user ID that already exists. However, Synapse will still
+# raise an error if the registration completes and the username conflicts.
+#
+# Defaults to false.
+#
+#inhibit_user_in_use_error: true
+
 
 ## Metrics ###
 
@@ -1529,6 +1570,7 @@ room_prejoin_state:
    # - m.room.encryption
    # - m.room.name
    # - m.room.create
+   # - m.room.topic
    #
    # Uncomment the following to disable these defaults (so that only the event
    # types listed in 'additional_event_types' are shared). Defaults to 'false'.
@@ -1543,6 +1585,21 @@ room_prejoin_state:
    #additional_event_types:
    #  - org.example.custom.event.type
 
+# We record the IP address of clients used to access the API for various
+# reasons, including displaying it to the user in the "Where you're signed in"
+# dialog.
+#
+# By default, when puppeting another user via the admin API, the client IP
+# address is recorded against the user who created the access token (ie, the
+# admin user), and *not* the puppeted user.
+#
+# Uncomment the following to also record the IP address against the puppeted
+# user. (This also means that the puppeted user will count as an "active" user
+# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc
+# above.)
+#
+#track_puppeted_user_ips: true
+
 
 # A list of application service config files to use
 #
@@ -1909,10 +1966,13 @@ saml2_config:
 #       Defaults to false. Avoid this in production.
 #
 #   user_profile_method: Whether to fetch the user profile from the userinfo
-#       endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
+#       endpoint, or to rely on the data returned in the id_token from the
+#       token_endpoint.
 #
-#       Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
+#       Valid values are: 'auto' or 'userinfo_endpoint'.
-#       included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
+#
+#       Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
+#       not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
 #       userinfo endpoint.
 #
 #   allow_existing_users: set to 'true' to allow a user logging in via OIDC to
@@ -2445,7 +2505,7 @@ user_directory:
     # These indexes are built the first time Synapse starts; admins can
     # manually trigger a rebuild via API following the instructions at
     #     https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run
-    #
+    #   
     # Uncomment to return search results containing all known users, even if that
     # user does not share a room with the requester.
     #
@@ -2718,7 +2778,31 @@ stream_writers:
     - generic_worker2
     - generic_worker3
     - generic_worker4
-#  typing: worker1
+#  typing:
+#    - generic_worker1
+#    - generic_worker2
+#    - generic_worker3
+#    - generic_worker4
+  to_device:
+    - generic_worker1
+    - generic_worker2
+    - generic_worker3
+    - generic_worker4
+  account_data:
+    - generic_worker1
+    - generic_worker2
+    - generic_worker3
+    - generic_worker4
+  receipts:
+    - generic_worker1
+    - generic_worker2
+    - generic_worker3
+    - generic_worker4
+#  presence:
+#    - generic_worker1
+#    - generic_worker2
+#    - generic_worker3
+#    - generic_worker4
 
 # The worker that is used to run background tasks (e.g. cleaning up expired
 # data). If not provided this defaults to the main process.
@@ -2751,5 +2835,6 @@ redis:
   #
   #password: <secret_password>
 
+
 experimental_features:
   msc2285_enabled: true

etc/nginx/include.d/generic_worker.conf

@@ -198,22 +198,12 @@ location ~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ {
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ {
+location ~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ {
+location ~ ^/_matrix/client/(r0|v3|unstable)/devices$ {
-	include include.d/synapse-proxy.conf;
-	proxy_pass http://generic_worker_lc;
-}
-
-location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ {
-	include include.d/synapse-proxy.conf;
-	proxy_pass http://generic_worker_lc;
-}
-
-location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
@@ -228,17 +218,17 @@ location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ {
+location ~ ^/_matrix/client/(r0|v3|unstable)/joined_groups$ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ {
+location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ {
+location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
@@ -260,15 +250,25 @@ location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ {
 
 
 ## Encryption requests
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/claim {
+location ~ ^/_matrix/client/(r0|v3|unstable)/keys/query$ {
-#	include include.d/synapse-proxy.conf;
+	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
+	proxy_pass http://generic_worker_lc;
-#}
+}
 
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/room_keys {
+location ~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$ {
-#	include include.d/synapse-proxy.conf;
+	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
+	proxy_pass http://generic_worker_lc;
-#}
+}
+
+location ~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$ {
+	include include.d/synapse-proxy.conf;
+	proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(r0|v3|unstable)/room_keys/ {
+	include include.d/synapse-proxy.conf;
+	proxy_pass http://generic_worker_lc;
+}
 
 
 ## Registration/login requests
@@ -282,7 +282,7 @@ location ~ ^/_matrix/client/(r0|v3|unstable)/register$ {
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$ {
+location ~ ^/_matrix/client/v1/register/m.login.registration_token/validity$ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
@@ -320,42 +320,36 @@ location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ {
 	proxy_pass http://generic_worker_lc;
 }
 
-## Typing requests
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing {
-#	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
-#}
-
 ## Device requests
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/sendToDevice/ {
+location ~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ {
-#	include include.d/synapse-proxy.conf;
+	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
+	proxy_pass http://generic_worker_lc;
-#}
+}
 
 ## Account data requests
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/.*/tags {
+location ~ ^/_matrix/client/(r0|v3|unstable)/.*/tags {
-#	include include.d/synapse-proxy.conf;
+	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
+	proxy_pass http://generic_worker_lc;
-#}
+}
 
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/.*/account_data {
+location ~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data {
-#	include include.d/synapse-proxy.conf;
+	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
+	proxy_pass http://generic_worker_lc;
-#}
+}
 
 ## Receipts requests
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/receipt {
+location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt {
-#	include include.d/synapse-proxy.conf;
+	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
+	proxy_pass http://generic_worker_lc;
-#}
+}
 
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/read_markers {
+location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers {
-#	include include.d/synapse-proxy.conf;
+	include include.d/synapse-proxy.conf;
-#	proxy_pass http://generic_worker_lc;
+	proxy_pass http://generic_worker_lc;
-#}
+}
 
 ## Presence requests
-#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/.*/status$ {
+#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ {
 #	include include.d/synapse-proxy.conf;
 #	proxy_pass http://generic_worker_lc;
 #}

etc/nginx/sites-available/element.envs.net.conf

@@ -27,7 +27,7 @@ server {
 	}
 }
 
-#ALIAS
+#ALIAS   
 server {
 	listen 80;
 	listen [::]:80;

etc/nginx/sites-available/matrix.envs.net.conf

@@ -39,7 +39,7 @@ server {
 	location /.well-known/matrix/client {
 		add_header Access-Control-Allow-Origin '*' always;
 		add_header Content-Type application/json;
-		return 200 '{"m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}}';
+		return 200 '{"m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}, "m.tile_server": {"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=jrKVgM1ozvdgREfvtZ8X"}}';
 	}
 
 	# workers

etc/prometheus/prometheus.yml

@@ -74,13 +74,6 @@ scrape_configs:
           group: synapse
           worker: federation_sender3
 
-      - targets: ['matrix.envs.net:9110']
-        labels:
-          job: background_worker
-          instance: All
-          group: synapse
-          worker: background_worker
-
       - targets: ['matrix.envs.net:9111']
         labels:
           job: pusher
@@ -119,12 +112,16 @@ scrape_configs:
       - targets: ['matrix.envs.net:9134']
         labels:
           job: generic_worker
-          instance: All 
+          instance: All
           group: synapse
           worker: generic_worker4
 
-
   - job_name: 'media-repo'
     metrics_path: '/metrics'
     static_configs:
       - targets: ['matrix.envs.net:9001']
+
+  - job_name: 'matrix-monitor'
+    metrics_path: '/_monitorbot/metrics'
+    static_configs:
+      - targets: ['matrix.envs.net:9005']