update to lastest configs

etc/matrix-synapse/homeserver.yaml

@@ -327,7 +327,7 @@ allow_public_rooms_over_federation: true
 #   federation: the server-server API (/_matrix/federation). Also implies
 #       'media', 'keys', 'openid'
 #
-#   keys: the key discovery API (/_matrix/keys).
+#   keys: the key discovery API (/_matrix/key).
 #
 #   media: the media API (/_matrix/media).
 #
@@ -602,6 +602,15 @@ templates:
   #
   #custom_template_directory: /var/lib/matrix-synapse/res/templates/
 
+# List of rooms to exclude from sync responses. This is useful for server
+# administrators wishing to group users into a room without these users being able
+# to see it from their client.
+#
+# By default, no room is excluded.
+#
+#exclude_rooms_from_sync:
+#    - !foo:example.com
+
 
 # Message retention policy at the server level.
 #
@@ -625,8 +634,8 @@ retention:
   # matter much because Synapse doesn't take it into account yet.
   #
   #default_policy:
-  #  min_lifetime: 30d
+  #  min_lifetime: 30m
-  #  max_lifetime: 3y
+  #  max_lifetime: 10y
 
   # Retention policy limits. If set, and the state of a room contains a
   # 'm.room.retention' event in its state which contains a 'min_lifetime' or a
@@ -683,7 +692,7 @@ retention:
       longest_max_lifetime: 1d
       interval: 12h
     - shortest_max_lifetime: 1d
-      longest_max_lifetime: 3y
+      longest_max_lifetime: 10y
       interval: 24h
 
 
@@ -795,6 +804,12 @@ retention:
 # A cache 'factor' is a multiplier that can be applied to each of
 # Synapse's caches in order to increase or decrease the maximum
 # number of entries that can be stored.
+#
+# The configuration for cache factors (caches.global_factor and
+# caches.per_cache_factors) can be reloaded while the application is running,
+# by sending a SIGHUP signal to the Synapse process. Changes to other parts of
+# the caching config will NOT be applied after a SIGHUP is received; a restart
+# is necessary.
 
 # The number of events to cache in memory. Not affected by
 # caches.global_factor.
@@ -845,6 +860,24 @@ caches:
   #
   #cache_entry_ttl: 30m
 
+  # This flag enables cache autotuning, and is further specified by the sub-options `max_cache_memory_usage`,
+  # `target_cache_memory_usage`, `min_cache_ttl`. These flags work in conjunction with each other to maintain
+  # a balance between cache memory usage and cache entry availability. You must be using jemalloc to utilize
+  # this option, and all three of the options must be specified for this feature to work.
+  #cache_autotuning:
+    # This flag sets a ceiling on much memory the cache can use before caches begin to be continuously evicted.
+    # They will continue to be evicted until the memory usage drops below the `target_memory_usage`, set in
+    # the flag below, or until the `min_cache_ttl` is hit.
+    #max_cache_memory_usage: 1024M
+
+    # This flag sets a rough target for the desired memory usage of the caches.
+    #target_cache_memory_usage: 758M
+
+    # 'min_cache_ttl` sets a limit under which newer cache entries are not evicted and is only applied when
+    # caches are actively being evicted/`max_cache_memory_usage` has been exceeded. This is to protect hot caches
+    # from being emptied while Synapse is evicting due to memory.
+    #min_cache_ttl: 5m
+
   # Controls how long the results of a /sync request are cached for after
   # a successful response is returned. A higher duration can help clients with
   # intermittent connections, at the cost of higher memory usage.
@@ -866,6 +899,12 @@ caches:
 # 'txn_limit' gives the maximum number of transactions to run per connection
 # before reconnecting. Defaults to 0, which means no limit.
 #
+# 'allow_unsafe_locale' is an option specific to Postgres. Under the default behavior, Synapse will refuse to
+# start if the postgres db is set to a non-C locale. You can override this behavior (which is *not* recommended)
+# by setting 'allow_unsafe_locale' to true. Note that doing so may corrupt your database. You can find more information
+# here: https://matrix-org.github.io/synapse/latest/postgres.html#fixing-incorrect-collate-or-ctype and here:
+# https://wiki.postgresql.org/wiki/Locale_data_changes
+#
 # 'args' gives options which are passed through to the database engine,
 # except for options starting 'cp_', which are used to configure the Twisted
 # connection pool. For a reference to valid arguments, see:
@@ -1227,7 +1266,7 @@ oembed:
 # This homeserver's ReCAPTCHA public key. Must be specified if
 # enable_registration_captcha is enabled.
 #
-recaptcha_public_key: "xxx"
+recaptcha_public_key: "6Ld8CXQeAAAAAFDdclTQL43Ox4BvrUKkH56Y_zWQ"
 
 # This homeserver's ReCAPTCHA private key. Must be specified if
 # enable_registration_captcha is enabled.
@@ -1285,10 +1324,18 @@ turn_allow_guests: true
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
 # section of this file.
 
-# Enable registration for new users.
+# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration,
+# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
+# without any verification, you must also set `enable_registration_without_verification`, found below.
 #
 enable_registration: true
 
+# Enable registration without email or captcha verification. Note: this option is *not* recommended,
+# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
+# unless `enable_registration` is also enabled.
+#
+#enable_registration_without_verification: true
+
 # Time that a user's session remains valid for, after they log in.
 #
 # Note that this is not currently compatible with guest logins.
@@ -1373,6 +1420,12 @@ registrations_require_3pid:
 #
 #registration_requires_token: true
 
+# Allow users to submit a token during registration to bypass any required 3pid
+# steps configured in `registrations_require_3pid`.
+# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
+#
+#enable_registration_token_3pid_bypass: false
+
 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
 #
@@ -2020,8 +2073,14 @@ saml2_config:
 #
 #             localpart_template: Jinja2 template for the localpart of the MXID.
 #                 If this is not set, the user will be prompted to choose their
-#                 own username (see 'sso_auth_account_details.html' in the 'sso'
+#                 own username (see the documentation for the
-#                 section of this file).
+#                 'sso_auth_account_details.html' template). This template can
+#                 use the 'localpart_from_email' filter.
+#
+#             confirm_localpart: Whether to prompt the user to validate (or
+#                 change) the generated localpart (see the documentation for the
+#                 'sso_auth_account_details.html' template), instead of
+#                 registering the account right away.
 #
 #             display_name_template: Jinja2 template for the display name to set
 #                 on first login. If unset, no displayname will be set.
@@ -2223,7 +2282,9 @@ sso:
 
 
 password_config:
-   # Uncomment to disable password login
+   # Uncomment to disable password login.
+   # Set to `only_for_reauth` to permit reauthentication for users that
+   # have passwords and are already logged in.
    #
    #enabled: false
 
@@ -2492,15 +2553,39 @@ push:
 #
 #encryption_enabled_by_default_for_room_type: invite
 
-
+# Override the default power levels for rooms created on this server, per
-# Uncomment to allow non-server-admin users to create groups on this server
+# room creation preset.
 #
-enable_group_creation: true
+# The appropriate dictionary for the room preset will be applied on top
-
+# of the existing power levels content.
-# If enabled, non server admins can only create groups with local parts
-# starting with this prefix
 #
-#group_creation_prefix: "unofficial_"
+# Useful if you know that your users need special permissions in rooms
+# that they create (e.g. to send particular types of state events without
+# needing an elevated power level).  This takes the same shape as the
+# `power_level_content_override` parameter in the /createRoom API, but
+# is applied before that parameter.
+#
+# Valid keys are some or all of `private_chat`, `trusted_private_chat`
+# and `public_chat`. Inside each of those should be any of the
+# properties allowed in `power_level_content_override` in the
+# /createRoom API. If any property is missing, its default value will
+# continue to be used. If any property is present, it will overwrite
+# the existing default completely (so if the `events` property exists,
+# the default event power levels will be ignored).
+#
+#default_power_level_content_override:
+#    private_chat:
+#        "events":  
+#            "com.example.myeventtype" : 0
+#            "m.room.avatar": 50
+#            "m.room.canonical_alias": 50
+#            "m.room.encryption": 100
+#            "m.room.history_visibility": 100
+#            "m.room.name": 50
+#            "m.room.power_levels": 100
+#            "m.room.server_acl": 100
+#            "m.room.tombstone": 100
+#        "events_default": 1
 
 
 
@@ -2847,5 +2932,37 @@ redis:
   #password: <secret_password>
 
 
+## Background Updates ##
+
+# Background updates are database updates that are run in the background in batches.
+# The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to
+# sleep can all be configured. This is helpful to speed up or slow down the updates.
+#
+background_updates:
+    # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set
+    # a time to change the default.
+    #
+    #background_update_duration_ms: 500
+
+    # Whether to sleep between updates. Defaults to True. Uncomment to change the default.
+    #
+    #sleep_enabled: false
+
+    # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment
+    # and set a duration to change the default.
+    #
+    #sleep_duration_ms: 300
+
+    # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and
+    # set a size to change the default.
+    #
+    #min_batch_size: 10
+
+    # The batch size to use for the first iteration of a new background update. The default is 100.
+    # Uncomment and set a size to change the default.
+    #
+    #default_batch_size: 50
+
+
 experimental_features:
   msc2285_enabled: true

etc/matrix-synapse/log.yaml

@@ -21,7 +21,7 @@ handlers:
         formatter: precise
         filename: /var/log/matrix-synapse/homeserver.log
         when: midnight
-        backupCount: 3  # Does not include the current log file.
+        backupCount: 2  # Does not include the current log file.
         encoding: utf8
 
     # Default to buffering writes to log file for efficiency.
@@ -65,13 +65,6 @@ loggers:
     synapse.state.metrics:
         level: DEBUG
 
-    twisted:
-        # We send the twisted logging directly to the file handler,
-        # to work around https://github.com/matrix-org/synapse/issues/3471
-        # when using "buffer" logger. Use "console" to log to stderr instead.
-        handlers: [file]
-        propagate: false
-
 root:
     level: WARN
 

etc/nginx/include.d/generic_worker.conf

@@ -104,17 +104,12 @@ location ~ ^/_matrix/federation/v1/user/devices/ {
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/federation/v1/get_groups_publicised$ {
-	include include.d/synapse-proxy.conf;
-	proxy_pass http://generic_worker_lc;
-}
-
 location ~ ^/_matrix/key/v2/query {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ {
+location ~ ^/_matrix/federation/v1/hierarchy/ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
@@ -158,7 +153,12 @@ location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ {
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ {
+location ~ ^/_matrix/client/v1/rooms/.*/hierarchy$ {
+	include include.d/synapse-proxy.conf;
+	proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
 }
@@ -173,6 +173,11 @@ location ~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$ {
 	proxy_pass http://generic_worker_lc;
 }
 
+location ~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$ {
+	include include.d/synapse-proxy.conf;
+	proxy_pass http://generic_worker_lc;
+}
+
 location ~ ^/_matrix/client/(r0|v3|unstable)/devices$ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;
@@ -188,21 +193,6 @@ location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
 	proxy_pass http://generic_worker_lc;
 }
 
-location ~ ^/_matrix/client/(r0|v3|unstable)/joined_groups$ {
-	include include.d/synapse-proxy.conf;
-	proxy_pass http://generic_worker_lc;
-}
-
-location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ {
-	include include.d/synapse-proxy.conf;
-	proxy_pass http://generic_worker_lc;
-}
-
-location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ {
-	include include.d/synapse-proxy.conf;
-	proxy_pass http://generic_worker_lc;
-}
-
 location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ {
 	include include.d/synapse-proxy.conf;
 	proxy_pass http://generic_worker_lc;

etc/nginx/include.d/mjolnir-report.conf

@@ -1,7 +1,6 @@
-# Abuse reports should be sent to Mjölnir.
+# Abuse reports should be sent to Mjolnir.
-
 location ~ ^/_matrix/client/r0/rooms/([^/]*)/report/(.*)$ {
-	add_header 'Access-Control-Allow-Origin' '*' always;
+#	add_header 'Access-Control-Allow-Origin' '*' always;
 	add_header 'Access-Control-Allow-Credentials' 'true' always;
 	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
 	add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since' always;

etc/nginx/sites-available/element.envs.net.conf

@@ -25,6 +25,16 @@ server {
 	location = /index.html {
 		add_header Cache-Control "no-cache";
 	}
+
+	location = /version {
+		add_header Cache-Control "no-cache";
+		add_header Content-Type text/plain;
+	}
+	# covers config.json and config.hostname.json requests as it is prefix.
+	location /config {
+		add_header Cache-Control "no-cache";
+		add_header Content-Type application/json;
+	}
 }
 
 #ALIAS   

etc/nginx/sites-available/matrix.envs.net.conf

@@ -25,19 +25,19 @@ server {
 
 	## well-known
 	location /.well-known/matrix/support {
-		add_header Access-Control-Allow-Origin '*' always;
+		add_header Access-Control-Allow-Origin '*';
 		add_header Content-Type application/json;
 		return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}], "support_page": "https://matrix.to/#/#envs:envs.net"}';
 	}
 
 	location /.well-known/matrix/server {
-		add_header Access-Control-Allow-Origin '*' always;
+		add_header Access-Control-Allow-Origin '*';
 		add_header Content-Type application/json;
 		return 200 '{"m.server": "matrix.envs.net:443"}';
 	}
 
 	location /.well-known/matrix/client {
-		add_header Access-Control-Allow-Origin '*' always;
+		add_header Access-Control-Allow-Origin '*';
 		add_header Content-Type application/json;
 		return 200 '{"m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}, "m.tile_server": {"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=jrKVgM1ozvdgREfvtZ8X"}}';
 	}