Matrix-Mirrors/matrix.grapheneos.org
1
0
Fork 0
mirror of https://github.com/GrapheneOS/matrix.grapheneos.org.git synced 2026-01-22 17:54:34 -05:00
Code Issues Projects Releases Packages Wiki Activity
306 commits 1 branch 0 tags 824 KiB
Commit graph

306 commits

This branch
This branch
All branches
Author SHA1 Message Date
Daniel Micay
29ceabbcac remove matterbridge 2026-01-18 16:39:30 -05:00
Daniel Micay
8e28979749 add synapse events_writer worker 2026-01-12 03:53:57 -05:00
Daniel Micay
a1032caa9f logrotate: use consistent order for log files 2026-01-12 03:38:52 -05:00
Daniel Micay
b04097e877 nginx: reduce client_body_buffer_size for non-media APIs 
This is set to match the limit enforced by synapse itself.
 2025-12-29 14:59:52 -05:00
dependabot[bot]
be991f56ba Bump gixy-ng from 0.2.22 to 0.2.23 
Bumps [gixy-ng](https://github.com/dvershinin/gixy) from 0.2.22 to 0.2.23.
- [Release notes](https://github.com/dvershinin/gixy/releases)
- [Changelog](https://github.com/dvershinin/gixy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/dvershinin/gixy/compare/v0.2.22...v0.2.23)

---
updated-dependencies:
- dependency-name: gixy-ng
  dependency-version: 0.2.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-29 02:17:44 -05:00
Daniel Micay
479c0a5b9f use systemctl reload for nginx reload 2025-12-26 22:34:10 -05:00
Daniel Micay
10b1cf90bc add synapse user_dir worker 2025-12-25 23:13:31 -05:00
Daniel Micay
a340a442da nginx: add matrix socket for synapse admin API 
The admin API needs to be used through nginx now in order to direct the
requests to the correct workers.
 2025-12-23 14:47:05 -05:00
Daniel Micay
45b8b71bce nginx: update comment for session ticket keys 2025-12-23 14:01:41 -05:00
Daniel Micay
0dc8b59fb8 update Element Web configuration 2025-12-23 12:50:06 -05:00
Daniel Micay
cf5c779685 add main synapse configuration 2025-12-23 12:47:47 -05:00
Daniel Micay
cee7bda9ca synapse: split out email configuration 2025-12-23 12:47:47 -05:00
Daniel Micay
a96d494de4 synapse: remove unnecessary replication listeners 
Federation sender workers only require a replication listener for the
outbound_federation_restricted_to feature which isn't enabled. It would
reduce would reduce performance by requiring proxying requestes through
the federation sender workers with no significant benefit.
 2025-12-23 12:47:47 -05:00
Daniel Micay
1b8066fb27 synapse: disable unnecessary use of synctl 2025-12-23 12:47:47 -05:00
Daniel Micay
f0983f4870 order bots after synapse.target instead of synapse.service 2025-12-23 12:47:47 -05:00
Daniel Micay
94f913f5d1 use lexicographic order for logging configuration 2025-12-23 12:47:47 -05:00
Daniel Micay
08288bd3ac use sync worker for sliding sync 2025-12-23 12:47:47 -05:00
Daniel Micay
33f9d2adee add synapse sync worker 2025-12-23 12:47:47 -05:00
Daniel Micay
3f2386da8a enable zstd long mode for backups 2025-12-23 12:47:32 -05:00
Daniel Micay
255853c7c5 add synapse pusher worker 2025-12-23 12:47:31 -05:00
Daniel Micay
366265326a send deprecated MSC3266 path to client reader worker too 2025-12-23 12:47:18 -05:00
Daniel Micay
784125c549 handle pagination in client reader 2025-12-23 12:47:18 -05:00
Daniel Micay
f03ab17431 add synapse stream writer worker 2025-12-23 12:47:18 -05:00
Daniel Micay
ba60227968 use octal for socket mode 2025-12-20 12:53:50 -05:00
Daniel Micay
6f21111cbd postgres: raise max connections to 200 2025-12-20 12:11:23 -05:00
Daniel Micay
eb220b1ccb drop group read/write from replication sockets 
The synapse group is used to give nginx access to the public sockets and
which isn't needed for the replication sockets.
 2025-12-19 21:50:49 -05:00
Daniel Micay
5f1b3fa91f add synapse client reader worker 2025-12-19 20:47:14 -05:00
Daniel Micay
c3c89d1c4e add synapse background worker 2025-12-19 20:34:56 -05:00
Daniel Micay
8e944998c2 add synapse media repository worker 2025-12-19 20:34:56 -05:00
Daniel Micay
0088f109d1 add synapse federation reader worker 2025-12-19 20:34:51 -05:00
Daniel Micay
56587cba8c nginx: drop unused /_synapse/client 2025-12-19 16:49:11 -05:00
Daniel Micay
b004696e74 switch to 421 error code for invalid authority 2025-12-19 14:33:16 -05:00
Daniel Micay
98694937ea add 4x synapse federation sender workers 2025-12-19 14:33:14 -05:00
Daniel Micay
8e68084708 fix synapse systemd configuration for workers 
The upstream synapse hardened service configuration is broken with
workers due to clearing the runtime directory when either the main
synapse instance or a worker are restarted or stopped.

We also need to set the same RuntimeDirectoryMode for the workers to
avoid overwriting it.
 2025-12-17 05:00:49 -05:00
Daniel Micay
7395594e1b rename main synapse log in preparation for workers 2025-12-17 04:39:47 -05:00
Daniel Micay
bfae926366 update gixy-ng to 0.2.22 2025-12-16 01:48:07 -05:00
dependabot[bot]
de6cdf4acf Bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 01:46:30 -05:00
Daniel Micay
e0346d8c91 increase keepalive_requests to 10000 2025-12-15 15:45:25 -05:00
Daniel Micay
a773821fc7 add valkey for future use with synapse workers 2025-12-09 18:44:49 -05:00
Daniel Micay
01517bf136 update allowed IPs for mjolnir 2025-12-08 20:00:30 -05:00
Daniel Micay
8043af859f automatically add necessary group memberships 2025-12-08 17:12:53 -05:00
Daniel Micay
5157eeaa7b postgres: adjust settings for server upgrade 2025-12-08 06:54:19 -05:00
Daniel Micay
5372218e49 synapse: add synapse_antispam module to PYTHONPATH 2025-12-08 03:27:45 -05:00
Daniel Micay
cad9f5a0bb synapse: disable internal python allocator 2025-12-08 03:27:07 -05:00
Daniel Micay
b9f121e216 allow mjolnir to use AF_INET 2025-12-08 01:43:51 -05:00
Daniel Micay
a99d913044 use new path for TLS session ticket keys 2025-11-30 22:08:30 -05:00
Daniel Micay
afbca6363e nginx: switch to timestamps generated by syslog-ng 
Since nginx only uses 1 second precision for the error logs and syslog
timestamps, we can use receive time on the syslog-ng side. We can switch
to source time once nginx adds RFC 5424 support which is currently in an
open pull request but will likely require changes to add a configuration
option for it. Our approach to working around this within nginx didn't
work perfectly since $msec obtains the time on-demand separately from
$time_iso8601.
 2025-11-15 15:12:40 -05:00
Daniel Micay
fed08a52ef synapse: use dedicated syslog-ng setup 2025-11-15 15:12:34 -05:00
Daniel Micay
bf9bad0505 nginx: use dedicated syslog-ng setup for error logs too 
The error log is fairly quiet during regular use but can end up logging
one or more lines per request during DDoS attacks. For example, errors
are logged for worker_connections depletion and limit_conn rejections.
There's also currently an nginx bug with modern TLS and OpenSSL causing
some client side TLS errors to be logged as crit instead of info.
 2025-11-03 12:43:23 -05:00
Daniel Micay
13a6071fc3 postgres: use syslog and drop redundant log prefix 2025-11-03 10:07:03 -05:00