include: {% if salt['grains.get']('include_secrets', True) %} - secrets.role.matrix {% endif %} - role.common.nginx profile: matrix: database_host: 192.168.47.4 database_name: matrix database_user: matrix workers: generic_worker: - rest: - ^/_matrix/client/(v2_alpha|r0|v3)/sync$ - ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$ - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ workers: sync1: 8501 - rest: - ^/_matrix/federation/v1/event/ - ^/_matrix/federation/v1/state/ - ^/_matrix/federation/v1/state_ids/ - ^/_matrix/federation/v1/backfill/ - ^/_matrix/federation/v1/get_missing_events/ - ^/_matrix/federation/v1/publicRooms - ^/_matrix/federation/v1/query/ - ^/_matrix/federation/v1/make_join/ - ^/_matrix/federation/v1/make_leave/ - ^/_matrix/federation/v1/send_join/ - ^/_matrix/federation/v2/send_join/ - ^/_matrix/federation/v1/send_leave/ - ^/_matrix/federation/v2/send_leave/ - ^/_matrix/federation/v1/invite/ - ^/_matrix/federation/v2/invite/ - ^/_matrix/federation/v1/query_auth/ - ^/_matrix/federation/v1/event_auth/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/ - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ - ^/_matrix/federation/v1/send/ - ^/_matrix/federation/v1/groups/ workers: federation_requests1: 8511 federation_requests2: 8512 upstream_balancing: ip_hash; - rest: - ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ - ^/_matrix/client/versions$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ workers: client1: 8521 client2: 8522 - rest: - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - ^/_matrix/client/(r0|v3|unstable)/register$ - ^/_matrix/client/v1/register/m.login.registration_token/validity$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect - ^/_synapse/client/pick_idp$ - ^/_synapse/client/pick_username - ^/_synapse/client/new_user_consent$ - ^/_synapse/client/sso_register$ - ^/_synapse/client/oidc/callback$ - ^/_synapse/client/saml2/authn_response$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$ workers: login: 8531 # There can be only one login worker - rest: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ workers: event1: 8541 event2: 8542 pusher: - workers: pusher1: 8551 pusher2: 8552 federation_sender: - workers: federation_sender1: 8571 federation_sender2: 8572 media_repository: - rest: - ^/_matrix/media/ workers: media1: 8581 media2: 8582 resources: - media frontend_proxy: - rest: - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload workers: frontend_proxy: 8601 config: - worker_main_http_uri: http://127.0.0.1:8008 appservices: discord: repo: https://github.com/Half-Shot/matrix-appservice-discord.git branch: develop client_id: 672058964707377152 appservice_id: 330d1b6dcdf6a2217454f8227d2a960030d341a8baca5fa5c40f4081b6f40acd build: True script: /usr/bin/node build/src/discordas.js -c config.yaml -f discord-registration.yaml -p 9001 hookshot: repo: https://github.com/matrix-org/matrix-hookshot.git branch: main appservice_id: 752272fc2ad36c461fb148792d197040668adda278cc3e4a247eb977519f58e5 build: False # It uses yarn instead of npm script: /usr/bin/node lib/App/BridgeApp.js config.yaml hookshot-registration.yaml telegram: appservice_id: oepzkscngbyqvopzn773ns7whfxyfslgjhy7mumy7syurqp3f4kvb4sgufz9nfsw api_id: 1331253 nginx: ng: servers: managed: chat.opensuse.org.conf: config: - server: - server_name: chat.opensuse.org - listen: - 80 - default_server - root: /usr/share/webapps/element - gzip_vary: 'on' - gzip_min_length: 1000 - gzip_comp_level: 5 - gzip_types: - text/plain - text/xml - text/x-js - application/json - text/css - application/x-javascript - application/javascript - location /: - index: - index.html - index.htm - location /vector-icons/: - rewrite: ^(.*?)\..*?(\..*?)$ $1$2 last - proxy_set_header: Host static.opensuse.org - proxy_pass: https://static.opensuse.org/chat/favicons/ - location ~* \.(?:ttf|otf|eot|woff)$: - add_header: Access-Control-Allow-Origin "*" - access_log: /var/log/nginx/chat.access.log combined - error_log: /var/log/nginx/chat.error.log enabled: True dimension.opensuse.org.conf: config: - server: - server_name: dimension.opensuse.org - listen: - 80 - location /: - return: 301 https://chat.opensuse.org - location ~ "/..*": - proxy_set_header: X-Forwarded-For $remote_addr - proxy_pass: http://localhost:8184 - location /img/avatars/: - proxy_set_header: Host static.opensuse.org - proxy_pass: https://static.opensuse.org/chat/integrations/ enabled: True matrix.opensuse.org.conf: config: - include: /etc/matrix-synapse/workers/upstreams.conf - server: - server_name: matrix.opensuse.org - listen: - 80 - location /: - return: 301 https://chat.opensuse.org - location /_matrix: - proxy_set_header: X-Forwarded-For $remote_addr - proxy_pass: http://localhost:8008 - include: /etc/matrix-synapse/workers/nginx.conf enabled: True webhook.opensuse.org.conf: config: - server: - server_name: webhook.opensuse.org - listen: - 80 - location /: - return: 301 https://chat.opensuse.org - location ~ "/..*": - proxy_set_header: X-Forwarded-For $remote_addr - proxy_pass: http://localhost:9005 enabled: True sudoers: included_files: /etc/sudoers.d/group_matrix-admins: groups: matrix-admins: - 'ALL=(ALL) ALL' apparmor: profiles: matrix-synapse: source: salt://profile/matrix/files/matrix-synapse.apparmor zypper: repositories: openSUSE:infrastructure:matrix: baseurl: http://download.infra.opensuse.org/repositories/openSUSE:/infrastructure:/matrix/openSUSE_Tumbleweed/ priority: 100 refresh: True # devel:languages:python:backports: # baseurl: https://download.opensuse.org/repositories/devel:/languages:/python:/backports/openSUSE_Leap_$releasever/ # refresh: True