matrix: add initial conduit-only config

2024-01-25 15:19:55 +01:00 · 2024-01-25 15:19:55 +01:00 · ef8f5da37d
commit ef8f5da37d
parent b5e9afe5a4
11 changed files with 182 additions and 0 deletions
--- a/roles/matrix/files/compose.yml
+++ b/roles/matrix/files/compose.yml
@ -0,0 +1,12 @@
+services:
+  conduit:
+    image: 'matrixconduit/matrix-conduit:next'
+    restart: 'always'
+
+    environment:
+      CONDUIT_CONFIG: '/etc/matrix-conduit/conduit.toml'
+    ports:
+      - '8004:6167'
+    volumes:
+      - '/mnt/data1/matrix/conduit:/var/lib/matrix-conduit'
+      - '/etc/matrix/conduit.toml:/etc/matrix-conduit/conduit.toml'
--- a/roles/matrix/files/conduit.toml
+++ b/roles/matrix/files/conduit.toml
@ -0,0 +1,57 @@
+# =============================================================================
+#  This is the official example config for Conduit.
+#  If you use it for your server, you will need to adjust it to your own needs.
+#  At the very least, change the server_name field!
+# =============================================================================
+
+
+[global]
+# The server_name is the pretty name of this server. It is used as a suffix for user
+# and room ids. Examples: matrix.org, conduit.rs
+
+# The Conduit server needs all /_matrix/ requests to be reachable at
+# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
+
+# If that's not possible for you, you can create /.well-known files to redirect
+# requests. See
+# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
+# and
+# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server
+# for more information
+
+# YOU NEED TO EDIT THIS
+server_name = "rustybever.be"
+
+# This is the only directory where Conduit will save its data
+database_path = "/var/lib/matrix-conduit/"
+database_backend = "rocksdb"
+
+# The port Conduit will be running on. You need to set up a reverse proxy in
+# your web server (e.g. apache or nginx), so all requests to /_matrix on port
+# 443 and 8448 will be forwarded to the Conduit instance running on this port
+# Docker users: Don't change this, you'll need to map an external port to this.
+port = 6167
+
+# Max size for uploads
+max_request_size = 20_000_000 # in bytes
+
+# Enables registration. If set to false, no users can register on this server.
+allow_registration = false
+
+allow_federation = true
+allow_check_for_updates = false
+
+# Enable the display name lightning bolt on registration.
+enable_lightning_bolt = false
+
+# Servers listed here will be used to gather public keys of other servers.
+# Generally, copying this exactly should be enough. (Currently, Conduit doesn't
+# support batched key requests, so this list should only contain Synapse
+# servers.)
+trusted_servers = ["matrix.org"]
+
+#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
+#log = "warn,state_res=warn,rocket=off,_=off,sled=off"
+
+# address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy
+address = "0.0.0.0" # If Conduit is running in a container, make sure the reverse proxy (ie. Traefik) can reach it.
--- a/roles/matrix/files/matrix.backup.sh
+++ b/roles/matrix/files/matrix.backup.sh
@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+# Conduit
+
+data_dir='/mnt/data1/matrix/conduit'
+snapshot_dir="${data_dir}.snapshot"
+
+# Read-only snapshot for atomic backup
+btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
+
+/usr/local/bin/restic backup "$snapshot_dir"
+
+# Always remove snapshot subvolume, even if restic fails
+btrfs subvolume delete "$snapshot_dir"