diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index de8584e1..0c719314 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -117,4 +117,17 @@ jobs: path: oci-image.tar.gz if-no-files-found: error # don't compress again - compression-level: 0 \ No newline at end of file + compression-level: 0 + + - name: Build deb-x86_64-unknown-linux-gnu + run: | + sudo apt-get update && sudo apt-get install -y --no-install-recommends libclang-dev + cargo install cargo-deb + cargo deb + + - name: Upload artifact deb-x86_64-unknown-linux-gnu + uses: actions/upload-artifact@v4 + with: + name: deb-x86_64-unknown-linux-gnu + path: target/debian/*.deb + if-no-files-found: error \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index 195eaed0..7c906b38 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -132,13 +132,12 @@ path = "src/lib.rs" [package.metadata.deb] name = "matrix-conduit" -maintainer = "Paul van Tilburg " -copyright = "2020, Timo Kösters " +maintainer = "strawberry " +copyright = "2024, Timo Kösters " license-file = ["LICENSE", "3"] depends = "$auto, ca-certificates" extended-description = """\ -A fast Matrix homeserver that is optimized for smaller, personal servers, \ -instead of a server that has high scalability.""" +a cool fork of Conduit, a Matrix homeserver written in Rust""" section = "net" priority = "optional" assets = [ diff --git a/debian/README.md b/debian/README.md index 443be76b..ff99dd93 100644 --- a/debian/README.md +++ b/debian/README.md @@ -1,4 +1,4 @@ -Conduit for Debian +conduwuit for Debian ================== Installation diff --git a/debian/postinst b/debian/postinst index 5bd39428..630e4432 100644 --- a/debian/postinst +++ b/debian/postinst @@ -35,50 +35,249 @@ case "$1" in CONDUIT_PORT="$RET" mkdir -p "$CONDUIT_CONFIG_PATH" cat > "$CONDUIT_CONFIG_FILE" << EOF +# ============================================================================= +# This is the official example config for conduwuit. +# If you use it for your server, you will need to adjust it to your own needs. +# At the very least, change the server_name field! +# ============================================================================= + [global] -# The server_name is the pretty name of this server. It is used as a suffix for -# user and room ids. Examples: matrix.org, conduit.rs + +# The server_name is the pretty name of this server. It is used as a suffix for user +# and room ids. Examples: matrix.org, conduit.rs # The Conduit server needs all /_matrix/ requests to be reachable at # https://your.server.name/ on port 443 (client-server) and 8448 (federation). # If that's not possible for you, you can create /.well-known files to redirect -# requests. See -# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client +# requests (delegation). See +# https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient # and -# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server +# https://spec.matrix.org/v1.9/server-server-api/#getwell-knownmatrixserver # for more information +# YOU NEED TO EDIT THIS server_name = "${CONDUIT_SERVER_NAME}" -# This is the only directory where Conduit will save its data. +# Servers listed here will be used to gather public keys of other servers. +# Generally, copying this exactly should be enough. (Currently, conduwuit doesn't +# support batched key requests, so this list should only contain Synapse +# servers.) Defaults to `matrix.org` +# trusted_servers = ["matrix.org"] + + + +### Database configuration + +# This is the only directory where conduwuit will save its data, including media database_path = "${CONDUIT_DATABASE_PATH}" + +# Database backend: Only rocksdb and sqlite are supported. Please note that sqlite +# will perform significantly worse than rocksdb as it is not intended to be used the +# way it is by conduwuit. sqlite only exists for historical reasons. database_backend = "rocksdb" -# The address Conduit will be listening on. -# By default the server listens on address 0.0.0.0. Change this to 127.0.0.1 to -# only listen on the localhost when using a reverse proxy. -address = "${CONDUIT_ADDRESS}" -# The port Conduit will be running on. You need to set up a reverse proxy in -# your web server (e.g. apache or nginx), so all requests to /_matrix on port -# 443 and 8448 will be forwarded to the Conduit instance running on this port + +### Network + +# The port conduwuit will be running on. You need to set up a reverse proxy such as +# Caddy or Nginx so all requests to /_matrix on port 443 and 8448 will be +# forwarded to the conduwuit instance running on this port # Docker users: Don't change this, you'll need to map an external port to this. port = ${CONDUIT_PORT} -# Max size for uploads +# default address (IPv4 or IPv6) conduwuit will listen on. Generally you want this to be +# localhost (127.0.0.1 / ::1). If you are using Docker or a container NAT networking setup, you +# likely need this to be 0.0.0.0. +address = "${CONDUIT_ADDRESS}" + +# How many requests conduwuit sends to other servers at the same time. Default is 100 +# Note that because conduwuit is very fast unlike other homeserver implementations, +# setting this too high could inadvertently result in ratelimits kicking in, or +# overloading lower-end homeservers out there. Recommended to leave this alone unless you +# have a valid reason to. No this will not speed up room joins. +#max_concurrent_requests = 100 + +# Max request size for file uploads max_request_size = 20_000_000 # in bytes -# Enables registration. If set to false, no users can register on this server. -allow_registration = true +# Uncomment unix_socket_path to listen on a UNIX socket at the specified path. +# If listening on a UNIX socket, you must remove/comment the 'address' key if defined and add your +# reverse proxy to the 'conduwuit' group, unless world RW permissions are specified with unix_socket_perms (666 minimum). +#unix_socket_path = "/run/conduwuit/conduwuit.sock" +#unix_socket_perms = 660 -allow_federation = true +# Set this to true for conduwuit to compress HTTP response bodies using zstd. +# Please be aware that enabling HTTP compression may weaken or even defeat TLS. +# Most users should not need to enable this. +# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before deciding to enable this. +zstd_compression = false + +# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you do not want conduwuit to send outbound requests to. +# Defaults to RFC1918, unroutable, loopback, multicast, and testnet addresses for security. +# +# To disable, set this to be an empty vector (`[]`). +# +# Currently this does not account for proxies in use like Synapse does. +ip_range_denylist = [ + "127.0.0.0/8", + "10.0.0.0/8", + "172.16.0.0/12", + "192.168.0.0/16", + "100.64.0.0/10", + "192.0.0.0/24", + "169.254.0.0/16", + "192.88.99.0/24", + "198.18.0.0/15", + "192.0.2.0/24", + "198.51.100.0/24", + "203.0.113.0/24", + "224.0.0.0/4", + "::1/128", + "fe80::/10", + "fc00::/7", + "2001:db8::/32", + "ff00::/8", + "fec0::/10", +] + +### Moderation / Privacy / Security + +# Set to true to allow user type "guest" registrations. Element attempts to register guest users automatically. +# For private homeservers, this is best at false. +allow_guest_registration = false + +# Vector list of servers that conduwuit will refuse to download remote media from. +# No default. +# prevent_media_downloads_from = ["example.com", "example.local"] + +# Enables open registration. If set to false, no users can register on this +# server. +# If set to true without a token configured, users can register with no form of 2nd- +# step only if you set +# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` to +# true in your config. If you would like +# registration only via token reg, please configure the `registration_token` key. +allow_registration = false +# Please note that an open registration homeserver with no second-step verification +# is highly prone to abuse and potential defederation by homeservers, including +# matrix.org. + +# A static registration token that new users will have to provide when creating +# an account. If unset and `allow_registration` is true, registration is open +# without any condition. YOU NEED TO EDIT THIS. +registration_token = "change this token for something specific to your server" + +# controls whether federation is allowed or not +# defaults to true +# allow_federation = true + +# controls whether users are allowed to create rooms. +# appservices and admins are always allowed to create rooms +# defaults to true +# allow_room_creation = true + +# Set this to true to allow your server's public room directory to be federated. +# Set this to false to protect against /publicRooms spiders, but will forbid external users +# from viewing your server's public room directory. If federation is disabled entirely +# (`allow_federation`), this is inherently false. +allow_public_room_directory_over_federation = false + +# Set this to true to allow your server's public room directory to be queried without client +# authentication (access token) through the Client APIs. Set this to false to protect against /publicRooms spiders. +allow_public_room_directory_without_auth = false + +# Set this to true to allow federating device display names / allow external users to see your device display name. +# If federation is disabled entirely (`allow_federation`), this is inherently false. For privacy, this is best disabled. +allow_device_name_federation = false + + + +### Misc + +# max log level for conduwuit. allows debug, info, warn, or error +#log = "warn" + +# controls whether encrypted rooms and events are allowed (default true) +#allow_encryption = false + +# conduwuit will send a simple GET request periodically to `https://pupbrain.dev/check-for-updates/stable` +# for any new announcements made. Despite the name, this is not an update check +# endpoint, it is simply an announcement check endpoint. I don't plan on using +# this so feel free to disable it. allow_check_for_updates = true -trusted_servers = ["matrix.org"] +# Enables adding the lightning bolt emoji (⚡️) to all newly registered users' +# initial display names. +enable_lightning_bolt = false + +# If you are using delegation via well-known files and you cannot serve them from your reverse proxy, you can +# uncomment these to serve them directly from conduwuit. This requires proxying all requests to conduwuit, not just `/_matrix` to work. +#well_known_server = "matrix.example.com:443" +#well_known_client = "https://matrix.example.com" +# Note that whatever you put will show up in the well-known JSON values. + +# Set to false to disable users from joining or creating room versions that aren't 100% officially supported by conduwuit. +# conduwuit officially supports room versions 6 - 10. conduwuit has experimental/unstable support for 1 - 5, and 11. +# Defaults to true. +#allow_unstable_room_versions = true + +# Set this to any float value to multiply conduwuit's in-memory LRU caches with. +# May be useful if you have significant memory to spare to increase performance. +# Defaults to 1.0. +#conduit_cache_capacity_modifier = 1.0 + +# Set this to any float value in megabytes for conduwuit to tell the database engine that this much memory is available for database-related caches. +# May be useful if you have significant memory to spare to increase performance. +# Defaults to 900.0 +#db_cache_capacity_mb = 900.0 + + + +### RocksDB options + +# Set this to true to use RocksDB config options that are tailored to HDDs (slower device storage) +#rocksdb_optimize_for_spinning_disks = false + +# RocksDB log level. This is not the same as conduwuit's log level. This is the log level for RocksDB itself +# which show up in your database folder/path as `LOG` files. Defaults to warn. conduwuit will typically log RocksDB errors. +#rocksdb_log_level = "warn" + +# Max RocksDB `LOG` file size before rotating in bytes. Defaults to 4MB. +#rocksdb_max_log_file_size = 4194304 + +# Time in seconds before RocksDB will forcibly rotate logs. Defaults to 0. +#rocksdb_log_time_to_roll = 0 + + + +### Presence + +# Config option to control local (your server only) presence updates/requests. Defaults to false. +# Note that presence on conduwuit is very fast unlike Synapse's. +#allow_local_presence = false + +# Config option to control incoming federated presence updates/requests. Defaults to false. +# This option receives presence updates from other servers, but does not send any unless `allow_outgoing_presence` is true. +# Note that presence on conduwuit is very fast unlike Synapse's. +#allow_incoming_presence = false + +# Config option to control outgoing presence updates/requests. Defaults to false. +# This option sends presence updates to other servers, but does not receive any unless `allow_incoming_presence` is true. +# Note that presence on conduwuit is very fast unlike Synapse's. +# +# Warning: Outgoing federated presence is not spec compliant due to relying on PDUs and EDUs combined. +# Outgoing presence will not be very reliable due to this and any issues with federated outgoing presence are very likely attributed to this issue. +# Incoming presence and local presence are unaffected. +#allow_outgoing_presence = false + +# Config option to control how many seconds before presence updates that you are idle. Defaults to 5 minutes. +#presence_idle_timeout_s = 300 + +# Config option to control how many seconds before presence updates that you are offline. Defaults to 30 minutes. +#presence_offline_timeout_s = 1800 -#max_concurrent_requests = 400 # How many requests Conduit sends to other servers at the same time -#log = "warn,state_res=warn" EOF fi ;;