セルフホストで Slack 的なものがほしくなったらどういう選択肢があるのか調べていた。なにやらよくわからないが Matrix (protocol) + Element (client) という選択肢をためした
サーバサイドは Dendrite https://github.com/matrix-org/dendrite という golang 実装をつかってみた。適当に起動して_matrix/ をリバースプロキシすれば使えた。
Dendrite/SQLite
ただ適当に Dendrite を起動するのが割とだるい。postgresql を強く推してくるので、SQLite で起動させようとすると結構大変。すごく細かくコンポーネントが分かれているけど、これらすべて同一DBファイルにできないらしいので個別に設定する必要がある。
@@ -10,12 +10,12 @@
# Global Matrix configuration. This configuration applies to all components.
global:
# The domain name of this homeserver.
- server_name: localhost
+ server_name: _.lowreal.net
# The path to the signing private key file, used to sign requests and events.
# Note that this is NOT the same private key as used for TLS! To generate a
# signing key, use "./bin/generate-keys --private-key matrix_key.pem".
- private_key: matrix_key.pem
+ private_key: /data/matrix/dendrite/matrix_key.pem
# The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
# to old signing keys that were formerly in use on this domain name. These
@@ -40,11 +40,11 @@
# this section is populated then you can omit the "database" blocks in all other
# sections. For monolith deployments using SQLite databases,
# you must configure the "database" block for each component instead.
- database:
- connection_string: postgresql://username:password@hostname/dendrite?sslmode=disable
- max_open_conns: 90
- max_idle_conns: 5
- conn_max_lifetime: -1
+# database:
+# connection_string: postgresql://username:password@hostname/dendrite?sslmode=disable
+# max_open_conns: 90
+# max_idle_conns: 5
+# conn_max_lifetime: -1
# Configuration for in-memory caches. Caches can often improve performance by
# keeping frequently accessed items (like events, identifiers etc.) in memory
@@ -84,7 +84,7 @@
# Disables federation. Dendrite will not be able to communicate with other servers
# in the Matrix federation and the federation API will not be exposed.
- disable_federation: false
+ disable_federation: true
# Configures the handling of presence events. Inbound controls whether we receive
# presence events from other servers, outbound controls whether we send presence
@@ -127,7 +127,7 @@
# Persistent directory to store JetStream streams in. This directory should be
# preserved across Dendrite restarts.
- storage_path: ./
+ storage_path: /data/matrix/dendrite
# The prefix to use for stream names for this homeserver - really only useful
# if you are running more than one Dendrite server on the same NATS deployment.
@@ -149,6 +149,9 @@
# Configuration for the Appservice API.
app_service_api:
+ database:
+ connection_string: "file:/data/matrix/dendrite/app_service_api.db?_cache=shared&_journal_mode=WAL"
+
# Disable the validation of TLS certificates of appservices. This is
# not recommended in production since it may allow appservice traffic
# to be sent to an insecure endpoint.
@@ -167,9 +170,12 @@
# Configuration for the Client API.
client_api:
+ database:
+ connection_string: "file:/data/matrix/dendrite/client_api.db?_cache=shared&_journal_mode=WAL"
+
# Prevents new users from being able to register on this homeserver, except when
# using the registration shared secret below.
- registration_disabled: true
+ registration_disabled: false
# Prevents new guest accounts from being created. Guest registration is also
# disabled implicitly by setting 'registration_disabled' above.
@@ -177,16 +183,16 @@
# If set, allows registration by anyone who knows the shared secret, regardless
# of whether registration is otherwise disabled.
- registration_shared_secret: ""
+ registration_shared_secret: "foobar"
# Whether to require reCAPTCHA for registration. If you have enabled registration
# then this is HIGHLY RECOMMENDED to reduce the risk of your homeserver being used
# for coordinated spam attacks.
- enable_registration_captcha: false
+ enable_registration_captcha: true
# To use hcaptcha.com instead of ReCAPTCHA, set the following parameters, otherwise just keep them empty.
@@ -221,6 +227,9 @@
# Configuration for the Federation API.
federation_api:
+ database:
+ connection_string: "file:/data/matrix/dendrite/federation_api.db?_cache=shared&_journal_mode=WAL"
+
# How many times we will try to resend a failed transaction to a specific server. The
# backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc. Once
# the max retries are exceeded, Dendrite will no longer try to send transactions to
@@ -274,8 +283,11 @@
# Configuration for the Media API.
media_api:
+ database:
+ connection_string: "file:/data/matrix/dendrite/media_api.db?_cache=shared&_journal_mode=WAL"
+
# Storage path for uploaded media. May be relative or absolute.
- base_path: ./media_store
+ base_path: /data/matrix/dendrite/media
# The maximum allowed file size (in bytes) for media uploads to this homeserver
# (0 = unlimited). If using a reverse proxy, ensure it allows requests at least
@@ -302,11 +314,17 @@
# Configuration for enabling experimental MSCs on this homeserver.
mscs:
+ database:
+ connection_string: "file:/data/matrix/dendrite/mscs.db?_cache=shared&_journal_mode=WAL"
+
mscs:
# - msc2836 # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
# Configuration for the Sync API.
sync_api:
+ database:
+ connection_string: "file:/data/matrix/dendrite/sync_api.db?_cache=shared&_journal_mode=WAL"
+
# This option controls which HTTP header to inspect to find the real remote IP
# address of the client. This is likely required if Dendrite is running behind
# a reverse proxy server.
@@ -318,7 +336,7 @@
enabled: false
# The path where the search index will be created in.
- index_path: "./searchindex"
+ index_path: /data/matrix/dendrite/searchindex
# The language most likely to be used on the server - used when indexing, to
# ensure the returned results match expectations. A full list of possible languages
@@ -327,6 +345,9 @@
# Configuration for the User API.
user_api:
+ account_database:
+ connection_string: "file:/data/matrix/dendrite/user_api.db?_cache=shared&_journal_mode=WAL"
+
# The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
# See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information.
# Setting this lower makes registration/login consume less CPU resources at the cost
@@ -378,4 +399,16 @@
- type: file
level: info
params:
- path: ./logs
+ path: /data/matrix/dendrite/logs
+
+room_server:
+ database:
+ connection_string: "file:/data/matrix/dendrite/room_server.db?_cache=shared&_journal_mode=WAL"
+
+key_server:
+ database:
+ connection_string: "file:/data/matrix/dendrite/key_server.db?_cache=shared&_journal_mode=WAL"
+
+relay_api:
+ database:
+ connection_string: "file:/data/matrix/dendrite/relay_api.db?_cache=shared&_journal_mode=WAL"