Skip to content

Commit

Permalink
matrix-synapse: enable authenticated media and black-hole old media r…
Browse files Browse the repository at this point in the history 
…equests

Signed-off-by: Sumner Evans <[email protected]>
  • Loading branch information
@sumnerevans
sumnerevans committed Sep 5, 2024
1 parent 736d262 commit 5b3d8b7
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
5 changes: 4 additions & 1 deletion nixos/modules/services/matrix/synapse/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,13 +379,16 @@ in {
access_log /var/log/nginx/matrix-synchotron.access.log;
'';
};
locations."~ ^/(_matrix/media|_matrix/client/v1/media|_synapse/admin/v1/(purge_media_cache|(room|user)/.*/media.*|media/.*|quarantine_media/.*|users/.*/media))" =
locations."~ ^/(_matrix/client/v1/media|_synapse/admin/v1/(purge_media_cache|(room|user)/.*/media.*|media/.*|quarantine_media/.*|users/.*/media))" =
{
proxyPass = "http://0.0.0.0:8011"; # without a trailing /
extraConfig = ''
access_log /var/log/nginx/matrix-media-repo.access.log;
'';
};

# black-hole old media
locations."~ ^/_matrix/media" = { return = "404"; };
};

"syncv3.${config.networking.domain}" = {
Expand Down
3 changes: 2 additions & 1 deletion nixos/modules/services/matrix/synapse/shared-config.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,8 @@ in {
log_config = yamlFormat.generate "matrix-synapse-log-config.yaml" logConfig;

# Media store
enable_media_repo = false;
enable_media_repo = false; # Disable media repo on the master worker
enable_authenticated_media = true;
media_store_path = "${cfg.dataDir}/media";
max_upload_size = "250M";
url_preview_enabled = true;
Expand Down

0 comments on commit 5b3d8b7

Please sign in to comment.