From 5b3d8b71e17e0bd3736ee5a57a66bca4455a0a8e Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Thu, 5 Sep 2024 10:40:09 -0600 Subject: [PATCH] matrix-synapse: enable authenticated media and black-hole old media requests Signed-off-by: Sumner Evans --- nixos/modules/services/matrix/synapse/default.nix | 5 ++++- nixos/modules/services/matrix/synapse/shared-config.nix | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/matrix/synapse/default.nix b/nixos/modules/services/matrix/synapse/default.nix index a05944b..1b4b758 100644 --- a/nixos/modules/services/matrix/synapse/default.nix +++ b/nixos/modules/services/matrix/synapse/default.nix @@ -379,13 +379,16 @@ in { access_log /var/log/nginx/matrix-synchotron.access.log; ''; }; - locations."~ ^/(_matrix/media|_matrix/client/v1/media|_synapse/admin/v1/(purge_media_cache|(room|user)/.*/media.*|media/.*|quarantine_media/.*|users/.*/media))" = + locations."~ ^/(_matrix/client/v1/media|_synapse/admin/v1/(purge_media_cache|(room|user)/.*/media.*|media/.*|quarantine_media/.*|users/.*/media))" = { proxyPass = "http://0.0.0.0:8011"; # without a trailing / extraConfig = '' access_log /var/log/nginx/matrix-media-repo.access.log; ''; }; + + # black-hole old media + locations."~ ^/_matrix/media" = { return = "404"; }; }; "syncv3.${config.networking.domain}" = { diff --git a/nixos/modules/services/matrix/synapse/shared-config.nix b/nixos/modules/services/matrix/synapse/shared-config.nix index 31c9694..6878b68 100644 --- a/nixos/modules/services/matrix/synapse/shared-config.nix +++ b/nixos/modules/services/matrix/synapse/shared-config.nix @@ -92,7 +92,8 @@ in { log_config = yamlFormat.generate "matrix-synapse-log-config.yaml" logConfig; # Media store - enable_media_repo = false; + enable_media_repo = false; # Disable media repo on the master worker + enable_authenticated_media = true; media_store_path = "${cfg.dataDir}/media"; max_upload_size = "250M"; url_preview_enabled = true;