Merge branch 'spantaleev:master' into default_room_version_9

roles/matrix-synapse/defaults/main.yml

@@ -1,3 +1,4 @@
+---
 # Synapse is a Matrix homeserver
 # See: https://github.com/matrix-org/synapse
 
@@ -8,16 +9,8 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-# The if statement below may look silly at times (leading to the same version being returned),
-# but ARM-compatible container images are only released 1-7 hours after a release,
-# so we may often be on different versions for different architectures when new Synapse releases come out.
-#
-# amd64 gets released first.
-# arm32 relies on self-building, so the same version can be built immediately.
-# arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.50.1
-matrix_synapse_version_arm64: v1.50.1
-matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
+matrix_synapse_version: v1.53.0
+matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@@ -471,7 +464,7 @@ matrix_synapse_database_database: "synapse"
 
 matrix_synapse_turn_uris: []
 matrix_synapse_turn_shared_secret: ""
-matrix_synapse_turn_allow_guests: False
+matrix_synapse_turn_allow_guests: false
 
 matrix_synapse_email_enabled: false
 matrix_synapse_email_smtp_host: ""
@@ -496,8 +489,16 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
 # Enable this to activate the Shared Secret Auth password provider module.
 # See: https://github.com/devture/matrix-synapse-shared-secret-auth
 matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
-matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
+matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py"
 matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
+matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true
+# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605
+matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false
+matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}"
+matrix_synapse_ext_password_provider_shared_secret_config_yaml: |
+  shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }}
+  m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|to_json }}
+  com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }}
 
 # Enable this to activate LDAP password provider
 matrix_synapse_ext_password_provider_ldap_enabled: false
@@ -517,7 +518,7 @@ matrix_synapse_ext_password_provider_ldap_default_domain: ""
 # See: https://github.com/t2bot/synapse-simple-antispam
 matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false
 matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam"
-matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "923ca5c85b08f157181721abbae50dd89c31e4b5"
+matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "5ab711971e3a4541a7a40310ff85e17f8262cc05"
 matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: []
 
 # Enable this to activate the Mjolnir Antispam spam-checker module.
@@ -541,6 +542,30 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false
 matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
 
 
+# Enable this to activate the E2EE disabling Synapse module.
+# See: https://github.com/digitalentity/matrix_encryption_disabler
+matrix_synapse_ext_encryption_disabler_enabled: false
+matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py"
+# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list.
+# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room.
+matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"]
+# A list of server domain names for which to deny encryption if the destination room id's domain matches the domain in the list.
+# By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver.
+# Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them.
+matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"]
+# Specifies whether the power levels event (setting) provided during room creation should be patched.
+# This makes it impossible for anybody (locally or over federation) from enabling room encryption
+# for the lifetime of rooms created while this setting is enabled (irreversible).
+# Enabling this may have incompatiblity consequences with servers / clients.
+# Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler
+matrix_synapse_ext_encryption_disabler_patch_power_levels: false
+matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}"
+matrix_synapse_ext_encryption_config_yaml: |
+  deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }}
+  deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }}
+  patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels|to_json }}
+
+
 matrix_s3_media_store_enabled: false
 matrix_s3_media_store_custom_endpoint_enabled: false
 matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
@@ -580,7 +605,12 @@ matrix_synapse_default_room_version: "9"
 # If not, you can also control its value manually.
 matrix_synapse_spam_checker: []
 
-matrix_synapse_encryption_enabled_by_default_for_room_type: off
+# Controls the Synapse `modules` list.
+# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2`
+# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime.
+matrix_synapse_modules: []
+
+matrix_synapse_encryption_enabled_by_default_for_room_type: "off"
 
 matrix_synapse_trusted_key_servers:
   - server_name: "matrix.org"