3
0
Fork 0
forked from mirrors/nixpkgs

matrix-synapse service: Make url_preview_enabled optional (#20609)

This commit is contained in:
Ruben Maher 2016-11-28 13:03:48 +10:30 committed by Franz Pletz
parent 9538176042
commit 9c9a21d525
2 changed files with 48 additions and 2 deletions

View file

@ -59,7 +59,12 @@ uploads_path: "/var/lib/matrix-synapse/uploads"
max_upload_size: "${cfg.max_upload_size}"
max_image_pixels: "${cfg.max_image_pixels}"
dynamic_thumbnails: ${fromBool cfg.dynamic_thumbnails}
url_preview_enabled: False
url_preview_enabled: ${fromBool cfg.url_preview_enabled}
${optionalString (cfg.url_preview_enabled == true) ''
url_preview_ip_range_blacklist: ${builtins.toJSON cfg.url_preview_ip_range_blacklist}
url_preview_ip_range_whitelist: ${builtins.toJSON cfg.url_preview_ip_range_whitelist}
url_preview_url_blacklist: ${builtins.toJSON cfg.url_preview_url_blacklist}
''}
recaptcha_private_key: "${cfg.recaptcha_private_key}"
recaptcha_public_key: "${cfg.recaptcha_public_key}"
enable_registration_captcha: ${fromBool cfg.enable_registration_captcha}
@ -355,6 +360,47 @@ in {
default = "10K";
description = "Number of events to cache in memory.";
};
url_preview_enabled = mkOption {
type = types.bool;
default = false;
description = ''
Is the preview URL API enabled? If enabled, you *must* specify an
explicit url_preview_ip_range_blacklist of IPs that the spider is
denied from accessing.
'';
};
url_preview_ip_range_blacklist = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
'';
};
url_preview_ip_range_whitelist = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of IP address CIDR ranges that the URL preview spider is allowed
to access even if they are specified in
url_preview_ip_range_blacklist.
'';
};
url_preview_url_blacklist = mkOption {
type = types.listOf types.str;
default = [
"127.0.0.0/8"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
"100.64.0.0/10"
"169.254.0.0/16"
];
description = ''
Optional list of URL matches that the URL preview spider is
denied from accessing.
'';
};
recaptcha_private_key = mkOption {
type = types.str;
default = "";

View file

@ -27,7 +27,7 @@ in pythonPackages.buildPythonApplication rec {
pydenticon pymacaroons-pynacl pynacl pyopenssl pysaml2 pytz requests2
service-identity signedjson systemd twisted ujson unpaddedbase64 pyyaml
matrix-angular-sdk bleach netaddr jinja2 psycopg2
ldap3 psutil msgpack
ldap3 psutil msgpack lxml
];
# Checks fail because of Tox.