matrix: screen registrations by redirecting the activation emails
This commit is contained in:
parent
a1bbd16b94
commit
0a63e53512
|
@ -29,8 +29,29 @@
|
|||
}
|
||||
];
|
||||
|
||||
# services.matrix-synapse.extraConfig = ''
|
||||
# registration_requires_token: true
|
||||
# admin_contact: "admin.matrix@uninsane.org"
|
||||
# '';
|
||||
|
||||
services.matrix-synapse.extraConfig = ''
|
||||
registration_requires_token: true
|
||||
admin_contact: "admin.matrix@uninsane.org"
|
||||
registrations_require_3pid:
|
||||
- email
|
||||
email:
|
||||
smtp_host: "mx.uninsane.org"
|
||||
smtp_port: 587
|
||||
smtp_user: "matrix-synapse"
|
||||
smtp_pass: "matrix-synapse-super-secret"
|
||||
require_transport_security: true
|
||||
enable_tls: true
|
||||
notif_from: "%(app)s <notify.matrix@uninsane.org>"
|
||||
app_name: "Uninsane Matrix"
|
||||
enable_notifs: true
|
||||
validation_token_lifetime: 96h
|
||||
invite_client_location: "https://web.matrix.uninsane.org"
|
||||
subjects:
|
||||
email_validation: "[%(server_name)s] Validate your email"
|
||||
'';
|
||||
services.matrix-synapse.app_service_config_files = [
|
||||
"/var/lib/matrix-appservice-irc/registration.yml" # auto-created by irc appservice
|
||||
|
|
|
@ -33,6 +33,15 @@
|
|||
return 200 '${builtins.toJSON client}';
|
||||
'';
|
||||
|
||||
# static URLs might not be aware of .well-known (e.g. registration confirmation URLs),
|
||||
# so hack around that.
|
||||
locations."/_matrix" = {
|
||||
proxyPass = "http://127.0.0.1:8008";
|
||||
};
|
||||
locations."/_synapse" = {
|
||||
proxyPass = "http://127.0.0.1:8008";
|
||||
};
|
||||
|
||||
# allow ActivityPub clients to discover how to reach @user@uninsane.org
|
||||
# TODO: waiting on https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3361/
|
||||
# locations."/.well-known/nodeinfo" = {
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
|
||||
let
|
||||
submissionOptions = {
|
||||
smtpd_tls_security_level = "encrypt";
|
||||
smtpd_sasl_auth_enable = "yes";
|
||||
smtpd_sasl_type = "dovecot";
|
||||
smtpd_sasl_path = "/run/dovecot2/auth";
|
||||
smtpd_sasl_security_options = "noanonymous";
|
||||
smtpd_sasl_local_domain = "uninsane.org";
|
||||
smtpd_client_restrictions = "permit_sasl_authenticated,reject";
|
||||
# reuse the virtual map so that sender mapping matches recipient mapping
|
||||
smtpd_sender_login_maps = "hash:/var/lib/postfix/conf/virtual";
|
||||
smtpd_sender_restrictions = "reject_sender_login_mismatch";
|
||||
smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
|
||||
smtpd_tls_security_level = "encrypt";
|
||||
smtpd_sasl_auth_enable = "yes";
|
||||
smtpd_sasl_type = "dovecot";
|
||||
smtpd_sasl_path = "/run/dovecot2/auth";
|
||||
smtpd_sasl_security_options = "noanonymous";
|
||||
smtpd_sasl_local_domain = "uninsane.org";
|
||||
smtpd_client_restrictions = "permit_sasl_authenticated,reject";
|
||||
# reuse the virtual map so that sender mapping matches recipient mapping
|
||||
smtpd_sender_login_maps = "hash:/var/lib/postfix/conf/virtual";
|
||||
smtpd_sender_restrictions = "reject_sender_login_mismatch";
|
||||
smtpd_recipient_restrictions = "reject_non_fqdn_recipient,permit_sasl_authenticated,reject";
|
||||
};
|
||||
in
|
||||
{
|
||||
|
@ -24,6 +24,7 @@ in
|
|||
services.postfix.sslKey = "/var/lib/acme/mx.uninsane.org/key.pem";
|
||||
|
||||
services.postfix.virtual = ''
|
||||
notify.matrix@uninsane.org matrix-synapse
|
||||
@uninsane.org colin
|
||||
'';
|
||||
|
||||
|
@ -116,6 +117,11 @@ in
|
|||
action = "REDIRECT colin@uninsane.org";
|
||||
pattern = "/^Subject: Please activate your account/";
|
||||
}
|
||||
# intercept Matrix registration confirmations
|
||||
{
|
||||
action = "REDIRECT colin@uninsane.org";
|
||||
pattern = "/^Subject:.*Validate your email/";
|
||||
}
|
||||
# XXX postfix only supports performing ONE action per header.
|
||||
# {
|
||||
# action = "REPLACE Subject: git application: Please activate your account";
|
||||
|
|
|
@ -12,4 +12,11 @@
|
|||
# LC_COLLATE = "C"
|
||||
# LC_CTYPE = "C";
|
||||
# '';
|
||||
|
||||
|
||||
# common admin operations:
|
||||
# sudo -u postgres psql
|
||||
# > \l # lists all databases
|
||||
# > \du # lists all roles
|
||||
# > \q # exits psql
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user