diff options
| author | Ruben Maher <r@rkm.id.au> | 2016-11-28 13:03:48 +1030 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-11-28 03:33:48 +0100 |
| commit | 9c9a21d525926574ee6b3f24a549d943673cabd1 (patch) | |
| tree | 98dc06e92cb251321e3a7992c6b5e55a2eb124e6 /nixos | |
| parent | 9538176042c8f3cabdbb4aa5ffcc86b7dad3d425 (diff) | |
| download | nixlib-9c9a21d525926574ee6b3f24a549d943673cabd1.tar nixlib-9c9a21d525926574ee6b3f24a549d943673cabd1.tar.gz nixlib-9c9a21d525926574ee6b3f24a549d943673cabd1.tar.bz2 nixlib-9c9a21d525926574ee6b3f24a549d943673cabd1.tar.lz nixlib-9c9a21d525926574ee6b3f24a549d943673cabd1.tar.xz nixlib-9c9a21d525926574ee6b3f24a549d943673cabd1.tar.zst nixlib-9c9a21d525926574ee6b3f24a549d943673cabd1.zip | |
matrix-synapse service: Make url_preview_enabled optional (#20609)
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/misc/matrix-synapse.nix | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix index 277fc9a39022..4a1bea50c14e 100644 --- a/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixos/modules/services/misc/matrix-synapse.nix @@ -59,7 +59,12 @@ uploads_path: "/var/lib/matrix-synapse/uploads" max_upload_size: "${cfg.max_upload_size}" max_image_pixels: "${cfg.max_image_pixels}" dynamic_thumbnails: ${fromBool cfg.dynamic_thumbnails} -url_preview_enabled: False +url_preview_enabled: ${fromBool cfg.url_preview_enabled} +${optionalString (cfg.url_preview_enabled == true) '' +url_preview_ip_range_blacklist: ${builtins.toJSON cfg.url_preview_ip_range_blacklist} +url_preview_ip_range_whitelist: ${builtins.toJSON cfg.url_preview_ip_range_whitelist} +url_preview_url_blacklist: ${builtins.toJSON cfg.url_preview_url_blacklist} +''} recaptcha_private_key: "${cfg.recaptcha_private_key}" recaptcha_public_key: "${cfg.recaptcha_public_key}" enable_registration_captcha: ${fromBool cfg.enable_registration_captcha} @@ -355,6 +360,47 @@ in { default = "10K"; description = "Number of events to cache in memory."; }; + url_preview_enabled = mkOption { + type = types.bool; + default = false; + description = '' + Is the preview URL API enabled? If enabled, you *must* specify an + explicit url_preview_ip_range_blacklist of IPs that the spider is + denied from accessing. + ''; + }; + url_preview_ip_range_blacklist = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of IP address CIDR ranges that the URL preview spider is denied + from accessing. + ''; + }; + url_preview_ip_range_whitelist = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of IP address CIDR ranges that the URL preview spider is allowed + to access even if they are specified in + url_preview_ip_range_blacklist. + ''; + }; + url_preview_url_blacklist = mkOption { + type = types.listOf types.str; + default = [ + "127.0.0.0/8" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + "169.254.0.0/16" + ]; + description = '' + Optional list of URL matches that the URL preview spider is + denied from accessing. + ''; + }; recaptcha_private_key = mkOption { type = types.str; default = ""; |