diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index ddd23bbb..ce993670 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -19,7 +19,7 @@ jobs: run: yarn playwright install --with-deps - name: Run backend components run: | - docker compose -f dev-backend-docker-compose.yml up -d + docker compose -f playwright-backend-docker-compose.yml up -d docker ps - name: Copy config file run: cp config/config.devenv.json public/config.json diff --git a/backend/dev_homeserver.yaml b/backend/dev_homeserver.yaml index d4d0a041..5697c32e 100644 --- a/backend/dev_homeserver.yaml +++ b/backend/dev_homeserver.yaml @@ -41,23 +41,10 @@ max_event_delay_duration: 24h # - burst_count: number of requests a client can send before being throttled. rc_message: - per_second: 10000 - burst_count: 10000 - -rc_login: - address: - per_second: 10000 - burst_count: 10000 - account: - per_second: 10000 - burst_count: 10000 - failed_attempts: - per_second: 10000 - burst_count: 10000 - -rc_registration: - per_second: 10000 - burst_count: 10000 + # This needs to match at least the heart-beat frequency plus a bit of headroom + # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s + per_second: 0.5 + burst_count: 30 # Required for Element Call in Single Page Mode due to on-the-fly user registration enable_registration: true diff --git a/backend/playwright_homeserver.yaml b/backend/playwright_homeserver.yaml new file mode 100644 index 00000000..d4d0a041 --- /dev/null +++ b/backend/playwright_homeserver.yaml @@ -0,0 +1,67 @@ +server_name: "synapse.localhost" +public_baseurl: http://synapse.localhost:8008/ + +pid_file: /data/homeserver.pid + +listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + resources: + - names: [client, federation, openid] + compress: false + +database: + name: sqlite3 + args: + database: /data/homeserver.db + +media_store_path: /data/media_store +signing_key_path: "/data/SERVERNAME.signing.key" +trusted_key_servers: + - server_name: "matrix.org" + +experimental_features: + # MSC3266: Room summary API. Used for knocking over federation + msc3266_enabled: true + # MSC4222 needed for syncv2 state_after. This allow clients to + # correctly track the state of the room. + msc4222_enabled: true + +# The maximum allowed duration by which sent events can be delayed, as +# per MSC4140. Must be a positive value if set. Defaults to no +# duration (null), which disallows sending delayed events. +max_event_delay_duration: 24h + +# Ratelimiting settings for client actions (registration, login, messaging). +# +# Each ratelimiting configuration is made of two parameters: +# - per_second: number of requests a client can send per second. +# - burst_count: number of requests a client can send before being throttled. + +rc_message: + per_second: 10000 + burst_count: 10000 + +rc_login: + address: + per_second: 10000 + burst_count: 10000 + account: + per_second: 10000 + burst_count: 10000 + failed_attempts: + per_second: 10000 + burst_count: 10000 + +rc_registration: + per_second: 10000 + burst_count: 10000 + +# Required for Element Call in Single Page Mode due to on-the-fly user registration +enable_registration: true +enable_registration_without_verification: true + +report_stats: false +serve_server_wellknown: true diff --git a/playwright-backend-docker-compose.yml b/playwright-backend-docker-compose.yml new file mode 100644 index 00000000..fed10fe8 --- /dev/null +++ b/playwright-backend-docker-compose.yml @@ -0,0 +1,86 @@ +networks: + ecbackend: + +services: + auth-service: + image: ghcr.io/element-hq/lk-jwt-service:latest-ci + hostname: auth-server + environment: + - LK_JWT_PORT=8080 + - LIVEKIT_URL=ws://localhost:7880 + - LIVEKIT_KEY=devkey + - LIVEKIT_SECRET=secret + # If the configured homeserver runs on localhost, it'll probably be using + # a self-signed certificate + - LIVEKIT_INSECURE_SKIP_VERIFY_TLS=YES_I_KNOW_WHAT_I_AM_DOING + deploy: + restart_policy: + condition: on-failure + ports: + # HOST_PORT:CONTAINER_PORT + - 8009:8080 + networks: + - ecbackend + + livekit: + image: livekit/livekit-server:latest + command: --dev --config /etc/livekit.yaml + restart: unless-stopped + # The SFU seems to work far more reliably when we let it share the host + # network rather than opening specific ports (but why?? we're not missing + # any…) + ports: + # HOST_PORT:CONTAINER_PORT + - 7880:7880/tcp + - 7881:7881/tcp + - 7882:7882/tcp + - 50100-50200:50100-50200/udp + volumes: + - ./backend/dev_livekit.yaml:/etc/livekit.yaml:Z + networks: + - ecbackend + + redis: + image: redis:6-alpine + command: redis-server /etc/redis.conf + ports: + # HOST_PORT:CONTAINER_PORT + - 6379:6379 + volumes: + - ./backend/redis.conf:/etc/redis.conf:Z + networks: + - ecbackend + + synapse: + hostname: homeserver + image: docker.io/matrixdotorg/synapse:latest + environment: + - SYNAPSE_CONFIG_PATH=/data/cfg/homeserver.yaml + # Needed for rootless podman-compose such that the uid/gid mapping does + # fit local user uid. If the container runs as root (uid 0) it is fine as + # it actually maps to your non-root user on the host (e.g. 1000). + # Otherwise uid mapping will not match your non-root user. + - UID=0 + - GID=0 + volumes: + - ./backend/synapse_tmp:/data:Z + - ./backend/playwright_homeserver.yaml:/data/cfg/homeserver.yaml:Z + networks: + - ecbackend + + nginx: + # openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout tls_localhost_key.pem -out tls_localhost_cert.pem -subj "/C=GB/ST=London/L=London/O=Alros/OU=IT Department/CN=localhost" + hostname: synapse.localhost + image: nginx:latest + volumes: + - ./backend/tls_localhost_nginx.conf:/etc/nginx/conf.d/default.conf:Z + - ./backend/tls_localhost_key.pem:/root/ssl/key.pem:Z + - ./backend/tls_localhost_cert.pem:/root/ssl/cert.pem:Z + ports: + # HOST_PORT:CONTAINER_PORT + - "8008:80" + - "4443:443" + depends_on: + - synapse + networks: + - ecbackend