People posed me some questions about Matrix/Synapse off-forum. While trying to formulate answers the text grew a bit long. Now it is such an opus, that it is a waste to keep possible useful information in a closed conversation.
If you got improvements over my answers, speak up!
I have been using Matrix for a while now, and helped friends and family to install their own servers, but never saw reason to restrict the users.
As such, I don’t know the answer to most of these questions. I think many are not possible in the same way as with a centralized system. Keep in mind that it is a bit of speculation:
IP of homeservers’ registered users: ‘users’ use a client to connect. The IP of the client is knowable, but not the IP of the user. They could use Element or another client on their phone ( → dynamic IP), they could use a desktop client with their laptop ( → IP depending on usage location) or use any web client on any device ( → IP of the server that provides the web client).
IP-based banning: I think you could ban IP addresses/ranges in your firewall, but per 1) I think it does not achieve what you have in mind.
Block lounge creation: I’m not quite sure what you mean by lounge. Inside rooms there is a relatively fine grained (and modifiable) permissions system, but as far as I know anyone can create new chats as well as new rooms and spaces; if you were to block it on your homeserver, your users can create a room on any other server.
Delete room history: as long as only users on your homeserver have accessed the room: letting all users delete the room might give that option. In principle, anyone accessing the room will have a copy of that room (depending on room settings, including history). Once outside users access the room, that means ‘the genie is out of the bottle’: an (encrypted) copy of your room is out of your control.
Automatic history removal: Though I never heard of any functionality in that direction, larger installations might well have use for that. There is a table room_retention in Synapse, that mentions max_lifetime. The history will stay in the users’ copy anyway.
Delete users: I never tried deleting or disabling an account. Directly on the database would work, there might be management tools available (there is a table erased_users). It would not remove their messages from existing conversations in the copy of the users that participated in the chat.
Delete rooms: I have never tried to delete a room. I did leave private rooms; when the last person leaves a private room, there is no-one left to send an invite, and the room becomes inaccessible. I just tried with a room where I was the last occupant, by first adding a local address to the room (so that I would be able to find it back), and then leaving. Trying to rejoin the room displays the room as ‘found’, but unable to access. Deleting it from the database, again, should be possible, but only removes ‘your’ copy.
Disallow group chat: You can’t. Chats are managed by the client; users can use any client to connect to your homeserver, and invite anyone from any homeserver to join a chat.
List all users: you can (at least) query local users directly on the database. Remote users are not available.
List all rooms: I would try to query the database, but that is mostly because I’m more familiar with databases than with Matrix-management.
Prevent federation: preventing other servers from fetching public rooms on your server is done in the config, as described in this blog post. I can only find howto’s that help setting up federation, not disabling it.
Most important add-ons: For me, bridges are important and one of the pillars that make Matrix great. Having this question at the end of the list after the other questions, I get the feeling that it is the first thing that will be removed
Thank you for your answers, but I think we didn’t understand each other well, because it’s my fault, I should have clarified that question n°11 was integrated into all other issues. Because the objective of my maneuver is to first of all completely disconnect the homeserver from the federation to create a kind of isolated island, from this all users will be forced to register on my homeserver to access the rooms, all the data and all the rooms created will be only stored on my homeserver without any copy on another server.
In this way I will have full control over the server, but this is not obvious to have access to admin tools on a Matrix server in the same way as on a RocketChat or Matermost server, it is for this reason I ask all these questions.
– An IRC server makes it possible to know all the IP addresses of the users, that the latter use a Web client, Desktop, mobile … or others, their IP addresses will be stored and the administrator will be able to ban by IP, if necessary. All other servers work in this way (XMPP, RocketChat, Mattermost…), so how to do it on Matrix?
– If I proceed to the blocking the IP address of a user on the parfeu, he will be banned also from other services of the website, while want him to be banned only on the Matrix homeserver.
– I’m talking about the rooms. If I block the creation of rooms on my server, my users will not be able to create rooms on other servers, because the federation will be totally blocked, that is to say that all my users will have identifiers ending only in the domain name of my homeserver, that is to say @user:domain.tld all other users who have registered elsewhere will not be able to join the server, it will be a isolated. So I reiterate the question, how to block the creation of rooms for standard users on a homeserver?
– There will be no copy of the room because the data will be stored only on my homeserver and no outside user will come into the homeserver, which means that the genie will always be inside the box, and the only copy of data that will exist will be on my homeserver. So I would like to know how to delete all the history on a room of my homeserver.
– I will inquire about the table “max_lifetime” but I hope to find more accessible solutions. But again the history will be saved only on my homeserver.
– I just want to know how to completely ban a server user, so that he can no longer register with the same email address he used when he first logged in.
– One room that is totally empty becomes inaccessible certainly, but it also becomes impossible to create another room of the same name, because this one still remains as a ghost room on the homeserver. It is for this reason that I want to find a way to delete it completely, in order to create another one with the same name.
– Precisely, my users will not be able to invite a user from any server, because the federation will be blocked, all the data they will create on the server will be stored only on the server. So the question is how to limit the private conversations of standard users to a maximum of two people on a homeserver with the federation disabled?
– this is good because there will be no remote users but only local users, but I would like to when to know how to have the complete list of local users?
– It is for sure that on the databases we find what we wants, but I imagined more accessible solutions.
– If I asked the question, it’s because the only way I found to block the federation and the blocking of port 8448, but this is not a solution that I like, I prefer to block the federation from the configuration, but I have already tried the methods described in this blog but it doesn’t work.
– Thank you for your answer, I also use a Telegram and maubot bridge.
I hope this time I have been as clear as possible in my questions, I could deploy my Homeserver for welcome my community only if I find the answers to these 12 questions.