Previously require_at_registration=true caused Cinny to silently complete
the m.login.terms UIA step during registration (~34ms), meaning users were
auto-consented without ever seeing the ToS page.
Setting require_at_registration=false removes the UIA step from registration.
New users start with NULL consent and are blocked by block_events_error on
first message send. Synapse sends a Server Notice DM with the /_matrix/consent
URL, which they must explicitly visit and submit before messaging is unblocked.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- tcp_retries2 reduced from 8 to 5 (~15-30s timeout vs ~90s)
- Unreachable routes added for asymmetric-connectivity servers (bark.lgbt ×2,
parodia.dev, chat.ohaa.xyz, matrix.k8ekat.dev) so outbound attempts fail in
0ms instead of hanging; routes persist via /etc/network/interfaces post-up
- Stuck device_lists_remote_resync entries cleared for dead-server users
- Grafana alert threshold raised 120s→300s, for duration 5m→15m to avoid
false positives from normal 10-min federation backoff cycling
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Presence was incorrectly disabled as a workaround. Root cause of lag spikes was
Linux's default tcp_retries2=15 (~15 min retransmit window) causing hung outbound
TCP connections to slow remote servers (e.g. exp.farm) to block the federation
sender queue for minutes at a time.
Fix applied to /etc/sysctl.d/99-matrix-tuning.conf on LXC 151:
- net.ipv4.tcp_retries2 = 8 (~90s before giving up on stalled connection)
- net.ipv4.tcp_syn_retries = 4 (~45s for initial SYN)
- net.ipv4.tcp_keepalive_probes = 3 (dead conn detected ~6.5 min)
Presence re-enabled in homeserver.yaml (presence: enabled: true).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- draupnir/production.yaml: Add health.healthz (port 8081) and web.abuseReporting
(port 8080) config — healthz was live on LXC but missing from repo; web server
enables Matrix client Report button forwarding to management room (Synapse module
install on LXC 151 still needed to complete the integration)
- README: Add Draupnir port map, abuse reporting setup docs, updated monitoring
section (3 new Prometheus scrape jobs, Draupnir Down alert, Grafana panel count),
add presence-disabled federation lag fix to performance checklist, document
Draupnir healthz/audit DB paths
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Improvement Audit section tracking all identified gaps and their status
- All critical/high/medium items applied: coturn cert auto-renewal (sync cron
on compute-storage-01), Synapse metrics port locked to 127.0.0.1+10.10.10.29,
well-known matrix endpoints live on lotusguild.org, suppress_key_server_warning,
fail2ban on login endpoint, PostgreSQL autovacuum per-table tuning, LiveKit
VP9/AV1 codecs
- Bot E2EE reset: full store+credentials wipe, stale devices removed, fresh
device BBRZSEUECZ registered
- Checklist updated: LiveKit port range, autovacuum, hardening items, Grafana IP
- Hookshot: Owncast renamed to Livestream in display name (same UUID)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove all Huntarr references (webhook removed for security reasons)
- Rewrite transformation functions for all 11 active webhooks via Matrix
state event API — all now handle the full event payload:
- Sonarr/Radarr/Readarr/Lidarr: all event types (Grab, Download, Rename,
Add, Delete, HealthIssue, HealthRestored, ApplicationUpdate) with release
group, download client, upgrade indicator
- Grafana: multi-alert support with per-alert severity/instance/summary,
generator URLs, truncation notice for >5 alerts
- Proxmox: VM/CT name+ID, task type/status, property bag fields
- Uptime Kuma: ping time on UP, downtime duration on DOWN, URL linkified
- Seerr: all notification types, 4K flag, issue type, comment field
- Owncast: all event types (STREAM_STARTED/STOPPED, USER_JOINED, CHAT)
- Bazarr: multi-line message support from Apprise JSON payload
- Tinker-Tickets: preserved as-is (already comprehensive)
- Huntarr state event cleared in room, UUID removed from account_data map
- Owncast and Uptime Kuma functions restored (had lost their functions)
- Hookshot restarted to pick up all changes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both services now send notifications to the hookshot webhook endpoint:
- Bazarr: switched from broken Apprise Matrix URL to JSON notifier
with jsons://matrix.lotusguild.org/webhook/<uuid>
- Huntarr: fixed apprise_url from raw https:// to jsons:// scheme
Both hookshot transforms updated to parse Apprise JSON payload:
{version, title, message, type, attachments}
Huntarr avatar set from selfhst icons CDN.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jared