Option to automatically purge rooms with no local members

[bones-was-here]

Description:

Feature request: a setting to delete data for rooms the server no longer participates in (all local users have left and/or forgotten the room). Now that #2662 has merged it would be possible to duct tape this on with scripts and cron jobs, but since many admins will need this it would be best if it could be enabled in dendrite.yaml.

[S7evinK]

iirc, Synapse also just provides admin endpoints to query "empty" rooms (the server doesn't participate in anymore) and to manually purge them. From my perspective, it would be safer to do this manually rather than Dendrite doing it automatically. I don't want to be paged, because someone (presumably me) fat fingered a query and all rooms are gone by accident.

[spaetz]

Right, synapse is not very good at handling this (which is no reason to not make it better :-)). I understand you don't want to purge a room if the last local member leaves it (it could have been a mistake, a debugging attempt or whatever). Still, after a cool-off period of 2 days or so, it would absolutely sense to clean up rooms without any local members in them. They are likely going to be obsolete by them anyway, and if one rejoins the room, they need to get refetched from remote servers... One could think about making that cool-off/retention period configurable, or one could just do it after --- say -- 7 days. Consider this a pledge to make it happen :). Wasting Storage space is absolutely an issue...

[bones-was-here]

I'd suggest making it off by default and putting a stern warning in the default config and/or documentation pages. That said, I expect that for P2P (especially on a phone) this would need to be enabled by default.

[bones-was-here]

Relatedly, cleanup of old media is not really optional, it's necessary for matrix to be a viable competitor to proprietary chats. Not just because nobody has unlimited storage, but also because trolls exist. If someone creates a script that repeatedly posts 100MiB files into a public room that some homeserver participates in, they will break that homeserver's ability to receive media by consuming all possible space (unless a moderator catches them in time). If the database is on the same filesystem as the media storage (probably the most common configuration) this will break the homeserver and the admin will be unable to ban the offending user as there will be no bytes available to store the state event for the ban.