ansible-roles: matrix-synapse/templates/homeserver.yaml.j2@a8627367c7be (annotated)

36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1	# vim:ft=yaml
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	2	# PEM encoded X509 certificate for TLS.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	3	# You can replace the self-signed certificate that synapse
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	4	# autogenerates on launch with your own SSL certificate + key pair
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	5	# if you like. Any required intermediary certificates can be
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	6	# appended after the primary certificate in hierarchical order.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	7	tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	8
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	9	# PEM encoded private key for TLS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	10	tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	11
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	12	# PEM dh parameters for ephemeral keys
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	13	tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	14
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	15	# Don't bind to the https port
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	16	no_tls: True
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	17
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	18	# List of allowed TLS fingerprints for this server to publish along
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	19	# with the signing keys for this server. Other matrix servers that
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	20	# make HTTPS requests to this server will check that the TLS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	21	# certificates returned by this server match one of the fingerprints.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	22	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	23	# Synapse automatically adds the fingerprint of its own certificate
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	24	# to the list. So if federation traffic is handled directly by synapse
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	25	# then no modification to the list is required.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	26	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	27	# If synapse is run behind a load balancer that handles the TLS then it
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	28	# will be necessary to add the fingerprints of the certificates used by
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	29	# the loadbalancers to this list if they are different to the one
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	30	# synapse is using.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	31	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	32	# Homeservers are permitted to cache the list of TLS fingerprints
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	33	# returned in the key responses up to the "valid_until_ts" returned in
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	34	# key. It may be necessary to publish the fingerprints of a new
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	35	# certificate and wait until the "valid_until_ts" of the previous key
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	36	# responses have passed before deploying it.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	37	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	38	# You can calculate a fingerprint from a given TLS listener via:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	39	# openssl s_client -connect $host:$port < /dev/null 2> /dev/null \|
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	40	# openssl x509 -outform DER \| openssl sha256 -binary \| base64 \| tr -d '='
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	41	# or by checking matrix.org/federationtester/api/report?server_name=$host
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	42	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	43	tls_fingerprints: []
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	44	# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	45
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	46
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	47	## Server ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	48
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	49	# When running as a daemon, the file to store the pid in
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	50	pid_file: "/var/run/matrix-synapse.pid"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	51
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	52	# CPU affinity mask. Setting this restricts the CPUs on which the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	53	# process will be scheduled. It is represented as a bitmask, with the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	54	# lowest order bit corresponding to the first logical CPU and the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	55	# highest order bit corresponding to the last logical CPU. Not all CPUs
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	56	# may exist on a given system but a mask may specify more CPUs than are
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	57	# present.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	58	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	59	# For example:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	60	# 0x00000001 is processor #0,
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	61	# 0x00000003 is processors #0 and #1,
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	62	# 0xFFFFFFFF is all processors (#0 through #31).
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	63	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	64	# Pinning a Python process to a single CPU is desirable, because Python
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	65	# is inherently single-threaded due to the GIL, and can suffer a
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	66	# 30-40% slowdown due to cache blow-out and thread context switching
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	67	# if the scheduler happens to schedule the underlying threads across
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	68	# different cores. See
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	69	# https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	70	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	71	# cpu_affinity: 0xFFFFFFFF
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	72
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	73	# The path to the web client which will be served at /_matrix/client/
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	74	# if 'webclient' is configured under the 'listeners' configuration.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	75	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	76	# web_client_location: "/path/to/web/root"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	77
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	78	# The public-facing base URL for the client API (not including _matrix/...)
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	79	# public_baseurl: https://example.com:8448/
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	80
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	81	# Set the soft limit on the number of file descriptors synapse can use
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	82	# Zero is used to indicate synapse should set the soft limit to the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	83	# hard limit.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	84	soft_file_limit: 0
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	85
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	86	# The GC threshold parameters to pass to `gc.set_threshold`, if defined
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	87	# gc_thresholds: [700, 10, 10]
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	88
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	89	# Set the limit on the returned events in the timeline in the get
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	90	# and sync operations. The default value is -1, means no upper limit.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	91	# filter_timeline_limit: 5000
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	92
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	93	# Whether room invites to users on this server should be blocked
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	94	# (except those sent by local server admins). The default is False.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	95	# block_non_admin_invites: True
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	96
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	97	# Restrict federation to the following whitelist of domains.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	98	# N.B. we recommend also firewalling your federation listener to limit
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	99	# inbound federation traffic as early as possible, rather than relying
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	100	# purely on this application-layer restriction. If not specified, the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	101	# default is to whitelist everything.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	102	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	103	# federation_domain_whitelist:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	104	# - lon.example.com
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	105	# - nyc.example.com
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	106	# - syd.example.com
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	107
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	108	# List of ports that Synapse should listen on, their purpose and their
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	109	# configuration.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	110	listeners:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	111	# Main HTTPS listener
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	112	# For when matrix traffic is sent directly to synapse.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	113	# -
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	114	# # The port to listen for HTTPS requests on.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	115	# port: 8448
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	116
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	117	# # Local addresses to listen on.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	118	# # On Linux and Mac OS, `::` will listen on all IPv4 and IPv6
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	119	# # addresses by default. For most other OSes, this will only listen
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	120	# # on IPv6.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	121	# bind_addresses:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	122	# - '::1'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	123	# - '127.0.0.1'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	124	# # - '::'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	125	# # - '0.0.0.0'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	126
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	127	# # This is a 'http' listener, allows us to specify 'resources'.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	128	# type: http
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	129
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	130	# tls: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	131
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	132	# # Use the X-Forwarded-For (XFF) header as the client IP and not the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	133	# # actual client IP.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	134	# x_forwarded: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	135
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	136	# # List of HTTP resources to serve on this listener.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	137	# resources:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	138	# -
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	139	# # List of resources to host on this listener.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	140	# names:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	141	# - client # The client-server APIs, both v1 and v2
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	142
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	143	# # Should synapse compress HTTP responses to clients that support it?
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	144	# # This should be disabled if running synapse behind a load balancer
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	145	# # that can do automatic compression.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	146	# compress: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	147
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	148	# - names: [federation] # Federation APIs
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	149	# compress: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	150
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	151	# # optional list of additional endpoints which can be loaded via
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	152	# # dynamic modules
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	153	# # additional_resources:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	154	# # "/_matrix/my/custom/endpoint":
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	155	# # module: my_module.CustomRequestHandler
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	156	# # config: {}
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	157
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	158	# Unsecure HTTP listener,
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	159	# For when matrix traffic passes through loadbalancer that unwraps TLS.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	160	- port: 8008
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	161	tls: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	162	bind_addresses:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	163	- '::1'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	164	- '127.0.0.1'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	165	# - '::'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	166	# - '0.0.0.0'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	167	type: http
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	168
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	169	x_forwarded: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	170
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	171	resources:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	172	- names: [client]
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	173	compress: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	174	- names: [federation]
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	175	compress: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	176
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	177	# Turn on the twisted ssh manhole service on localhost on the given
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	178	# port.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	179	# - port: 9000
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	180	# bind_addresses:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	181	# - '::1'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	182	# - '127.0.0.1'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	183	# type: manhole
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	184
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	185
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	186	# Database configuration
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	187	database:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	188	# The database engine name
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	189	name: "sqlite3"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	190	# Arguments to pass to the engine
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	191	args:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	192	# Path to the database
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	193	database: "{{matrix_synapse_db}}"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	194
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	195	# Number of events to cache in memory.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	196	event_cache_size: "10K"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	197
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	198
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	199	# A yaml python logging config file
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	200	log_config: "/etc/matrix-synapse/log.yaml"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	201
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	202
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	203
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	204	## Ratelimiting ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	205
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	206	# Number of messages a client can send per second
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	207	rc_messages_per_second: 0.2
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	208
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	209	# Number of message a client can send before being throttled
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	210	rc_message_burst_count: 10.0
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	211
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	212	# The federation window size in milliseconds
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	213	federation_rc_window_size: 1000
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	214
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	215	# The number of federation requests from a single server in a window
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	216	# before the server will delay processing the request.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	217	federation_rc_sleep_limit: 10
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	218
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	219	# The duration in milliseconds to delay processing events from
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	220	# remote servers by if they go over the sleep limit.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	221	federation_rc_sleep_delay: 500
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	222
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	223	# The maximum number of concurrent federation requests allowed
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	224	# from a single server
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	225	federation_rc_reject_limit: 50
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	226
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	227	# The number of federation requests to concurrently process from a
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	228	# single server
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	229	federation_rc_concurrent: 3
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	230
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	231
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	232
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	233	# Directory where uploaded images and attachments are stored.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	234	media_store_path: "{{matrix_synapse_media_store}}"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	235
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	236	# Media storage providers allow media to be stored in different
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	237	# locations.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	238	# media_storage_providers:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	239	# - module: file_system
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	240	# # Whether to write new local files.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	241	# store_local: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	242	# # Whether to write new remote media
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	243	# store_remote: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	244	# # Whether to block upload requests waiting for write to this
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	245	# # provider to complete
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	246	# store_synchronous: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	247	# config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	248	# directory: /mnt/some/other/directory
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	249
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	250	# Directory where in-progress uploads are stored.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	251	uploads_path: "{{matrix_synapse_uploads}}"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	252
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	253	# The largest allowed upload size in bytes
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	254	max_upload_size: "10M"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	255
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	256	# Maximum number of pixels that will be thumbnailed
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	257	max_image_pixels: "32M"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	258
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	259	# Whether to generate new thumbnails on the fly to precisely match
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	260	# the resolution requested by the client. If true then whenever
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	261	# a new resolution is requested by the client the server will
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	262	# generate a new thumbnail. If false the server will pick a thumbnail
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	263	# from a precalculated list.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	264	dynamic_thumbnails: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	265
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	266	# List of thumbnail to precalculate when an image is uploaded.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	267	thumbnail_sizes:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	268	- width: 32
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	269	height: 32
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	270	method: crop
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	271	- width: 96
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	272	height: 96
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	273	method: crop
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	274	- width: 320
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	275	height: 240
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	276	method: scale
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	277	- width: 640
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	278	height: 480
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	279	method: scale
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	280	- width: 800
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	281	height: 600
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	282	method: scale
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	283
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	284	# Is the preview URL API enabled? If enabled, you must specify
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	285	# an explicit url_preview_ip_range_blacklist of IPs that the spider is
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	286	# denied from accessing.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	287	url_preview_enabled: False
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	288
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	289	# List of IP address CIDR ranges that the URL preview spider is denied
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	290	# from accessing. There are no defaults: you must explicitly
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	291	# specify a list for URL previewing to work. You should specify any
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	292	# internal services in your network that you do not want synapse to try
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	293	# to connect to, otherwise anyone in any Matrix room could cause your
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	294	# synapse to issue arbitrary GET requests to your internal services,
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	295	# causing serious security issues.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	296	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	297	# url_preview_ip_range_blacklist:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	298	# - '127.0.0.0/8'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	299	# - '10.0.0.0/8'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	300	# - '172.16.0.0/12'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	301	# - '192.168.0.0/16'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	302	# - '100.64.0.0/10'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	303	# - '169.254.0.0/16'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	304	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	305	# List of IP address CIDR ranges that the URL preview spider is allowed
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	306	# to access even if they are specified in url_preview_ip_range_blacklist.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	307	# This is useful for specifying exceptions to wide-ranging blacklisted
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	308	# target IP ranges - e.g. for enabling URL previews for a specific private
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	309	# website only visible in your network.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	310	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	311	# url_preview_ip_range_whitelist:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	312	# - '192.168.1.1'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	313
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	314	# Optional list of URL matches that the URL preview spider is
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	315	# denied from accessing. You should use url_preview_ip_range_blacklist
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	316	# in preference to this, otherwise someone could define a public DNS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	317	# entry that points to a private IP address and circumvent the blacklist.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	318	# This is more useful if you know there is an entire shape of URL that
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	319	# you know that will never want synapse to try to spider.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	320	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	321	# Each list entry is a dictionary of url component attributes as returned
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	322	# by urlparse.urlsplit as applied to the absolute form of the URL. See
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	323	# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	324	# The values of the dictionary are treated as an filename match pattern
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	325	# applied to that component of URLs, unless they start with a ^ in which
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	326	# case they are treated as a regular expression match. If all the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	327	# specified component matches for a given list item succeed, the URL is
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	328	# blacklisted.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	329	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	330	# url_preview_url_blacklist:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	331	# # blacklist any URL with a username in its URI
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	332	# - username: '*'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	333	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	334	# # blacklist all *.google.com URLs
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	335	# - netloc: 'google.com'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	336	# - netloc: '*.google.com'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	337	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	338	# # blacklist all plain HTTP URLs
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	339	# - scheme: 'http'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	340	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	341	# # blacklist http(s)://www.acme.com/foo
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	342	# - netloc: 'www.acme.com'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	343	# path: '/foo'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	344	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	345	# # blacklist any URL with a literal IPv4 address
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	346	# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	347
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	348	# The largest allowed URL preview spidering size in bytes
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	349	max_spider_size: "10M"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	350
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	351
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	352
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	353
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	354	## Captcha ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	355	# See docs/CAPTCHA_SETUP for full details of configuring this.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	356
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	357	# This Home Server's ReCAPTCHA public key.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	358	recaptcha_public_key: "YOUR_PUBLIC_KEY"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	359
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	360	# This Home Server's ReCAPTCHA private key.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	361	recaptcha_private_key: "YOUR_PRIVATE_KEY"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	362
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	363	# Enables ReCaptcha checks when registering, preventing signup
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	364	# unless a captcha is answered. Requires a valid ReCaptcha
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	365	# public/private key.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	366	enable_registration_captcha: False
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	367
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	368	# A secret key used to bypass the captcha test entirely.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	369	#captcha_bypass_secret: "YOUR_SECRET_HERE"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	370
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	371	# The API endpoint to use for verifying m.login.recaptcha responses.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	372	recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	373
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	374
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	375	## Turn ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	376
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	377	# The public URIs of the TURN server to give to clients
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	378	turn_uris: []
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	379
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	380	# The shared secret used to compute passwords for the TURN server
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	381	turn_shared_secret: "YOUR_SHARED_SECRET"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	382
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	383	# The Username and password if the TURN server needs them and
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	384	# does not use a token
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	385	#turn_username: "TURNSERVER_USERNAME"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	386	#turn_password: "TURNSERVER_PASSWORD"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	387
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	388	# How long generated TURN credentials last
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	389	turn_user_lifetime: "1h"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	390
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	391	# Whether guests should be allowed to use the TURN server.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	392	# This defaults to True, otherwise VoIP will be unreliable for guests.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	393	# However, it does introduce a slight security risk as it allows users to
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	394	# connect to arbitrary endpoints without having first signed up for a
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	395	# valid account (e.g. by passing a CAPTCHA).
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	396	turn_allow_guests: False
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	397
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	398
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	399	## Registration ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	400
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	401	# Enable registration for new users.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	402	enable_registration: {{matrix_synapse_enable_registrations}}
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	403
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	404	# The user must provide all of the below types of 3PID when registering.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	405	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	406	# registrations_require_3pid:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	407	# - email
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	408	# - msisdn
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	409
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	410	# Mandate that users are only allowed to associate certain formats of
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	411	# 3PIDs with accounts on this server.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	412	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	413	# allowed_local_3pids:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	414	# - medium: email
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	415	# pattern: ".*@matrix\.org"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	416	# - medium: email
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	417	# pattern: ".*@vector\.im"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	418	# - medium: msisdn
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	419	# pattern: "\+44"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	420
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	421	# If set, allows registration by anyone who also has the shared
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	422	# secret, even if registration is otherwise disabled.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	423	# registration_shared_secret: <PRIVATE STRING>
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	424
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	425	# Set the number of bcrypt rounds used to generate password hash.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	426	# Larger numbers increase the work factor needed to generate the hash.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	427	# The default number is 12 (which equates to 2^12 rounds).
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	428	# N.B. that increasing this will exponentially increase the time required
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	429	# to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	430	bcrypt_rounds: 12
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	431
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	432	# Allows users to register as guests without a password/email/etc, and
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	433	# participate in rooms hosted on this server which have been made
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	434	# accessible to anonymous users.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	435	allow_guest_access: False
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	436
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	437	# The list of identity servers trusted to verify third party
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	438	# identifiers by this server.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	439	trusted_third_party_id_servers:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	440	- matrix.org
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	441	- vector.im
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	442	- riot.im
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	443
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	444	# Users who register on this homeserver will automatically be joined
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	445	# to these rooms
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	446	#auto_join_rooms:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	447	# - "#example:example.com"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	448
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	449
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	450	## Metrics ###
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	451
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	452	# Enable collection and rendering of performance metrics
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	453	enable_metrics: False
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	454
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	455	## API Configuration ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	456
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	457	# A list of event types that will be included in the room_invite_state
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	458	room_invite_state_types:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	459	- "m.room.join_rules"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	460	- "m.room.canonical_alias"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	461	- "m.room.avatar"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	462	- "m.room.name"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	463
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	464
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	465	# A list of application service config file to use
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	466	app_service_config_files: []
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	467
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	468
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	469	# macaroon_secret_key: <PRIVATE STRING>
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	470
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	471	# Used to enable access token expiration.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	472	expire_access_token: False
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	473
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	474	## Signing Keys ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	475
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	476	# Path to the signing key to sign messages with
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	477	signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	478
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	479	# The keys that the server used to sign messages with but won't use
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	480	# to sign new messages. E.g. it has lost its private key
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	481	old_signing_keys: {}
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	482	# "ed25519:auto":
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	483	# # Base64 encoded public key
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	484	# key: "The public part of your old signing key."
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	485	# # Millisecond POSIX timestamp when the key expired.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	486	# expired_ts: 123456789123
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	487
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	488	# How long key response published by this server is valid for.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	489	# Used to set the valid_until_ts in /key/v2 APIs.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	490	# Determines how quickly servers will query to check which keys
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	491	# are still valid.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	492	key_refresh_interval: "1d" # 1 Day.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	493
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	494	# The trusted servers to download signing keys from.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	495	perspectives:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	496	servers:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	497	"matrix.org":
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	498	verify_keys:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	499	"ed25519:auto":
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	500	key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	501
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	502
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	503
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	504	# Enable SAML2 for registration and login. Uses pysaml2
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	505	# config_path: Path to the sp_conf.py configuration file
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	506	# idp_redirect_url: Identity provider URL which will redirect
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	507	# the user back to /login/saml2 with proper info.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	508	# See pysaml2 docs for format of config.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	509	#saml2_config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	510	# enabled: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	511	# config_path: "/home/erikj/git/synapse/sp_conf.py"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	512	# idp_redirect_url: "http://test/idp"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	513
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	514
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	515
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	516	# Enable CAS for registration and login.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	517	#cas_config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	518	# enabled: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	519	# server_url: "https://cas-server.com"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	520	# service_url: "https://homeserver.domain.com:8448"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	521	# #required_attributes:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	522	# # name: value
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	523
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	524
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	525	# The JWT needs to contain a globally unique "sub" (subject) claim.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	526	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	527	# jwt_config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	528	# enabled: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	529	# secret: "a secret"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	530	# algorithm: "HS256"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	531
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	532
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	533
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	534	# Enable password for login.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	535	password_config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	536	enabled: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	537	# Uncomment and change to a secret random string for extra security.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	538	# DO NOT CHANGE THIS AFTER INITIAL SETUP!
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	539	#pepper: ""
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	540
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	541
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	542
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	543	# Enable sending emails for notification events
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	544	# Defining a custom URL for Riot is only needed if email notifications
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	545	# should contain links to a self-hosted installation of Riot; when set
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	546	# the "app_name" setting is ignored.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	547	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	548	# If your SMTP server requires authentication, the optional smtp_user &
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	549	# smtp_pass variables should be used
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	550	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	551	#email:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	552	# enable_notifs: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	553	# smtp_host: "localhost"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	554	# smtp_port: 25
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	555	# smtp_user: "exampleusername"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	556	# smtp_pass: "examplepassword"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	557	# require_transport_security: False
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	558	# notif_from: "Your Friendly %(app)s Home Server <[email protected]>"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	559	# app_name: Matrix
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	560	# template_dir: res/templates
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	561	# notif_template_html: notif_mail.html
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	562	# notif_template_text: notif_mail.txt
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	563	# notif_for_new_users: True
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	564	# riot_base_url: "http://localhost/riot"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	565
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	566
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	567	# password_providers:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	568	# - module: "ldap_auth_provider.LdapAuthProvider"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	569	# config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	570	# enabled: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	571	# uri: "ldap://ldap.example.com:389"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	572	# start_tls: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	573	# base: "ou=users,dc=example,dc=com"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	574	# attributes:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	575	# uid: "cn"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	576	# mail: "email"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	577	# name: "givenName"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	578	# #bind_dn:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	579	# #bind_password:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	580	# #filter: "(objectClass=posixAccount)"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	581
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	582
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	583
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	584	# Clients requesting push notifications can either have the body of
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	585	# the message sent in the notification poke along with other details
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	586	# like the sender, or just the event ID and room ID (`event_id_only`).
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	587	# If clients choose the former, this option controls whether the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	588	# notification request includes the content of the event (other details
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	589	# like the sender are still included). For `event_id_only` push, it
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	590	# has no effect.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	591
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	592	# For modern android devices the notification content will still appear
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	593	# because it is loaded by the app. iPhone, however will send a
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	594	# notification saying only that a message arrived and who it came from.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	595	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	596	#push:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	597	# include_content: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	598
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	599
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	600	# spam_checker:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	601	# module: "my_custom_project.SuperSpamChecker"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	602	# config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	603	# example_option: 'things'
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	604
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	605
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	606	# Whether to allow non server admins to create groups on this server
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	607	enable_group_creation: false
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	608
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	609	# If enabled, non server admins can only create groups with local parts
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	610	# starting with this prefix
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	611	# group_creation_prefix: "unofficial/"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	612
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	613
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	614
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	615	# User Directory configuration
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	616	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	617	# 'search_all_users' defines whether to search all users visible to your HS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	618	# when searching the user directory, rather than limiting to users visible
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	619	# in public rooms. Defaults to false. If you set it True, you'll have to run
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	620	# UPDATE user_directory_stream_pos SET stream_id = NULL;
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	621	# on your database to tell it to rebuild the user_directory search indexes.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	622	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	623	#user_directory:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	624	# search_all_users: false

author	Luke Hoersten <luke@hoersten.org>
	Mon, 08 Jun 2020 16:30:37 -0500
changeset 36	a8627367c7be
child 37	2ef98b7b40d4
permissions	-rw-r--r--