ansible-roles: matrix-synapse/templates/homeserver.yaml.j2@b4e705f4cda4 (annotated)

37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1	# Configuration file for Synapse.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	2	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	3	# This is a YAML file: see [1] for a quick introduction. Note in particular
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	4	# that indentation is important: all the elements of a list or dictionary
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	5	# should have the same indentation.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	6	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	7	# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	8
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	9	## Server ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	11	# The domain name of the server, with optional explicit port.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	12	# This is used by remote servers to connect to this server,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	13	# e.g. matrix.org, localhost:8080, etc.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	14	# This is also the last part of your UserID.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	15	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	16	server_name: "{{nginx_server_name}}"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	18	# When running as a daemon, the file to store the pid in
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	19	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	20	pid_file: "/var/run/matrix-synapse.pid"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	21
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	22	# The absolute URL to the web client which /_matrix/client will redirect
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	23	# to if 'webclient' is configured under the 'listeners' configuration.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	24	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	25	# This option can be also set to the filesystem path to the web client
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	26	# which will be served at /_matrix/client/ if 'webclient' is configured
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	27	# under the 'listeners' configuration, however this is a security risk:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	28	# https://github.com/matrix-org/synapse#security-note
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	29	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	30	#web_client_location: https://riot.example.com/
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	31
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	32	# The public-facing base URL that clients use to access this HS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	33	# (not including _matrix/...). This is the same URL a user would
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	34	# enter into the 'custom HS URL' field on their client. If you
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	35	# use synapse with a reverse proxy, this should be the URL to reach
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	36	# synapse via the proxy.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	37	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	38	#public_baseurl: https://example.com/
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	39
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	40	# Set the soft limit on the number of file descriptors synapse can use
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	41	# Zero is used to indicate synapse should set the soft limit to the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	42	# hard limit.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	43	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	44	#soft_file_limit: 0
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	45
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	46	# Set to false to disable presence tracking on this homeserver.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	47	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	48	#use_presence: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	49
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	50	# Whether to require authentication to retrieve profile data (avatars,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	51	# display names) of other users through the client API. Defaults to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	52	# 'false'. Note that profile data is also available via the federation
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	53	# API, so this setting is of limited value if federation is enabled on
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	54	# the server.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	55	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	56	#require_auth_for_profile_requests: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	57
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	58	# Uncomment to require a user to share a room with another user in order
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	59	# to retrieve their profile information. Only checked on Client-Server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	60	# requests. Profile requests from other servers should be checked by the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	61	# requesting server. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	62	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	63	#limit_profile_requests_to_users_who_share_rooms: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	64
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	65	# If set to 'true', removes the need for authentication to access the server's
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	66	# public rooms directory through the client API, meaning that anyone can
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	67	# query the room directory. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	68	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	69	#allow_public_rooms_without_auth: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	70
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	71	# If set to 'true', allows any other homeserver to fetch the server's public
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	72	# rooms directory via federation. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	73	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	74	#allow_public_rooms_over_federation: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	75
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	76	# The default room version for newly created rooms.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	77	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	78	# Known room versions are listed here:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	79	# https://matrix.org/docs/spec/#complete-list-of-room-versions
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	80	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	81	# For example, for room version 1, default_room_version should be set
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	82	# to "1".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	83	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	84	#default_room_version: "5"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	85
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	86	# The GC threshold parameters to pass to `gc.set_threshold`, if defined
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	87	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	88	#gc_thresholds: [700, 10, 10]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	89
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	90	# Set the limit on the returned events in the timeline in the get
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	91	# and sync operations. The default value is -1, means no upper limit.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	92	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	93	#filter_timeline_limit: 5000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	94
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	95	# Whether room invites to users on this server should be blocked
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	96	# (except those sent by local server admins). The default is False.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	97	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	98	#block_non_admin_invites: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	99
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	100	# Room searching
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	101	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	102	# If disabled, new messages will not be indexed for searching and users
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	103	# will receive errors when searching for messages. Defaults to enabled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	104	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	105	#enable_search: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	106
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	107	# Restrict federation to the following whitelist of domains.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	108	# N.B. we recommend also firewalling your federation listener to limit
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	109	# inbound federation traffic as early as possible, rather than relying
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	110	# purely on this application-layer restriction. If not specified, the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	111	# default is to whitelist everything.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	112	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	113	#federation_domain_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	114	# - lon.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	115	# - nyc.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	116	# - syd.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	117
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	118	# Prevent federation requests from being sent to the following
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	119	# blacklist IP address CIDR ranges. If this option is not specified, or
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	120	# specified with an empty list, no ip range blacklist will be enforced.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	121	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	122	# As of Synapse v1.4.0 this option also affects any outbound requests to identity
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	123	# servers provided by user input.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	124	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	125	# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	126	# listed here, since they correspond to unroutable addresses.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	127	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	128	federation_ip_range_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	129	- '127.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	130	- '10.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	131	- '172.16.0.0/12'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	132	- '192.168.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	133	- '100.64.0.0/10'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	134	- '169.254.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	135	- '::1/128'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	136	- 'fe80::/64'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	137	- 'fc00::/7'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	138
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	139	# List of ports that Synapse should listen on, their purpose and their
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	140	# configuration.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	141	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	142	# Options for each listener include:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	143	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	144	# port: the TCP port to bind to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	145	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	146	# bind_addresses: a list of local addresses to listen on. The default is
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	147	# 'all local interfaces'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	148	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	149	# type: the type of listener. Normally 'http', but other valid options are:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	150	# 'manhole' (see docs/manhole.md),
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	151	# 'metrics' (see docs/metrics-howto.md),
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	152	# 'replication' (see docs/workers.md).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	153	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	154	# tls: set to true to enable TLS for this listener. Will use the TLS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	155	# key/cert specified in tls_private_key_path / tls_certificate_path.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	156	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	157	# x_forwarded: Only valid for an 'http' listener. Set to true to use the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	158	# X-Forwarded-For header as the client IP. Useful when Synapse is
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	159	# behind a reverse-proxy.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	160	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	161	# resources: Only valid for an 'http' listener. A list of resources to host
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	162	# on this port. Options for each resource are:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	163	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	164	# names: a list of names of HTTP resources. See below for a list of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	165	# valid resource names.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	166	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	167	# compress: set to true to enable HTTP comression for this resource.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	168	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	169	# additional_resources: Only valid for an 'http' listener. A map of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	170	# additional endpoints which should be loaded via dynamic modules.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	171	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	172	# Valid resource names are:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	173	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	174	# client: the client-server API (/_matrix/client), and the synapse admin
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	175	# API (/_synapse/admin). Also implies 'media' and 'static'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	176	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	177	# consent: user consent forms (/_matrix/consent). See
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	178	# docs/consent_tracking.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	179	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	180	# federation: the server-server API (/_matrix/federation). Also implies
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	181	# 'media', 'keys', 'openid'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	182	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	183	# keys: the key discovery API (/_matrix/keys).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	184	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	185	# media: the media API (/_matrix/media).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	186	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	187	# metrics: the metrics interface. See docs/metrics-howto.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	188	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	189	# openid: OpenID authentication.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	190	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	191	# replication: the HTTP replication API (/_synapse/replication). See
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	192	# docs/workers.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	193	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	194	# static: static resources under synapse/static (/_matrix/static). (Mostly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	195	# useful for 'fallback authentication'.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	196	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	197	# webclient: A web client. Requires web_client_location to be set.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	198	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	199	listeners:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	200	# TLS-enabled listener: for when matrix traffic is sent directly to synapse.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	201	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	202	# Disabled by default. To enable it, uncomment the following. (Note that you
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	203	# will also need to give Synapse a TLS key and certificate: see the TLS section
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	204	# below.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	205	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	206	#- port: 8448
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	207	# type: http
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	208	# tls: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	209	# resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	210	# - names: [client, federation]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	211
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	212	# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	213	# that unwraps TLS.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	214	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	215	# If you plan to use a reverse proxy, please see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	216	# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	217	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	218	- port: 8008
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	219	tls: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	220	type: http
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	221	x_forwarded: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	222	bind_addresses: ['::1', '127.0.0.1']
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	223
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	224	resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	225	- names: [client, federation]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	226	compress: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	227
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	228	# example additional_resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	229	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	230	#additional_resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	231	# "/_matrix/my/custom/endpoint":
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	232	# module: my_module.CustomRequestHandler
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	233	# config: {}
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	234
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	235	# Turn on the twisted ssh manhole service on localhost on the given
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	236	# port.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	237	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	238	#- port: 9000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	239	# bind_addresses: ['::1', '127.0.0.1']
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	240	# type: manhole
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	241
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	242	# Forward extremities can build up in a room due to networking delays between
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	243	# homeservers. Once this happens in a large room, calculation of the state of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	244	# that room can become quite expensive. To mitigate this, once the number of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	245	# forward extremities reaches a given threshold, Synapse will send an
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	246	# org.matrix.dummy_event event, which will reduce the forward extremities
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	247	# in the room.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	248	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	249	# This setting defines the threshold (i.e. number of forward extremities in the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	250	# room) at which dummy events are sent. The default value is 10.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	251	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	252	#dummy_events_threshold: 5
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	253
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	254
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	255	## Homeserver blocking ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	256
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	257	# How to reach the server admin, used in ResourceLimitError
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	258	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	259	#admin_contact: 'mailto:[email protected]'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	260
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	261	# Global blocking
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	262	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	263	#hs_disabled: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	264	#hs_disabled_message: 'Human readable reason for why the HS is blocked'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	265
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	266	# Monthly Active User Blocking
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	267	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	268	# Used in cases where the admin or server owner wants to limit to the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	269	# number of monthly active users.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	270	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	271	# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	272	# anabled and a limit is reached the server returns a 'ResourceLimitError'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	273	# with error type Codes.RESOURCE_LIMIT_EXCEEDED
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	274	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	275	# 'max_mau_value' is the hard limit of monthly active users above which
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	276	# the server will start blocking user actions.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	277	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	278	# 'mau_trial_days' is a means to add a grace period for active users. It
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	279	# means that users must be active for this number of days before they
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	280	# can be considered active and guards against the case where lots of users
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	281	# sign up in a short space of time never to return after their initial
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	282	# session.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	283	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	284	# 'mau_limit_alerting' is a means of limiting client side alerting
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	285	# should the mau limit be reached. This is useful for small instances
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	286	# where the admin has 5 mau seats (say) for 5 specific people and no
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	287	# interest increasing the mau limit further. Defaults to True, which
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	288	# means that alerting is enabled
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	289	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	290	#limit_usage_by_mau: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	291	#max_mau_value: 50
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	292	#mau_trial_days: 2
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	293	#mau_limit_alerting: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	294
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	295	# If enabled, the metrics for the number of monthly active users will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	296	# be populated, however no one will be limited. If limit_usage_by_mau
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	297	# is true, this is implied to be true.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	298	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	299	#mau_stats_only: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	300
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	301	# Sometimes the server admin will want to ensure certain accounts are
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	302	# never blocked by mau checking. These accounts are specified here.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	303	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	304	#mau_limit_reserved_threepids:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	305	# - medium: 'email'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	306	# address: '[email protected]'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	307
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	308	# Used by phonehome stats to group together related servers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	309	#server_context: context
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	310
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	311	# Resource-constrained homeserver Settings
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	312	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	313	# If limit_remote_rooms.enabled is True, the room complexity will be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	314	# checked before a user joins a new remote room. If it is above
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	315	# limit_remote_rooms.complexity, it will disallow joining or
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	316	# instantly leave.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	317	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	318	# limit_remote_rooms.complexity_error can be set to customise the text
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	319	# displayed to the user when a room above the complexity threshold has
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	320	# its join cancelled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	321	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	322	# Uncomment the below lines to enable:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	323	#limit_remote_rooms:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	324	# enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	325	# complexity: 1.0
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	326	# complexity_error: "This room is too complex."
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	327
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	328	# Whether to require a user to be in the room to add an alias to it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	329	# Defaults to 'true'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	330	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	331	#require_membership_for_aliases: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	332
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	333	# Whether to allow per-room membership profiles through the send of membership
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	334	# events with profile information that differ from the target's global profile.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	335	# Defaults to 'true'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	336	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	337	#allow_per_room_profiles: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	338
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	339	# How long to keep redacted events in unredacted form in the database. After
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	340	# this period redacted events get replaced with their redacted form in the DB.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	341	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	342	# Defaults to `7d`. Set to `null` to disable.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	343	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	344	#redaction_retention_period: 28d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	345
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	346	# How long to track users' last seen time and IPs in the database.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	347	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	348	# Defaults to `28d`. Set to `null` to disable clearing out of old rows.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	349	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	350	#user_ips_max_age: 14d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	351
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	352	# Message retention policy at the server level.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	353	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	354	# Room admins and mods can define a retention period for their rooms using the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	355	# 'm.room.retention' state event, and server admins can cap this period by setting
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	356	# the 'allowed_lifetime_min' and 'allowed_lifetime_max' config options.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	357	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	358	# If this feature is enabled, Synapse will regularly look for and purge events
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	359	# which are older than the room's maximum retention period. Synapse will also
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	360	# filter events received over federation so that events that should have been
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	361	# purged are ignored and not stored again.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	362	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	363	retention:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	364	# The message retention policies feature is disabled by default. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	365	# following line to enable it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	366	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	367	#enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	368
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	369	# Default retention policy. If set, Synapse will apply it to rooms that lack the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	370	# 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	371	# matter much because Synapse doesn't take it into account yet.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	372	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	373	#default_policy:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	374	# min_lifetime: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	375	# max_lifetime: 1y
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	376
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	377	# Retention policy limits. If set, a user won't be able to send a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	378	# 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	379	# that's not within this range. This is especially useful in closed federations,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	380	# in which server admins can make sure every federating server applies the same
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	381	# rules.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	382	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	383	#allowed_lifetime_min: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	384	#allowed_lifetime_max: 1y
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	385
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	386	# Server admins can define the settings of the background jobs purging the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	387	# events which lifetime has expired under the 'purge_jobs' section.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	388	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	389	# If no configuration is provided, a single job will be set up to delete expired
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	390	# events in every room daily.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	391	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	392	# Each job's configuration defines which range of message lifetimes the job
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	393	# takes care of. For example, if 'shortest_max_lifetime' is '2d' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	394	# 'longest_max_lifetime' is '3d', the job will handle purging expired events in
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	395	# rooms whose state defines a 'max_lifetime' that's both higher than 2 days, and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	396	# lower than or equal to 3 days. Both the minimum and the maximum value of a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	397	# range are optional, e.g. a job with no 'shortest_max_lifetime' and a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	398	# 'longest_max_lifetime' of '3d' will handle every room with a retention policy
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	399	# which 'max_lifetime' is lower than or equal to three days.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	400	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	401	# The rationale for this per-job configuration is that some rooms might have a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	402	# retention policy with a low 'max_lifetime', where history needs to be purged
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	403	# of outdated messages on a more frequent basis than for the rest of the rooms
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	404	# (e.g. every 12h), but not want that purge to be performed by a job that's
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	405	# iterating over every room it knows, which could be heavy on the server.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	406	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	407	#purge_jobs:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	408	# - shortest_max_lifetime: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	409	# longest_max_lifetime: 3d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	410	# interval: 12h
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	411	# - shortest_max_lifetime: 3d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	412	# longest_max_lifetime: 1y
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	413	# interval: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	414
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	415	# Inhibits the /requestToken endpoints from returning an error that might leak
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	416	# information about whether an e-mail address is in use or not on this
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	417	# homeserver.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	418	# Note that for some endpoints the error situation is the e-mail already being
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	419	# used, and for others the error is entering the e-mail being unused.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	420	# If this option is enabled, instead of returning an error, these endpoints will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	421	# act as if no error happened and return a fake session ID ('sid') to clients.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	422	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	423	#request_token_inhibit_3pid_errors: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	424
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	425
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	426	## TLS ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	427
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	428	# PEM-encoded X509 certificate for TLS.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	429	# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	430	# certificate, signed by a recognised Certificate Authority.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	431	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	432	# See 'ACME support' below to enable auto-provisioning this certificate via
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	433	# Let's Encrypt.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	434	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	435	# If supplying your own, be sure to use a `.pem` file that includes the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	436	# full certificate chain including any intermediate certificates (for
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	437	# instance, if using certbot, use `fullchain.pem` as your certificate,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	438	# not `cert.pem`).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	439	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	440	#tls_certificate_path: "/home/lhoersten/nth.io.tls.crt"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	441
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	442	# PEM-encoded private key for TLS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	443	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	444	#tls_private_key_path: "/home/lhoersten/nth.io.tls.key"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	445
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	446	# Whether to verify TLS server certificates for outbound federation requests.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	447	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	448	# Defaults to `true`. To disable certificate verification, uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	449	# following line.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	450	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	451	#federation_verify_certificates: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	452
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	453	# The minimum TLS version that will be used for outbound federation requests.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	454	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	455	# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	456	# that setting this value higher than `1.2` will prevent federation to most
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	457	# of the public Matrix network: only configure it to `1.3` if you have an
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	458	# entirely private federation setup and you can ensure TLS 1.3 support.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	459	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	460	#federation_client_minimum_tls_version: 1.2
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	461
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	462	# Skip federation certificate verification on the following whitelist
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	463	# of domains.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	464	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	465	# This setting should only be used in very specific cases, such as
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	466	# federation over Tor hidden services and similar. For private networks
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	467	# of homeservers, you likely want to use a private CA instead.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	468	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	469	# Only effective if federation_verify_certicates is `true`.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	470	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	471	#federation_certificate_verification_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	472	# - lon.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	473	# - *.domain.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	474	# - *.onion
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	475
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	476	# List of custom certificate authorities for federation traffic.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	477	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	478	# This setting should only normally be used within a private network of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	479	# homeservers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	480	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	481	# Note that this list will replace those that are provided by your
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	482	# operating environment. Certificates must be in PEM format.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	483	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	484	#federation_custom_ca_list:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	485	# - myCA1.pem
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	486	# - myCA2.pem
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	487	# - myCA3.pem
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	488
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	489	# ACME support: This will configure Synapse to request a valid TLS certificate
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	490	# for your configured `server_name` via Let's Encrypt.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	491	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	492	# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	493	# ACME v2. This means that this feature currently won't work with installs set
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	494	# up after November 2019. For more info, and alternative solutions, see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	495	# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	496	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	497	# Note that provisioning a certificate in this way requires port 80 to be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	498	# routed to Synapse so that it can complete the http-01 ACME challenge.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	499	# By default, if you enable ACME support, Synapse will attempt to listen on
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	500	# port 80 for incoming http-01 challenges - however, this will likely fail
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	501	# with 'Permission denied' or a similar error.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	502	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	503	# There are a couple of potential solutions to this:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	504	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	505	# * If you already have an Apache, Nginx, or similar listening on port 80,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	506	# you can configure Synapse to use an alternate port, and have your web
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	507	# server forward the requests. For example, assuming you set 'port: 8009'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	508	# below, on Apache, you would write:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	509	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	510	# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	511	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	512	# * Alternatively, you can use something like `authbind` to give Synapse
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	513	# permission to listen on port 80.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	514	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	515	acme:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	516	# ACME support is disabled by default. Set this to `true` and uncomment
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	517	# tls_certificate_path and tls_private_key_path above to enable it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	518	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	519	enabled: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	520
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	521	# Endpoint to use to request certificates. If you only want to test,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	522	# use Let's Encrypt's staging url:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	523	# https://acme-staging.api.letsencrypt.org/directory
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	524	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	525	#url: https://acme-v01.api.letsencrypt.org/directory
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	526
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	527	# Port number to listen on for the HTTP-01 challenge. Change this if
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	528	# you are forwarding connections through Apache/Nginx/etc.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	529	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	530	port: 80
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	531
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	532	# Local addresses to listen on for incoming connections.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	533	# Again, you may want to change this if you are forwarding connections
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	534	# through Apache/Nginx/etc.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	535	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	536	bind_addresses: ['::', '0.0.0.0']
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	537
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	538	# How many days remaining on a certificate before it is renewed.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	539	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	540	reprovision_threshold: 30
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	541
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	542	# The domain that the certificate should be for. Normally this
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	543	# should be the same as your Matrix domain (i.e., 'server_name'), but,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	544	# by putting a file at 'https://<server_name>/.well-known/matrix/server',
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	545	# you can delegate incoming traffic to another server. If you do that,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	546	# you should give the target of the delegation here.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	547	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	548	# For example: if your 'server_name' is 'example.com', but
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	549	# 'https://example.com/.well-known/matrix/server' delegates to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	550	# 'matrix.example.com', you should put 'matrix.example.com' here.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	551	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	552	# If not set, defaults to your 'server_name'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	553	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	554	domain: matrix.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	555
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	556	# file to use for the account key. This will be generated if it doesn't
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	557	# exist.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	558	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	559	# If unspecified, we will use CONFDIR/client.key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	560	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	561	account_key_file: /home/lhoersten/acme_account.key
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	562
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	563	# List of allowed TLS fingerprints for this server to publish along
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	564	# with the signing keys for this server. Other matrix servers that
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	565	# make HTTPS requests to this server will check that the TLS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	566	# certificates returned by this server match one of the fingerprints.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	567	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	568	# Synapse automatically adds the fingerprint of its own certificate
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	569	# to the list. So if federation traffic is handled directly by synapse
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	570	# then no modification to the list is required.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	571	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	572	# If synapse is run behind a load balancer that handles the TLS then it
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	573	# will be necessary to add the fingerprints of the certificates used by
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	574	# the loadbalancers to this list if they are different to the one
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	575	# synapse is using.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	576	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	577	# Homeservers are permitted to cache the list of TLS fingerprints
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	578	# returned in the key responses up to the "valid_until_ts" returned in
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	579	# key. It may be necessary to publish the fingerprints of a new
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	580	# certificate and wait until the "valid_until_ts" of the previous key
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	581	# responses have passed before deploying it.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	582	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	583	# You can calculate a fingerprint from a given TLS listener via:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	584	# openssl s_client -connect $host:$port < /dev/null 2> /dev/null \|
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	585	# openssl x509 -outform DER \| openssl sha256 -binary \| base64 \| tr -d '='
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	586	# or by checking matrix.org/federationtester/api/report?server_name=$host
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	587	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	588	#tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	589
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	590
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	591
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	592	## Database ##
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	593
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	594	# The 'database' setting defines the database that synapse uses to store all of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	595	# its data.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	596	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	597	# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	598	# 'psycopg2' (for PostgreSQL).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	599	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	600	# 'args' gives options which are passed through to the database engine,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	601	# except for options starting 'cp_', which are used to configure the Twisted
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	602	# connection pool. For a reference to valid arguments, see:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	603	# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	604	# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	605	# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	606	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	607	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	608	# Example SQLite configuration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	609	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	610	#database:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	611	# name: sqlite3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	612	# args:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	613	# database: /path/to/homeserver.db
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	614	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	615	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	616	# Example Postgres configuration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	617	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	618	#database:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	619	# name: psycopg2
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	620	# args:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	621	# user: synapse
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	622	# password: secretpassword
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	623	# database: synapse
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	624	# host: localhost
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	625	# cp_min: 5
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	626	# cp_max: 10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	627	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	628	# For more information on using Synapse with Postgres, see `docs/postgres.md`.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	629	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	630	database:
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	631	name: sqlite3
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	632	args:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	633	database: "{{matrix_synapse_db}}"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	634
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	635	# Number of events to cache in memory.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	636	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	637	#event_cache_size: 10K
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	638
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	639
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	640	## Logging ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	641
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	642	# A yaml python logging config file as described by
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	643	# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	644	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	645	log_config: "/etc/matrix-synapse/log.yaml"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	646
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	647
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	648	## Ratelimiting ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	649
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	650	# Ratelimiting settings for client actions (registration, login, messaging).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	651	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	652	# Each ratelimiting configuration is made of two parameters:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	653	# - per_second: number of requests a client can send per second.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	654	# - burst_count: number of requests a client can send before being throttled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	655	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	656	# Synapse currently uses the following configurations:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	657	# - one for messages that ratelimits sending based on the account the client
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	658	# is using
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	659	# - one for registration that ratelimits registration requests based on the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	660	# client's IP address.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	661	# - one for login that ratelimits login requests based on the client's IP
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	662	# address.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	663	# - one for login that ratelimits login requests based on the account the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	664	# client is attempting to log into.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	665	# - one for login that ratelimits login requests based on the account the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	666	# client is attempting to log into, based on the amount of failed login
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	667	# attempts for this account.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	668	# - one for ratelimiting redactions by room admins. If this is not explicitly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	669	# set then it uses the same ratelimiting as per rc_message. This is useful
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	670	# to allow room admins to deal with abuse quickly.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	671	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	672	# The defaults are as shown below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	673	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	674	#rc_message:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	675	# per_second: 0.2
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	676	# burst_count: 10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	677	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	678	#rc_registration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	679	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	680	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	681	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	682	#rc_login:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	683	# address:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	684	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	685	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	686	# account:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	687	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	688	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	689	# failed_attempts:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	690	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	691	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	692	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	693	#rc_admin_redaction:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	694	# per_second: 1
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	695	# burst_count: 50
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	696
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	697
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	698	# Ratelimiting settings for incoming federation
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	699	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	700	# The rc_federation configuration is made up of the following settings:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	701	# - window_size: window size in milliseconds
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	702	# - sleep_limit: number of federation requests from a single server in
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	703	# a window before the server will delay processing the request.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	704	# - sleep_delay: duration in milliseconds to delay processing events
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	705	# from remote servers by if they go over the sleep limit.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	706	# - reject_limit: maximum number of concurrent federation requests
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	707	# allowed from a single server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	708	# - concurrent: number of federation requests to concurrently process
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	709	# from a single server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	710	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	711	# The defaults are as shown below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	712	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	713	#rc_federation:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	714	# window_size: 1000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	715	# sleep_limit: 10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	716	# sleep_delay: 500
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	717	# reject_limit: 50
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	718	# concurrent: 3
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	719
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	720	# Target outgoing federation transaction frequency for sending read-receipts,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	721	# per-room.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	722	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	723	# If we end up trying to send out more read-receipts, they will get buffered up
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	724	# into fewer transactions.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	725	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	726	#federation_rr_transactions_per_room_per_second: 50
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	727
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	728
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	729
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	730	## Media Store ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	731
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	732	# Enable the media store service in the Synapse master. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	733	# following if you are using a separate media store worker.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	734	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	735	#enable_media_repo: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	736
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	737	# Directory where uploaded images and attachments are stored.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	738	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	739	media_store_path: "{{matrix_synapse_media_store}}"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	740
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	741	# Media storage providers allow media to be stored in different
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	742	# locations.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	743	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	744	#media_storage_providers:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	745	# - module: file_system
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	746	# # Whether to store newly uploaded local files
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	747	# store_local: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	748	# # Whether to store newly downloaded remote files
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	749	# store_remote: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	750	# # Whether to wait for successful storage for local uploads
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	751	# store_synchronous: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	752	# config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	753	# directory: /mnt/some/other/directory
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	754
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	755	# The largest allowed upload size in bytes
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	756	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	757	#max_upload_size: 10M
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	758
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	759	# Maximum number of pixels that will be thumbnailed
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	760	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	761	#max_image_pixels: 32M
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	762
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	763	# Whether to generate new thumbnails on the fly to precisely match
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	764	# the resolution requested by the client. If true then whenever
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	765	# a new resolution is requested by the client the server will
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	766	# generate a new thumbnail. If false the server will pick a thumbnail
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	767	# from a precalculated list.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	768	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	769	#dynamic_thumbnails: false
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	770
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	771	# List of thumbnails to precalculate when an image is uploaded.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	772	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	773	#thumbnail_sizes:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	774	# - width: 32
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	775	# height: 32
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	776	# method: crop
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	777	# - width: 96
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	778	# height: 96
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	779	# method: crop
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	780	# - width: 320
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	781	# height: 240
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	782	# method: scale
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	783	# - width: 640
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	784	# height: 480
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	785	# method: scale
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	786	# - width: 800
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	787	# height: 600
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	788	# method: scale
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	789
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	790	# Is the preview URL API enabled?
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	791	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	792	# 'false' by default: uncomment the following to enable it (and specify a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	793	# url_preview_ip_range_blacklist blacklist).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	794	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	795	#url_preview_enabled: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	796
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	797	# List of IP address CIDR ranges that the URL preview spider is denied
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	798	# from accessing. There are no defaults: you must explicitly
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	799	# specify a list for URL previewing to work. You should specify any
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	800	# internal services in your network that you do not want synapse to try
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	801	# to connect to, otherwise anyone in any Matrix room could cause your
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	802	# synapse to issue arbitrary GET requests to your internal services,
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	803	# causing serious security issues.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	804	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	805	# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	806	# listed here, since they correspond to unroutable addresses.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	807	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	808	# This must be specified if url_preview_enabled is set. It is recommended that
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	809	# you uncomment the following list as a starting point.
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	810	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	811	#url_preview_ip_range_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	812	# - '127.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	813	# - '10.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	814	# - '172.16.0.0/12'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	815	# - '192.168.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	816	# - '100.64.0.0/10'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	817	# - '169.254.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	818	# - '::1/128'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	819	# - 'fe80::/64'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	820	# - 'fc00::/7'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	821
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	822	# List of IP address CIDR ranges that the URL preview spider is allowed
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	823	# to access even if they are specified in url_preview_ip_range_blacklist.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	824	# This is useful for specifying exceptions to wide-ranging blacklisted
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	825	# target IP ranges - e.g. for enabling URL previews for a specific private
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	826	# website only visible in your network.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	827	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	828	#url_preview_ip_range_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	829	# - '192.168.1.1'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	830
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	831	# Optional list of URL matches that the URL preview spider is
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	832	# denied from accessing. You should use url_preview_ip_range_blacklist
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	833	# in preference to this, otherwise someone could define a public DNS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	834	# entry that points to a private IP address and circumvent the blacklist.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	835	# This is more useful if you know there is an entire shape of URL that
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	836	# you know that will never want synapse to try to spider.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	837	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	838	# Each list entry is a dictionary of url component attributes as returned
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	839	# by urlparse.urlsplit as applied to the absolute form of the URL. See
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	840	# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	841	# The values of the dictionary are treated as an filename match pattern
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	842	# applied to that component of URLs, unless they start with a ^ in which
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	843	# case they are treated as a regular expression match. If all the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	844	# specified component matches for a given list item succeed, the URL is
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	845	# blacklisted.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	846	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	847	#url_preview_url_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	848	# # blacklist any URL with a username in its URI
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	849	# - username: '*'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	850	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	851	# # blacklist all *.google.com URLs
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	852	# - netloc: 'google.com'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	853	# - netloc: '*.google.com'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	854	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	855	# # blacklist all plain HTTP URLs
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	856	# - scheme: 'http'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	857	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	858	# # blacklist http(s)://www.acme.com/foo
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	859	# - netloc: 'www.acme.com'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	860	# path: '/foo'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	861	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	862	# # blacklist any URL with a literal IPv4 address
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	863	# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	864
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	865	# The largest allowed URL preview spidering size in bytes
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	866	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	867	#max_spider_size: 10M
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	868
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	869	# A list of values for the Accept-Language HTTP header used when
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	870	# downloading webpages during URL preview generation. This allows
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	871	# Synapse to specify the preferred languages that URL previews should
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	872	# be in when communicating with remote servers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	873	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	874	# Each value is a IETF language tag; a 2-3 letter identifier for a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	875	# language, optionally followed by subtags separated by '-', specifying
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	876	# a country or region variant.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	877	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	878	# Multiple values can be provided, and a weight can be added to each by
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	879	# using quality value syntax (;q=). '*' translates to any language.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	880	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	881	# Defaults to "en".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	882	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	883	# Example:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	884	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	885	# url_preview_accept_language:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	886	# - en-UK
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	887	# - en-US;q=0.9
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	888	# - fr;q=0.8
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	889	# - *;q=0.7
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	890	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	891	url_preview_accept_language:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	892	# - en
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	893
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	894
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	895	## Captcha ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	896	# See docs/CAPTCHA_SETUP for full details of configuring this.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	897
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	898	# This homeserver's ReCAPTCHA public key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	899	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	900	#recaptcha_public_key: "YOUR_PUBLIC_KEY"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	901
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	902	# This homeserver's ReCAPTCHA private key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	903	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	904	#recaptcha_private_key: "YOUR_PRIVATE_KEY"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	905
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	906	# Enables ReCaptcha checks when registering, preventing signup
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	907	# unless a captcha is answered. Requires a valid ReCaptcha
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	908	# public/private key.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	909	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	910	#enable_registration_captcha: false
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	911
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	912	# The API endpoint to use for verifying m.login.recaptcha responses.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	913	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	914	#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	915
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	916
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	917	## TURN ##
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	918
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	919	# The public URIs of the TURN server to give to clients
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	920	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	921	#turn_uris: []
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	922
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	923	# The shared secret used to compute passwords for the TURN server
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	924	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	925	#turn_shared_secret: "YOUR_SHARED_SECRET"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	926
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	927	# The Username and password if the TURN server needs them and
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	928	# does not use a token
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	929	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	930	#turn_username: "TURNSERVER_USERNAME"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	931	#turn_password: "TURNSERVER_PASSWORD"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	932
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	933	# How long generated TURN credentials last
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	934	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	935	#turn_user_lifetime: 1h
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	936
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	937	# Whether guests should be allowed to use the TURN server.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	938	# This defaults to True, otherwise VoIP will be unreliable for guests.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	939	# However, it does introduce a slight security risk as it allows users to
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	940	# connect to arbitrary endpoints without having first signed up for a
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	941	# valid account (e.g. by passing a CAPTCHA).
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	942	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	943	#turn_allow_guests: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	944
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	945
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	946	## Registration ##
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	947	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	948	# Registration can be rate-limited using the parameters in the "Ratelimiting"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	949	# section of this file.
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	950
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	951	# Enable registration for new users.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	952	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	953	enable_registration: {{matrix_synapse_enable_registrations}}
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	954
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	955	# Optional account validity configuration. This allows for accounts to be denied
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	956	# any request after a given period.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	957	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	958	# Once this feature is enabled, Synapse will look for registered users without an
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	959	# expiration date at startup and will add one to every account it found using the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	960	# current settings at that time.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	961	# This means that, if a validity period is set, and Synapse is restarted (it will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	962	# then derive an expiration date from the current validity period), and some time
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	963	# after that the validity period changes and Synapse is restarted, the users'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	964	# expiration dates won't be updated unless their account is manually renewed. This
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	965	# date will be randomly selected within a range [now + period - d ; now + period],
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	966	# where d is equal to 10% of the validity period.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	967	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	968	account_validity:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	969	# The account validity feature is disabled by default. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	970	# following line to enable it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	971	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	972	#enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	973
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	974	# The period after which an account is valid after its registration. When
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	975	# renewing the account, its validity period will be extended by this amount
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	976	# of time. This parameter is required when using the account validity
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	977	# feature.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	978	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	979	#period: 6w
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	980
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	981	# The amount of time before an account's expiry date at which Synapse will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	982	# send an email to the account's email address with a renewal link. By
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	983	# default, no such emails are sent.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	984	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	985	# If you enable this setting, you will also need to fill out the 'email' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	986	# 'public_baseurl' configuration sections.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	987	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	988	#renew_at: 1w
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	989
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	990	# The subject of the email sent out with the renewal link. '%(app)s' can be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	991	# used as a placeholder for the 'app_name' parameter from the 'email'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	992	# section.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	993	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	994	# Note that the placeholder must be written '%(app)s', including the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	995	# trailing 's'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	996	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	997	# If this is not set, a default value is used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	998	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	999	#renew_email_subject: "Renew your %(app)s account"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1001	# Directory in which Synapse will try to find templates for the HTML files to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1002	# serve to the user when trying to renew an account. If not set, default
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1003	# templates from within the Synapse package will be used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1004	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1005	#template_dir: "res/templates"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1006
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1007	# File within 'template_dir' giving the HTML to be displayed to the user after
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1008	# they successfully renewed their account. If not set, default text is used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1009	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1010	#account_renewed_html_path: "account_renewed.html"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1011
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1012	# File within 'template_dir' giving the HTML to be displayed when the user
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1013	# tries to renew an account with an invalid renewal token. If not set,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1014	# default text is used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1015	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1016	#invalid_token_html_path: "invalid_token.html"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1017
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1018	# Time that a user's session remains valid for, after they log in.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1019	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1020	# Note that this is not currently compatible with guest logins.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1021	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1022	# Note also that this is calculated at login time: changes are not applied
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1023	# retrospectively to users who have already logged in.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1024	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1025	# By default, this is infinite.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1026	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1027	#session_lifetime: 24h
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1028
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1029	# The user must provide all of the below types of 3PID when registering.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1030	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1031	#registrations_require_3pid:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1032	# - email
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1033	# - msisdn
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1034

author	Luke Hoersten <luke@hoersten.org>
	Tue, 09 Jun 2020 14:39:54 -0500
changeset 38	b4e705f4cda4
parent 37	2ef98b7b40d4
child 39	90b1b7c4be70
permissions	-rw-r--r--