ansible-roles: matrix-synapse/templates/homeserver.yaml.j2@b4e705f4cda4 (annotated)

37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1	# Configuration file for Synapse.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	2	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	3	# This is a YAML file: see [1] for a quick introduction. Note in particular
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	4	# that indentation is important: all the elements of a list or dictionary
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	5	# should have the same indentation.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	6	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	7	# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	8
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	9	## Server ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	11	# The domain name of the server, with optional explicit port.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	12	# This is used by remote servers to connect to this server,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	13	# e.g. matrix.org, localhost:8080, etc.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	14	# This is also the last part of your UserID.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	15	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	16	server_name: "{{nginx_server_name}}"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	18	# When running as a daemon, the file to store the pid in
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	19	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	20	pid_file: "/var/run/matrix-synapse.pid"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	21
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	22	# The absolute URL to the web client which /_matrix/client will redirect
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	23	# to if 'webclient' is configured under the 'listeners' configuration.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	24	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	25	# This option can be also set to the filesystem path to the web client
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	26	# which will be served at /_matrix/client/ if 'webclient' is configured
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	27	# under the 'listeners' configuration, however this is a security risk:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	28	# https://github.com/matrix-org/synapse#security-note
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	29	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	30	#web_client_location: https://riot.example.com/
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	31
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	32	# The public-facing base URL that clients use to access this HS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	33	# (not including _matrix/...). This is the same URL a user would
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	34	# enter into the 'custom HS URL' field on their client. If you
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	35	# use synapse with a reverse proxy, this should be the URL to reach
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	36	# synapse via the proxy.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	37	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	38	#public_baseurl: https://example.com/
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	39
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	40	# Set the soft limit on the number of file descriptors synapse can use
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	41	# Zero is used to indicate synapse should set the soft limit to the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	42	# hard limit.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	43	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	44	#soft_file_limit: 0
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	45
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	46	# Set to false to disable presence tracking on this homeserver.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	47	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	48	#use_presence: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	49
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	50	# Whether to require authentication to retrieve profile data (avatars,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	51	# display names) of other users through the client API. Defaults to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	52	# 'false'. Note that profile data is also available via the federation
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	53	# API, so this setting is of limited value if federation is enabled on
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	54	# the server.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	55	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	56	#require_auth_for_profile_requests: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	57
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	58	# Uncomment to require a user to share a room with another user in order
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	59	# to retrieve their profile information. Only checked on Client-Server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	60	# requests. Profile requests from other servers should be checked by the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	61	# requesting server. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	62	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	63	#limit_profile_requests_to_users_who_share_rooms: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	64
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	65	# If set to 'true', removes the need for authentication to access the server's
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	66	# public rooms directory through the client API, meaning that anyone can
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	67	# query the room directory. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	68	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	69	#allow_public_rooms_without_auth: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	70
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	71	# If set to 'true', allows any other homeserver to fetch the server's public
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	72	# rooms directory via federation. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	73	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	74	#allow_public_rooms_over_federation: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	75
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	76	# The default room version for newly created rooms.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	77	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	78	# Known room versions are listed here:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	79	# https://matrix.org/docs/spec/#complete-list-of-room-versions
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	80	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	81	# For example, for room version 1, default_room_version should be set
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	82	# to "1".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	83	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	84	#default_room_version: "5"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	85
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	86	# The GC threshold parameters to pass to `gc.set_threshold`, if defined
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	87	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	88	#gc_thresholds: [700, 10, 10]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	89
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	90	# Set the limit on the returned events in the timeline in the get
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	91	# and sync operations. The default value is -1, means no upper limit.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	92	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	93	#filter_timeline_limit: 5000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	94
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	95	# Whether room invites to users on this server should be blocked
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	96	# (except those sent by local server admins). The default is False.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	97	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	98	#block_non_admin_invites: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	99
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	100	# Room searching
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	101	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	102	# If disabled, new messages will not be indexed for searching and users
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	103	# will receive errors when searching for messages. Defaults to enabled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	104	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	105	#enable_search: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	106
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	107	# Restrict federation to the following whitelist of domains.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	108	# N.B. we recommend also firewalling your federation listener to limit
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	109	# inbound federation traffic as early as possible, rather than relying
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	110	# purely on this application-layer restriction. If not specified, the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	111	# default is to whitelist everything.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	112	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	113	#federation_domain_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	114	# - lon.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	115	# - nyc.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	116	# - syd.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	117
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	118	# Prevent federation requests from being sent to the following
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	119	# blacklist IP address CIDR ranges. If this option is not specified, or
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	120	# specified with an empty list, no ip range blacklist will be enforced.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	121	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	122	# As of Synapse v1.4.0 this option also affects any outbound requests to identity
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	123	# servers provided by user input.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	124	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	125	# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	126	# listed here, since they correspond to unroutable addresses.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	127	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	128	federation_ip_range_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	129	- '127.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	130	- '10.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	131	- '172.16.0.0/12'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	132	- '192.168.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	133	- '100.64.0.0/10'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	134	- '169.254.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	135	- '::1/128'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	136	- 'fe80::/64'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	137	- 'fc00::/7'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	138
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	139	# List of ports that Synapse should listen on, their purpose and their
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	140	# configuration.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	141	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	142	# Options for each listener include:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	143	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	144	# port: the TCP port to bind to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	145	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	146	# bind_addresses: a list of local addresses to listen on. The default is
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	147	# 'all local interfaces'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	148	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	149	# type: the type of listener. Normally 'http', but other valid options are:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	150	# 'manhole' (see docs/manhole.md),
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	151	# 'metrics' (see docs/metrics-howto.md),
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	152	# 'replication' (see docs/workers.md).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	153	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	154	# tls: set to true to enable TLS for this listener. Will use the TLS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	155	# key/cert specified in tls_private_key_path / tls_certificate_path.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	156	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	157	# x_forwarded: Only valid for an 'http' listener. Set to true to use the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	158	# X-Forwarded-For header as the client IP. Useful when Synapse is
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	159	# behind a reverse-proxy.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	160	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	161	# resources: Only valid for an 'http' listener. A list of resources to host
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	162	# on this port. Options for each resource are:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	163	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	164	# names: a list of names of HTTP resources. See below for a list of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	165	# valid resource names.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	166	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	167	# compress: set to true to enable HTTP comression for this resource.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	168	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	169	# additional_resources: Only valid for an 'http' listener. A map of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	170	# additional endpoints which should be loaded via dynamic modules.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	171	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	172	# Valid resource names are:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	173	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	174	# client: the client-server API (/_matrix/client), and the synapse admin
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	175	# API (/_synapse/admin). Also implies 'media' and 'static'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	176	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	177	# consent: user consent forms (/_matrix/consent). See
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	178	# docs/consent_tracking.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	179	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	180	# federation: the server-server API (/_matrix/federation). Also implies
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	181	# 'media', 'keys', 'openid'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	182	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	183	# keys: the key discovery API (/_matrix/keys).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	184	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	185	# media: the media API (/_matrix/media).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	186	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	187	# metrics: the metrics interface. See docs/metrics-howto.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	188	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	189	# openid: OpenID authentication.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	190	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	191	# replication: the HTTP replication API (/_synapse/replication). See
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	192	# docs/workers.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	193	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	194	# static: static resources under synapse/static (/_matrix/static). (Mostly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	195	# useful for 'fallback authentication'.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	196	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	197	# webclient: A web client. Requires web_client_location to be set.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	198	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	199	listeners:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	200	# TLS-enabled listener: for when matrix traffic is sent directly to synapse.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	201	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	202	# Disabled by default. To enable it, uncomment the following. (Note that you
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	203	# will also need to give Synapse a TLS key and certificate: see the TLS section
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	204	# below.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	205	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	206	#- port: 8448
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	207	# type: http
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	208	# tls: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	209	# resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	210	# - names: [client, federation]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	211
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	212	# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	213	# that unwraps TLS.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	214	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	215	# If you plan to use a reverse proxy, please see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	216	# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	217	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	218	- port: 8008
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	219	tls: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	220	type: http
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	221	x_forwarded: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	222	bind_addresses: ['::1', '127.0.0.1']
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	223
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	224	resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	225	- names: [client, federation]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	226	compress: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	227
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	228	# example additional_resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	229	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	230	#additional_resources:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	231	# "/_matrix/my/custom/endpoint":
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	232	# module: my_module.CustomRequestHandler
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	233	# config: {}
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	234
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	235	# Turn on the twisted ssh manhole service on localhost on the given
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	236	# port.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	237	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	238	#- port: 9000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	239	# bind_addresses: ['::1', '127.0.0.1']
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	240	# type: manhole
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	241
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	242	# Forward extremities can build up in a room due to networking delays between
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	243	# homeservers. Once this happens in a large room, calculation of the state of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	244	# that room can become quite expensive. To mitigate this, once the number of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	245	# forward extremities reaches a given threshold, Synapse will send an
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	246	# org.matrix.dummy_event event, which will reduce the forward extremities
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	247	# in the room.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	248	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	249	# This setting defines the threshold (i.e. number of forward extremities in the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	250	# room) at which dummy events are sent. The default value is 10.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	251	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	252	#dummy_events_threshold: 5
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	253
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	254
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	255	## Homeserver blocking ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	256
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	257	# How to reach the server admin, used in ResourceLimitError
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	258	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	259	#admin_contact: 'mailto:[email protected]'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	260
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	261	# Global blocking
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	262	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	263	#hs_disabled: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	264	#hs_disabled_message: 'Human readable reason for why the HS is blocked'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	265
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	266	# Monthly Active User Blocking
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	267	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	268	# Used in cases where the admin or server owner wants to limit to the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	269	# number of monthly active users.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	270	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	271	# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	272	# anabled and a limit is reached the server returns a 'ResourceLimitError'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	273	# with error type Codes.RESOURCE_LIMIT_EXCEEDED
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	274	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	275	# 'max_mau_value' is the hard limit of monthly active users above which
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	276	# the server will start blocking user actions.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	277	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	278	# 'mau_trial_days' is a means to add a grace period for active users. It
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	279	# means that users must be active for this number of days before they
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	280	# can be considered active and guards against the case where lots of users
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	281	# sign up in a short space of time never to return after their initial
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	282	# session.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	283	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	284	# 'mau_limit_alerting' is a means of limiting client side alerting
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	285	# should the mau limit be reached. This is useful for small instances
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	286	# where the admin has 5 mau seats (say) for 5 specific people and no
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	287	# interest increasing the mau limit further. Defaults to True, which
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	288	# means that alerting is enabled
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	289	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	290	#limit_usage_by_mau: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	291	#max_mau_value: 50
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	292	#mau_trial_days: 2
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	293	#mau_limit_alerting: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	294
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	295	# If enabled, the metrics for the number of monthly active users will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	296	# be populated, however no one will be limited. If limit_usage_by_mau
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	297	# is true, this is implied to be true.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	298	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	299	#mau_stats_only: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	300
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	301	# Sometimes the server admin will want to ensure certain accounts are
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	302	# never blocked by mau checking. These accounts are specified here.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	303	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	304	#mau_limit_reserved_threepids:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	305	# - medium: 'email'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	306	# address: '[email protected]'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	307
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	308	# Used by phonehome stats to group together related servers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	309	#server_context: context
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	310
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	311	# Resource-constrained homeserver Settings
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	312	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	313	# If limit_remote_rooms.enabled is True, the room complexity will be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	314	# checked before a user joins a new remote room. If it is above
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	315	# limit_remote_rooms.complexity, it will disallow joining or
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	316	# instantly leave.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	317	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	318	# limit_remote_rooms.complexity_error can be set to customise the text
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	319	# displayed to the user when a room above the complexity threshold has
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	320	# its join cancelled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	321	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	322	# Uncomment the below lines to enable:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	323	#limit_remote_rooms:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	324	# enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	325	# complexity: 1.0
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	326	# complexity_error: "This room is too complex."
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	327
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	328	# Whether to require a user to be in the room to add an alias to it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	329	# Defaults to 'true'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	330	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	331	#require_membership_for_aliases: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	332
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	333	# Whether to allow per-room membership profiles through the send of membership
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	334	# events with profile information that differ from the target's global profile.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	335	# Defaults to 'true'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	336	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	337	#allow_per_room_profiles: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	338
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	339	# How long to keep redacted events in unredacted form in the database. After
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	340	# this period redacted events get replaced with their redacted form in the DB.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	341	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	342	# Defaults to `7d`. Set to `null` to disable.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	343	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	344	#redaction_retention_period: 28d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	345
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	346	# How long to track users' last seen time and IPs in the database.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	347	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	348	# Defaults to `28d`. Set to `null` to disable clearing out of old rows.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	349	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	350	#user_ips_max_age: 14d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	351
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	352	# Message retention policy at the server level.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	353	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	354	# Room admins and mods can define a retention period for their rooms using the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	355	# 'm.room.retention' state event, and server admins can cap this period by setting
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	356	# the 'allowed_lifetime_min' and 'allowed_lifetime_max' config options.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	357	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	358	# If this feature is enabled, Synapse will regularly look for and purge events
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	359	# which are older than the room's maximum retention period. Synapse will also
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	360	# filter events received over federation so that events that should have been
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	361	# purged are ignored and not stored again.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	362	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	363	retention:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	364	# The message retention policies feature is disabled by default. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	365	# following line to enable it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	366	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	367	#enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	368
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	369	# Default retention policy. If set, Synapse will apply it to rooms that lack the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	370	# 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	371	# matter much because Synapse doesn't take it into account yet.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	372	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	373	#default_policy:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	374	# min_lifetime: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	375	# max_lifetime: 1y
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	376
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	377	# Retention policy limits. If set, a user won't be able to send a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	378	# 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	379	# that's not within this range. This is especially useful in closed federations,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	380	# in which server admins can make sure every federating server applies the same
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	381	# rules.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	382	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	383	#allowed_lifetime_min: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	384	#allowed_lifetime_max: 1y
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	385
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	386	# Server admins can define the settings of the background jobs purging the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	387	# events which lifetime has expired under the 'purge_jobs' section.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	388	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	389	# If no configuration is provided, a single job will be set up to delete expired
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	390	# events in every room daily.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	391	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	392	# Each job's configuration defines which range of message lifetimes the job
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	393	# takes care of. For example, if 'shortest_max_lifetime' is '2d' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	394	# 'longest_max_lifetime' is '3d', the job will handle purging expired events in
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	395	# rooms whose state defines a 'max_lifetime' that's both higher than 2 days, and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	396	# lower than or equal to 3 days. Both the minimum and the maximum value of a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	397	# range are optional, e.g. a job with no 'shortest_max_lifetime' and a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	398	# 'longest_max_lifetime' of '3d' will handle every room with a retention policy
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	399	# which 'max_lifetime' is lower than or equal to three days.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	400	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	401	# The rationale for this per-job configuration is that some rooms might have a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	402	# retention policy with a low 'max_lifetime', where history needs to be purged
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	403	# of outdated messages on a more frequent basis than for the rest of the rooms
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	404	# (e.g. every 12h), but not want that purge to be performed by a job that's
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	405	# iterating over every room it knows, which could be heavy on the server.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	406	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	407	#purge_jobs:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	408	# - shortest_max_lifetime: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	409	# longest_max_lifetime: 3d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	410	# interval: 12h
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	411	# - shortest_max_lifetime: 3d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	412	# longest_max_lifetime: 1y
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	413	# interval: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	414
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	415	# Inhibits the /requestToken endpoints from returning an error that might leak
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	416	# information about whether an e-mail address is in use or not on this
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	417	# homeserver.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	418	# Note that for some endpoints the error situation is the e-mail already being
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	419	# used, and for others the error is entering the e-mail being unused.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	420	# If this option is enabled, instead of returning an error, these endpoints will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	421	# act as if no error happened and return a fake session ID ('sid') to clients.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	422	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	423	#request_token_inhibit_3pid_errors: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	424
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	425
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	426	## TLS ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	427
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	428	# PEM-encoded X509 certificate for TLS.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	429	# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	430	# certificate, signed by a recognised Certificate Authority.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	431	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	432	# See 'ACME support' below to enable auto-provisioning this certificate via
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	433	# Let's Encrypt.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	434	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	435	# If supplying your own, be sure to use a `.pem` file that includes the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	436	# full certificate chain including any intermediate certificates (for
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	437	# instance, if using certbot, use `fullchain.pem` as your certificate,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	438	# not `cert.pem`).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	439	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	440	#tls_certificate_path: "/home/lhoersten/nth.io.tls.crt"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	441
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	442	# PEM-encoded private key for TLS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	443	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	444	#tls_private_key_path: "/home/lhoersten/nth.io.tls.key"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	445
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	446	# Whether to verify TLS server certificates for outbound federation requests.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	447	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	448	# Defaults to `true`. To disable certificate verification, uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	449	# following line.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	450	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	451	#federation_verify_certificates: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	452
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	453	# The minimum TLS version that will be used for outbound federation requests.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	454	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	455	# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	456	# that setting this value higher than `1.2` will prevent federation to most
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	457	# of the public Matrix network: only configure it to `1.3` if you have an
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	458	# entirely private federation setup and you can ensure TLS 1.3 support.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	459	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	460	#federation_client_minimum_tls_version: 1.2
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	461
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	462	# Skip federation certificate verification on the following whitelist
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	463	# of domains.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	464	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	465	# This setting should only be used in very specific cases, such as
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	466	# federation over Tor hidden services and similar. For private networks
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	467	# of homeservers, you likely want to use a private CA instead.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	468	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	469	# Only effective if federation_verify_certicates is `true`.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	470	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	471	#federation_certificate_verification_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	472	# - lon.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	473	# - *.domain.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	474	# - *.onion
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	475
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	476	# List of custom certificate authorities for federation traffic.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	477	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	478	# This setting should only normally be used within a private network of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	479	# homeservers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	480	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	481	# Note that this list will replace those that are provided by your
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	482	# operating environment. Certificates must be in PEM format.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	483	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	484	#federation_custom_ca_list:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	485	# - myCA1.pem
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	486	# - myCA2.pem
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	487	# - myCA3.pem
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	488
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	489	# ACME support: This will configure Synapse to request a valid TLS certificate
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	490	# for your configured `server_name` via Let's Encrypt.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	491	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	492	# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	493	# ACME v2. This means that this feature currently won't work with installs set
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	494	# up after November 2019. For more info, and alternative solutions, see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	495	# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	496	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	497	# Note that provisioning a certificate in this way requires port 80 to be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	498	# routed to Synapse so that it can complete the http-01 ACME challenge.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	499	# By default, if you enable ACME support, Synapse will attempt to listen on
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	500	# port 80 for incoming http-01 challenges - however, this will likely fail
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	501	# with 'Permission denied' or a similar error.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	502	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	503	# There are a couple of potential solutions to this:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	504	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	505	# * If you already have an Apache, Nginx, or similar listening on port 80,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	506	# you can configure Synapse to use an alternate port, and have your web
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	507	# server forward the requests. For example, assuming you set 'port: 8009'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	508	# below, on Apache, you would write:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	509	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	510	# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	511	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	512	# * Alternatively, you can use something like `authbind` to give Synapse
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	513	# permission to listen on port 80.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	514	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	515	acme:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	516	# ACME support is disabled by default. Set this to `true` and uncomment
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	517	# tls_certificate_path and tls_private_key_path above to enable it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	518	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	519	enabled: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	520
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	521	# Endpoint to use to request certificates. If you only want to test,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	522	# use Let's Encrypt's staging url:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	523	# https://acme-staging.api.letsencrypt.org/directory
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	524	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	525	#url: https://acme-v01.api.letsencrypt.org/directory
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	526
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	527	# Port number to listen on for the HTTP-01 challenge. Change this if
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	528	# you are forwarding connections through Apache/Nginx/etc.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	529	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	530	port: 80
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	531
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	532	# Local addresses to listen on for incoming connections.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	533	# Again, you may want to change this if you are forwarding connections
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	534	# through Apache/Nginx/etc.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	535	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	536	bind_addresses: ['::', '0.0.0.0']
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	537
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	538	# How many days remaining on a certificate before it is renewed.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	539	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	540	reprovision_threshold: 30
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	541
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	542	# The domain that the certificate should be for. Normally this
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	543	# should be the same as your Matrix domain (i.e., 'server_name'), but,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	544	# by putting a file at 'https://<server_name>/.well-known/matrix/server',
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	545	# you can delegate incoming traffic to another server. If you do that,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	546	# you should give the target of the delegation here.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	547	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	548	# For example: if your 'server_name' is 'example.com', but
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	549	# 'https://example.com/.well-known/matrix/server' delegates to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	550	# 'matrix.example.com', you should put 'matrix.example.com' here.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	551	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	552	# If not set, defaults to your 'server_name'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	553	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	554	domain: matrix.example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	555
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	556	# file to use for the account key. This will be generated if it doesn't
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	557	# exist.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	558	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	559	# If unspecified, we will use CONFDIR/client.key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	560	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	561	account_key_file: /home/lhoersten/acme_account.key
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	562
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	563	# List of allowed TLS fingerprints for this server to publish along
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	564	# with the signing keys for this server. Other matrix servers that
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	565	# make HTTPS requests to this server will check that the TLS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	566	# certificates returned by this server match one of the fingerprints.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	567	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	568	# Synapse automatically adds the fingerprint of its own certificate
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	569	# to the list. So if federation traffic is handled directly by synapse
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	570	# then no modification to the list is required.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	571	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	572	# If synapse is run behind a load balancer that handles the TLS then it
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	573	# will be necessary to add the fingerprints of the certificates used by
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	574	# the loadbalancers to this list if they are different to the one
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	575	# synapse is using.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	576	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	577	# Homeservers are permitted to cache the list of TLS fingerprints
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	578	# returned in the key responses up to the "valid_until_ts" returned in
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	579	# key. It may be necessary to publish the fingerprints of a new
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	580	# certificate and wait until the "valid_until_ts" of the previous key
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	581	# responses have passed before deploying it.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	582	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	583	# You can calculate a fingerprint from a given TLS listener via:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	584	# openssl s_client -connect $host:$port < /dev/null 2> /dev/null \|
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	585	# openssl x509 -outform DER \| openssl sha256 -binary \| base64 \| tr -d '='
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	586	# or by checking matrix.org/federationtester/api/report?server_name=$host
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	587	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	588	#tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	589
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	590
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	591
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	592	## Database ##
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	593
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	594	# The 'database' setting defines the database that synapse uses to store all of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	595	# its data.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	596	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	597	# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	598	# 'psycopg2' (for PostgreSQL).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	599	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	600	# 'args' gives options which are passed through to the database engine,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	601	# except for options starting 'cp_', which are used to configure the Twisted
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	602	# connection pool. For a reference to valid arguments, see:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	603	# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	604	# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	605	# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	606	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	607	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	608	# Example SQLite configuration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	609	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	610	#database:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	611	# name: sqlite3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	612	# args:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	613	# database: /path/to/homeserver.db
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	614	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	615	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	616	# Example Postgres configuration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	617	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	618	#database:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	619	# name: psycopg2
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	620	# args:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	621	# user: synapse
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	622	# password: secretpassword
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	623	# database: synapse
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	624	# host: localhost
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	625	# cp_min: 5
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	626	# cp_max: 10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	627	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	628	# For more information on using Synapse with Postgres, see `docs/postgres.md`.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	629	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	630	database:
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	631	name: sqlite3
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	632	args:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	633	database: "{{matrix_synapse_db}}"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	634
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	635	# Number of events to cache in memory.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	636	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	637	#event_cache_size: 10K
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	638
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	639
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	640	## Logging ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	641
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	642	# A yaml python logging config file as described by
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	643	# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	644	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	645	log_config: "/etc/matrix-synapse/log.yaml"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	646
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	647
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	648	## Ratelimiting ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	649
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	650	# Ratelimiting settings for client actions (registration, login, messaging).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	651	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	652	# Each ratelimiting configuration is made of two parameters:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	653	# - per_second: number of requests a client can send per second.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	654	# - burst_count: number of requests a client can send before being throttled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	655	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	656	# Synapse currently uses the following configurations:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	657	# - one for messages that ratelimits sending based on the account the client
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	658	# is using
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	659	# - one for registration that ratelimits registration requests based on the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	660	# client's IP address.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	661	# - one for login that ratelimits login requests based on the client's IP
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	662	# address.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	663	# - one for login that ratelimits login requests based on the account the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	664	# client is attempting to log into.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	665	# - one for login that ratelimits login requests based on the account the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	666	# client is attempting to log into, based on the amount of failed login
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	667	# attempts for this account.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	668	# - one for ratelimiting redactions by room admins. If this is not explicitly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	669	# set then it uses the same ratelimiting as per rc_message. This is useful
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	670	# to allow room admins to deal with abuse quickly.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	671	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	672	# The defaults are as shown below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	673	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	674	#rc_message:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	675	# per_second: 0.2
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	676	# burst_count: 10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	677	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	678	#rc_registration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	679	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	680	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	681	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	682	#rc_login:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	683	# address:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	684	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	685	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	686	# account:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	687	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	688	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	689	# failed_attempts:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	690	# per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	691	# burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	692	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	693	#rc_admin_redaction:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	694	# per_second: 1
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	695	# burst_count: 50
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	696
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	697
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	698	# Ratelimiting settings for incoming federation
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	699	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	700	# The rc_federation configuration is made up of the following settings:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	701	# - window_size: window size in milliseconds
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	702	# - sleep_limit: number of federation requests from a single server in
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	703	# a window before the server will delay processing the request.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	704	# - sleep_delay: duration in milliseconds to delay processing events
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	705	# from remote servers by if they go over the sleep limit.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	706	# - reject_limit: maximum number of concurrent federation requests
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	707	# allowed from a single server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	708	# - concurrent: number of federation requests to concurrently process
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	709	# from a single server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	710	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	711	# The defaults are as shown below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	712	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	713	#rc_federation:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	714	# window_size: 1000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	715	# sleep_limit: 10
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	716	# sleep_delay: 500
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	717	# reject_limit: 50
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	718	# concurrent: 3
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	719
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	720	# Target outgoing federation transaction frequency for sending read-receipts,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	721	# per-room.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	722	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	723	# If we end up trying to send out more read-receipts, they will get buffered up
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	724	# into fewer transactions.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	725	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	726	#federation_rr_transactions_per_room_per_second: 50
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	727
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	728
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	729
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	730	## Media Store ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	731
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	732	# Enable the media store service in the Synapse master. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	733	# following if you are using a separate media store worker.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	734	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	735	#enable_media_repo: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	736
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	737	# Directory where uploaded images and attachments are stored.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	738	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	739	media_store_path: "{{matrix_synapse_media_store}}"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	740
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	741	# Media storage providers allow media to be stored in different
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	742	# locations.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	743	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	744	#media_storage_providers:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	745	# - module: file_system
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	746	# # Whether to store newly uploaded local files
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	747	# store_local: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	748	# # Whether to store newly downloaded remote files
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	749	# store_remote: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	750	# # Whether to wait for successful storage for local uploads
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	751	# store_synchronous: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	752	# config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	753	# directory: /mnt/some/other/directory
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	754
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	755	# The largest allowed upload size in bytes
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	756	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	757	#max_upload_size: 10M
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	758
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	759	# Maximum number of pixels that will be thumbnailed
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	760	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	761	#max_image_pixels: 32M
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	762
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	763	# Whether to generate new thumbnails on the fly to precisely match
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	764	# the resolution requested by the client. If true then whenever
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	765	# a new resolution is requested by the client the server will
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	766	# generate a new thumbnail. If false the server will pick a thumbnail
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	767	# from a precalculated list.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	768	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	769	#dynamic_thumbnails: false
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	770
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	771	# List of thumbnails to precalculate when an image is uploaded.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	772	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	773	#thumbnail_sizes:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	774	# - width: 32
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	775	# height: 32
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	776	# method: crop
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	777	# - width: 96
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	778	# height: 96
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	779	# method: crop
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	780	# - width: 320
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	781	# height: 240
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	782	# method: scale
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	783	# - width: 640
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	784	# height: 480
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	785	# method: scale
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	786	# - width: 800
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	787	# height: 600
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	788	# method: scale
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	789
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	790	# Is the preview URL API enabled?
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	791	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	792	# 'false' by default: uncomment the following to enable it (and specify a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	793	# url_preview_ip_range_blacklist blacklist).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	794	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	795	#url_preview_enabled: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	796
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	797	# List of IP address CIDR ranges that the URL preview spider is denied
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	798	# from accessing. There are no defaults: you must explicitly
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	799	# specify a list for URL previewing to work. You should specify any
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	800	# internal services in your network that you do not want synapse to try
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	801	# to connect to, otherwise anyone in any Matrix room could cause your
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	802	# synapse to issue arbitrary GET requests to your internal services,
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	803	# causing serious security issues.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	804	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	805	# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	806	# listed here, since they correspond to unroutable addresses.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	807	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	808	# This must be specified if url_preview_enabled is set. It is recommended that
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	809	# you uncomment the following list as a starting point.
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	810	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	811	#url_preview_ip_range_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	812	# - '127.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	813	# - '10.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	814	# - '172.16.0.0/12'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	815	# - '192.168.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	816	# - '100.64.0.0/10'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	817	# - '169.254.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	818	# - '::1/128'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	819	# - 'fe80::/64'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	820	# - 'fc00::/7'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	821
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	822	# List of IP address CIDR ranges that the URL preview spider is allowed
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	823	# to access even if they are specified in url_preview_ip_range_blacklist.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	824	# This is useful for specifying exceptions to wide-ranging blacklisted
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	825	# target IP ranges - e.g. for enabling URL previews for a specific private
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	826	# website only visible in your network.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	827	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	828	#url_preview_ip_range_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	829	# - '192.168.1.1'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	830
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	831	# Optional list of URL matches that the URL preview spider is
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	832	# denied from accessing. You should use url_preview_ip_range_blacklist
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	833	# in preference to this, otherwise someone could define a public DNS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	834	# entry that points to a private IP address and circumvent the blacklist.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	835	# This is more useful if you know there is an entire shape of URL that
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	836	# you know that will never want synapse to try to spider.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	837	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	838	# Each list entry is a dictionary of url component attributes as returned
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	839	# by urlparse.urlsplit as applied to the absolute form of the URL. See
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	840	# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	841	# The values of the dictionary are treated as an filename match pattern
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	842	# applied to that component of URLs, unless they start with a ^ in which
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	843	# case they are treated as a regular expression match. If all the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	844	# specified component matches for a given list item succeed, the URL is
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	845	# blacklisted.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	846	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	847	#url_preview_url_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	848	# # blacklist any URL with a username in its URI
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	849	# - username: '*'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	850	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	851	# # blacklist all *.google.com URLs
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	852	# - netloc: 'google.com'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	853	# - netloc: '*.google.com'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	854	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	855	# # blacklist all plain HTTP URLs
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	856	# - scheme: 'http'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	857	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	858	# # blacklist http(s)://www.acme.com/foo
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	859	# - netloc: 'www.acme.com'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	860	# path: '/foo'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	861	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	862	# # blacklist any URL with a literal IPv4 address
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	863	# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	864
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	865	# The largest allowed URL preview spidering size in bytes
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	866	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	867	#max_spider_size: 10M
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	868
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	869	# A list of values for the Accept-Language HTTP header used when
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	870	# downloading webpages during URL preview generation. This allows
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	871	# Synapse to specify the preferred languages that URL previews should
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	872	# be in when communicating with remote servers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	873	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	874	# Each value is a IETF language tag; a 2-3 letter identifier for a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	875	# language, optionally followed by subtags separated by '-', specifying
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	876	# a country or region variant.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	877	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	878	# Multiple values can be provided, and a weight can be added to each by
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	879	# using quality value syntax (;q=). '*' translates to any language.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	880	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	881	# Defaults to "en".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	882	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	883	# Example:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	884	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	885	# url_preview_accept_language:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	886	# - en-UK
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	887	# - en-US;q=0.9
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	888	# - fr;q=0.8
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	889	# - *;q=0.7
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	890	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	891	url_preview_accept_language:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	892	# - en
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	893
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	894
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	895	## Captcha ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	896	# See docs/CAPTCHA_SETUP for full details of configuring this.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	897
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	898	# This homeserver's ReCAPTCHA public key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	899	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	900	#recaptcha_public_key: "YOUR_PUBLIC_KEY"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	901
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	902	# This homeserver's ReCAPTCHA private key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	903	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	904	#recaptcha_private_key: "YOUR_PRIVATE_KEY"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	905
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	906	# Enables ReCaptcha checks when registering, preventing signup
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	907	# unless a captcha is answered. Requires a valid ReCaptcha
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	908	# public/private key.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	909	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	910	#enable_registration_captcha: false
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	911
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	912	# The API endpoint to use for verifying m.login.recaptcha responses.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	913	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	914	#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	915
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	916
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	917	## TURN ##
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	918
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	919	# The public URIs of the TURN server to give to clients
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	920	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	921	#turn_uris: []
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	922
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	923	# The shared secret used to compute passwords for the TURN server
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	924	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	925	#turn_shared_secret: "YOUR_SHARED_SECRET"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	926
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	927	# The Username and password if the TURN server needs them and
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	928	# does not use a token
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	929	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	930	#turn_username: "TURNSERVER_USERNAME"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	931	#turn_password: "TURNSERVER_PASSWORD"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	932
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	933	# How long generated TURN credentials last
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	934	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	935	#turn_user_lifetime: 1h
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	936
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	937	# Whether guests should be allowed to use the TURN server.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	938	# This defaults to True, otherwise VoIP will be unreliable for guests.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	939	# However, it does introduce a slight security risk as it allows users to
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	940	# connect to arbitrary endpoints without having first signed up for a
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	941	# valid account (e.g. by passing a CAPTCHA).
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	942	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	943	#turn_allow_guests: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	944
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	945
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	946	## Registration ##
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	947	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	948	# Registration can be rate-limited using the parameters in the "Ratelimiting"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	949	# section of this file.
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	950
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	951	# Enable registration for new users.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	952	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	953	enable_registration: {{matrix_synapse_enable_registrations}}
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	954
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	955	# Optional account validity configuration. This allows for accounts to be denied
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	956	# any request after a given period.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	957	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	958	# Once this feature is enabled, Synapse will look for registered users without an
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	959	# expiration date at startup and will add one to every account it found using the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	960	# current settings at that time.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	961	# This means that, if a validity period is set, and Synapse is restarted (it will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	962	# then derive an expiration date from the current validity period), and some time
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	963	# after that the validity period changes and Synapse is restarted, the users'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	964	# expiration dates won't be updated unless their account is manually renewed. This
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	965	# date will be randomly selected within a range [now + period - d ; now + period],
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	966	# where d is equal to 10% of the validity period.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	967	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	968	account_validity:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	969	# The account validity feature is disabled by default. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	970	# following line to enable it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	971	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	972	#enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	973
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	974	# The period after which an account is valid after its registration. When
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	975	# renewing the account, its validity period will be extended by this amount
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	976	# of time. This parameter is required when using the account validity
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	977	# feature.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	978	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	979	#period: 6w
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	980
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	981	# The amount of time before an account's expiry date at which Synapse will
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	982	# send an email to the account's email address with a renewal link. By
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	983	# default, no such emails are sent.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	984	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	985	# If you enable this setting, you will also need to fill out the 'email' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	986	# 'public_baseurl' configuration sections.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	987	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	988	#renew_at: 1w
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	989
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	990	# The subject of the email sent out with the renewal link. '%(app)s' can be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	991	# used as a placeholder for the 'app_name' parameter from the 'email'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	992	# section.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	993	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	994	# Note that the placeholder must be written '%(app)s', including the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	995	# trailing 's'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	996	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	997	# If this is not set, a default value is used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	998	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	999	#renew_email_subject: "Renew your %(app)s account"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1000
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1001	# Directory in which Synapse will try to find templates for the HTML files to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1002	# serve to the user when trying to renew an account. If not set, default
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1003	# templates from within the Synapse package will be used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1004	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1005	#template_dir: "res/templates"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1006
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1007	# File within 'template_dir' giving the HTML to be displayed to the user after
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1008	# they successfully renewed their account. If not set, default text is used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1009	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1010	#account_renewed_html_path: "account_renewed.html"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1011
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1012	# File within 'template_dir' giving the HTML to be displayed when the user
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1013	# tries to renew an account with an invalid renewal token. If not set,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1014	# default text is used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1015	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1016	#invalid_token_html_path: "invalid_token.html"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1017
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1018	# Time that a user's session remains valid for, after they log in.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1019	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1020	# Note that this is not currently compatible with guest logins.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1021	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1022	# Note also that this is calculated at login time: changes are not applied
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1023	# retrospectively to users who have already logged in.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1024	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1025	# By default, this is infinite.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1026	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1027	#session_lifetime: 24h
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1028
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1029	# The user must provide all of the below types of 3PID when registering.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1030	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1031	#registrations_require_3pid:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1032	# - email
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1033	# - msisdn
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1034
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1035	# Explicitly disable asking for MSISDNs from the registration
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1036	# flow (overrides registrations_require_3pid if MSISDNs are set as required)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1037	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1038	#disable_msisdn_registration: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1039
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1040	# Mandate that users are only allowed to associate certain formats of
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1041	# 3PIDs with accounts on this server.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1042	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1043	#allowed_local_3pids:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1044	# - medium: email
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1045	# pattern: '.*@matrix\.org'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1046	# - medium: email
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1047	# pattern: '.*@vector\.im'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1048	# - medium: msisdn
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1049	# pattern: '\+44'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1050
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1051	# Enable 3PIDs lookup requests to identity servers from this server.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1052	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1053	#enable_3pid_lookup: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1054
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1055	# If set, allows registration of standard or admin accounts by anyone who
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1056	# has the shared secret, even if registration is otherwise disabled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1057	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1058	registration_shared_secret: "UgG6FB~1cV1Z5:v+_6m1tE4m143m6xMfiBp:T+ZhF+sNdeH*"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1059
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1060	# Set the number of bcrypt rounds used to generate password hash.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1061	# Larger numbers increase the work factor needed to generate the hash.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1062	# The default number is 12 (which equates to 2^12 rounds).
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1063	# N.B. that increasing this will exponentially increase the time required
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1064	# to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1065	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1066	#bcrypt_rounds: 12
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1067
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1068	# Allows users to register as guests without a password/email/etc, and
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1069	# participate in rooms hosted on this server which have been made
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1070	# accessible to anonymous users.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1071	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1072	#allow_guest_access: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1073
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1074	# The identity server which we suggest that clients should use when users log
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1075	# in on this server.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1076	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1077	# (By default, no suggestion is made, so it is left up to the client.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1078	# This setting is ignored unless public_baseurl is also set.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1079	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1080	#default_identity_server: https://matrix.org
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1081
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1082	# The list of identity servers trusted to verify third party
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1083	# identifiers by this server.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1084	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1085	# Also defines the ID server which will be called when an account is
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1086	# deactivated (one will be picked arbitrarily).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1087	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1088	# Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1089	# server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1090	# background migration script, informing itself that the identity server all of its
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1091	# 3PIDs have been bound to is likely one of the below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1092	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1093	# As of Synapse v1.4.0, all other functionality of this option has been deprecated, and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1094	# it is now solely used for the purposes of the background migration script, and can be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1095	# removed once it has run.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1096	#trusted_third_party_id_servers:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1097	# - matrix.org
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1098	# - vector.im
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1099
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1100	# Handle threepid (email/phone etc) registration and password resets through a set of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1101	# trusted identity servers. Note that this allows the configured identity server to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1102	# reset passwords for accounts!
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1103	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1104	# Be aware that if `email` is not set, and SMTP options have not been
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1105	# configured in the email config block, registration and user password resets via
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1106	# email will be globally disabled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1107	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1108	# Additionally, if `msisdn` is not set, registration and password resets via msisdn
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1109	# will be disabled regardless. This is due to Synapse currently not supporting any
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1110	# method of sending SMS messages on its own.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1111	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1112	# To enable using an identity server for operations regarding a particular third-party
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1113	# identifier type, set the value to the URL of that identity server as shown in the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1114	# examples below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1115	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1116	# Servers handling the these requests must answer the `/requestToken` endpoints defined
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1117	# by the Matrix Identity Service API specification:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1118	# https://matrix.org/docs/spec/identity_service/latest
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1119	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1120	# If a delegate is specified, the config option public_baseurl must also be filled out.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1121	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1122	account_threepid_delegates:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1123	#email: https://example.com # Delegate email sending to example.com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1124	#msisdn: http://localhost:8090 # Delegate SMS sending to this local process
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1125
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1126	# Whether users are allowed to change their displayname after it has
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1127	# been initially set. Useful when provisioning users based on the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1128	# contents of a third-party directory.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1129	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1130	# Does not apply to server administrators. Defaults to 'true'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1131	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1132	#enable_set_displayname: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1133
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1134	# Whether users are allowed to change their avatar after it has been
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1135	# initially set. Useful when provisioning users based on the contents
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1136	# of a third-party directory.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1137	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1138	# Does not apply to server administrators. Defaults to 'true'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1139	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1140	#enable_set_avatar_url: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1141
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1142	# Whether users can change the 3PIDs associated with their accounts
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1143	# (email address and msisdn).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1144	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1145	# Defaults to 'true'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1146	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1147	#enable_3pid_changes: false
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1148
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1149	# Users who register on this homeserver will automatically be joined
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1150	# to these rooms
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1151	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1152	#auto_join_rooms:
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1153	# - "#example:example.com"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1154
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1155	# Where auto_join_rooms are specified, setting this flag ensures that the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1156	# the rooms exist by creating them when the first user on the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1157	# homeserver registers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1158	# Setting to false means that if the rooms are not manually created,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1159	# users cannot be auto-joined since they do not exist.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1160	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1161	#autocreate_auto_join_rooms: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1162
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1163
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1164	## Metrics ###
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1165
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1166	# Enable collection and rendering of performance metrics
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1167	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1168	#enable_metrics: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1169
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1170	# Enable sentry integration
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1171	# NOTE: While attempts are made to ensure that the logs don't contain
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1172	# any sensitive information, this cannot be guaranteed. By enabling
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1173	# this option the sentry server may therefore receive sensitive
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1174	# information, and it in turn may then diseminate sensitive information
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1175	# through insecure notification channels if so configured.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1176	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1177	#sentry:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1178	# dsn: "..."
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1179
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1180	# Flags to enable Prometheus metrics which are not suitable to be
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1181	# enabled by default, either for performance reasons or limited use.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1182	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1183	metrics_flags:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1184	# Publish synapse_federation_known_servers, a gauge of the number of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1185	# servers this homeserver knows about, including itself. May cause
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1186	# performance problems on large homeservers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1187	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1188	#known_servers: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1189
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1190	# Whether or not to report anonymized homeserver usage statistics.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1191	report_stats: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1192
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1193	# The endpoint to report the anonymized homeserver usage statistics to.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1194	# Defaults to https://matrix.org/report-usage-stats/push
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1195	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1196	#report_stats_endpoint: https://example.com/report-usage-stats/push
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1197
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1198
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1199	## API Configuration ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1200
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1201	# A list of event types that will be included in the room_invite_state
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1202	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1203	#room_invite_state_types:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1204	# - "m.room.join_rules"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1205	# - "m.room.canonical_alias"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1206	# - "m.room.avatar"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1207	# - "m.room.encryption"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1208	# - "m.room.name"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1209
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1210
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1211	# A list of application service config files to use
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1212	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1213	#app_service_config_files:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1214	# - app_service_1.yaml
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1215	# - app_service_2.yaml
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1216
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1217	# Uncomment to enable tracking of application service IP addresses. Implicitly
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1218	# enables MAU tracking for application service users.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1219	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1220	#track_appservice_user_ips: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1221
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1222
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1223	# a secret which is used to sign access tokens. If none is specified,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1224	# the registration_shared_secret is used, if one is given; otherwise,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1225	# a secret key is derived from the signing key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1226	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1227	macaroon_secret_key: "yENyX9gJV:JDVK-yH.2Dls8dLE*PfEAD6ebKlDfA;e0#CYjNE:"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1228
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1229	# a secret which is used to calculate HMACs for form values, to stop
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1230	# falsification of values. Must be specified for the User Consent
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1231	# forms to work.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1232	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1233	form_secret: "xko,ABwYOV*SqSfu3PGyLq#ZdHe5tU9nwHE+rcKYmV0Q~@Hg#D"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1234
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1235	## Signing Keys ##
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1236
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1237	# Path to the signing key to sign messages with
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1238	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1239	signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1240
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1241	# The keys that the server used to sign messages with but won't use
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1242	# to sign new messages.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1243	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1244	old_signing_keys:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1245	# For each key, `key` should be the base64-encoded public key, and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1246	# `expired_ts`should be the time (in milliseconds since the unix epoch) that
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1247	# it was last used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1248	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1249	# It is possible to build an entry from an old signing.key file using the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1250	# `export_signing_key` script which is provided with synapse.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1251	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1252	# For example:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1253	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1254	#"ed25519:id": { key: "base64string", expired_ts: 123456789123 }
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1255
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1256	# How long key response published by this server is valid for.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1257	# Used to set the valid_until_ts in /key/v2 APIs.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1258	# Determines how quickly servers will query to check which keys
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1259	# are still valid.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1260	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1261	#key_refresh_interval: 1d
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1262
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1263	# The trusted servers to download signing keys from.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1264	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1265	# When we need to fetch a signing key, each server is tried in parallel.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1266	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1267	# Normally, the connection to the key server is validated via TLS certificates.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1268	# Additional security can be provided by configuring a `verify key`, which
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1269	# will make synapse check that the response is signed by that key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1270	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1271	# This setting supercedes an older setting named `perspectives`. The old format
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1272	# is still supported for backwards-compatibility, but it is deprecated.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1273	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1274	# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1275	# warning on start-up. To suppress this warning, set
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1276	# 'suppress_key_server_warning' to true.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1277	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1278	# Options for each entry in the list include:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1279	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1280	# server_name: the name of the server. required.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1281	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1282	# verify_keys: an optional map from key id to base64-encoded public key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1283	# If specified, we will check that the response is signed by at least
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1284	# one of the given keys.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1285	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1286	# accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1287	# and federation_verify_certificates is not `true`, synapse will refuse
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1288	# to start, because this would allow anyone who can spoof DNS responses
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1289	# to masquerade as the trusted key server. If you know what you are doing
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1290	# and are sure that your network environment provides a secure connection
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1291	# to the key server, you can set this to `true` to override this
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1292	# behaviour.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1293	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1294	# An example configuration might look like:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1295	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1296	#trusted_key_servers:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1297	# - server_name: "my_trusted_server.example.com"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1298	# verify_keys:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1299	# "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1300	# - server_name: "my_other_trusted_server.example.com"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1301	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1302	trusted_key_servers:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1303	- server_name: "matrix.org"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1304
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1305	# Uncomment the following to disable the warning that is emitted when the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1306	# trusted_key_servers include 'matrix.org'. See above.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1307	#
38 b4e705f4cda4 Suppress warning. Luke Hoersten <luke@hoersten.org> parents: 37 diff changeset	1308	suppress_key_server_warning: true
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1309
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1310	# The signing keys to use when acting as a trusted key server. If not specified
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1311	# defaults to the server signing key.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1312	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1313	# Can contain multiple keys, one per line.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1314	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1315	#key_server_signing_keys_path: "key_server_signing_keys.key"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1316
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1317
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1318	# Enable SAML2 for registration and login. Uses pysaml2.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1319	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1320	# At least one of `sp_config` or `config_path` must be set in this section to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1321	# enable SAML login.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1322	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1323	# (You will probably also want to set the following options to `false` to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1324	# disable the regular login/registration flows:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1325	# * enable_registration
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1326	# * password_config.enabled
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1327	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1328	# Once SAML support is enabled, a metadata file will be exposed at
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1329	# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1330	# use to configure your SAML IdP with. Alternatively, you can manually configure
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1331	# the IdP to use an ACS location of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1332	# https://<server>:<port>/_matrix/saml2/authn_response.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1333	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1334	saml2_config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1335	# `sp_config` is the configuration for the pysaml2 Service Provider.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1336	# See pysaml2 docs for format of config.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1337	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1338	# Default values will be used for the 'entityid' and 'service' settings,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1339	# so it is not normally necessary to specify them unless you need to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1340	# override them.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1341	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1342	#sp_config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1343	# # point this to the IdP's metadata. You can use either a local file or
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1344	# # (preferably) a URL.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1345	# metadata:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1346	# #local: ["saml2/idp.xml"]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1347	# remote:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1348	# - url: https://our_idp/metadata.xml
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1349	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1350	# # By default, the user has to go to our login page first. If you'd like
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1351	# # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1352	# # 'service.sp' section:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1353	# #
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1354	# #service:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1355	# # sp:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1356	# # allow_unsolicited: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1357	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1358	# # The examples below are just used to generate our metadata xml, and you
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1359	# # may well not need them, depending on your setup. Alternatively you
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1360	# # may need a whole lot more detail - see the pysaml2 docs!
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1361	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1362	# description: ["My awesome SP", "en"]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1363	# name: ["Test SP", "en"]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1364	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1365	# organization:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1366	# name: Example com
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1367	# display_name:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1368	# - ["Example co", "en"]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1369	# url: "http://example.com"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1370	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1371	# contact_person:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1372	# - given_name: Bob
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1373	# sur_name: "the Sysadmin"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1374	# email_address": ["[email protected]"]
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1375	# contact_type": technical
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1376
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1377	# Instead of putting the config inline as above, you can specify a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1378	# separate pysaml2 configuration file:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1379	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1380	#config_path: "/home/lhoersten/sp_conf.py"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1381
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1382	# The lifetime of a SAML session. This defines how long a user has to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1383	# complete the authentication process, if allow_unsolicited is unset.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1384	# The default is 5 minutes.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1385	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1386	#saml_session_lifetime: 5m
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1387
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1388	# An external module can be provided here as a custom solution to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1389	# mapping attributes returned from a saml provider onto a matrix user.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1390	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1391	user_mapping_provider:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1392	# The custom module's class. Uncomment to use a custom module.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1393	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1394	#module: mapping_provider.SamlMappingProvider
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1395
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1396	# Custom configuration values for the module. Below options are
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1397	# intended for the built-in provider, they should be changed if
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1398	# using a custom module. This section will be passed as a Python
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1399	# dictionary to the module's `parse_config` method.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1400	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1401	config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1402	# The SAML attribute (after mapping via the attribute maps) to use
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1403	# to derive the Matrix ID from. 'uid' by default.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1404	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1405	# Note: This used to be configured by the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1406	# saml2_config.mxid_source_attribute option. If that is still
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1407	# defined, its value will be used instead.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1408	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1409	#mxid_source_attribute: displayName
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1410
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1411	# The mapping system to use for mapping the saml attribute onto a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1412	# matrix ID.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1413	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1414	# Options include:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1415	# * 'hexencode' (which maps unpermitted characters to '=xx')
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1416	# * 'dotreplace' (which replaces unpermitted characters with
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1417	# '.').
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1418	# The default is 'hexencode'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1419	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1420	# Note: This used to be configured by the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1421	# saml2_config.mxid_mapping option. If that is still defined, its
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1422	# value will be used instead.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1423	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1424	#mxid_mapping: dotreplace
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1425
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1426	# In previous versions of synapse, the mapping from SAML attribute to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1427	# MXID was always calculated dynamically rather than stored in a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1428	# table. For backwards- compatibility, we will look for user_ids
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1429	# matching such a pattern before creating a new account.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1430	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1431	# This setting controls the SAML attribute which will be used for this
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1432	# backwards-compatibility lookup. Typically it should be 'uid', but if
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1433	# the attribute maps are changed, it may be necessary to change it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1434	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1435	# The default is 'uid'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1436	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1437	#grandfathered_mxid_source_attribute: upn
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1438
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1439	# Directory in which Synapse will try to find the template files below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1440	# If not set, default templates from within the Synapse package will be used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1441	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1442	# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1443	# If you do uncomment it, you will need to make sure that all the templates
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1444	# below are in the directory.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1445	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1446	# Synapse will look for the following templates in this directory:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1447	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1448	# * HTML page to display to users if something goes wrong during the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1449	# authentication process: 'saml_error.html'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1450	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1451	# This template doesn't currently need any variable to render.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1452	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1453	# You can see the default templates at:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1454	# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1455	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1456	#template_dir: "res/templates"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1457
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1458
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1459
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1460	# Enable CAS for registration and login.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1461	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1462	#cas_config:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1463	# enabled: true
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1464	# server_url: "https://cas-server.com"
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1465	# service_url: "https://homeserver.domain.com:8448"
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1466	# #displayname_attribute: name
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1467	# #required_attributes:
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1468	# # name: value
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1469
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1470
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1471	# Additional settings to use with single-sign on systems such as SAML2 and CAS.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1472	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1473	sso:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1474	# A list of client URLs which are whitelisted so that the user does not
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1475	# have to confirm giving access to their account to the URL. Any client
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1476	# whose URL starts with an entry in the following list will not be subject
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1477	# to an additional confirmation step after the SSO login is completed.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1478	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1479	# WARNING: An entry such as "https://my.client" is insecure, because it
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1480	# will also match "https://my.client.evil.site", exposing your users to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1481	# phishing attacks from evil.site. To avoid this, include a slash after the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1482	# hostname: "https://my.client/".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1483	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1484	# If public_baseurl is set, then the login fallback page (used by clients
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1485	# that don't natively support the required login flows) is whitelisted in
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1486	# addition to any URLs in this list.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1487	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1488	# By default, this list is empty.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1489	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1490	#client_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1491	# - https://riot.im/develop
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1492	# - https://my.custom.client/
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1493
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1494	# Directory in which Synapse will try to find the template files below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1495	# If not set, default templates from within the Synapse package will be used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1496	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1497	# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1498	# If you do uncomment it, you will need to make sure that all the templates
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1499	# below are in the directory.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1500	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1501	# Synapse will look for the following templates in this directory:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1502	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1503	# * HTML page for a confirmation step before redirecting back to the client
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1504	# with the login token: 'sso_redirect_confirm.html'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1505	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1506	# When rendering, this template is given three variables:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1507	# * redirect_url: the URL the user is about to be redirected to. Needs
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1508	# manual escaping (see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1509	# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1510	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1511	# * display_url: the same as `redirect_url`, but with the query
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1512	# parameters stripped. The intention is to have a
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1513	# human-readable URL to show to users, not to use it as
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1514	# the final address to redirect to. Needs manual escaping
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1515	# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1516	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1517	# * server_name: the homeserver's name.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1518	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1519	# * HTML page which notifies the user that they are authenticating to confirm
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1520	# an operation on their account during the user interactive authentication
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1521	# process: 'sso_auth_confirm.html'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1522	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1523	# When rendering, this template is given the following variables:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1524	# * redirect_url: the URL the user is about to be redirected to. Needs
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1525	# manual escaping (see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1526	# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1527	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1528	# * description: the operation which the user is being asked to confirm
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1529	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1530	# * HTML page shown after a successful user interactive authentication session:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1531	# 'sso_auth_success.html'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1532	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1533	# Note that this page must include the JavaScript which notifies of a successful authentication
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1534	# (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1535	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1536	# This template has no additional variables.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1537	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1538	# * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1539	# attempts to login: 'sso_account_deactivated.html'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1540	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1541	# This template has no additional variables.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1542	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1543	# You can see the default templates at:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1544	# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1545	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1546	#template_dir: "res/templates"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1547
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1548
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1549	# The JWT needs to contain a globally unique "sub" (subject) claim.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1550	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1551	#jwt_config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1552	# enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1553	# secret: "a secret"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1554	# algorithm: "HS256"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1555
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1556
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1557	password_config:
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1558	# Uncomment to disable password login
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1559	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1560	#enabled: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1561
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1562	# Uncomment to disable authentication against the local password
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1563	# database. This is ignored if `enabled` is false, and is only useful
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1564	# if you have other password_providers.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1565	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1566	#localdb_enabled: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1567
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1568	# Uncomment and change to a secret random string for extra security.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1569	# DO NOT CHANGE THIS AFTER INITIAL SETUP!
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1570	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1571	#pepper: "EVEN_MORE_SECRET"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1572
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1573	# Define and enforce a password policy. Each parameter is optional.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1574	# This is an implementation of MSC2000.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1575	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1576	policy:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1577	# Whether to enforce the password policy.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1578	# Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1579	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1580	#enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1581
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1582	# Minimum accepted length for a password.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1583	# Defaults to 0.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1584	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1585	#minimum_length: 15
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1586
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1587	# Whether a password must contain at least one digit.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1588	# Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1589	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1590	#require_digit: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1591
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1592	# Whether a password must contain at least one symbol.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1593	# A symbol is any character that's not a number or a letter.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1594	# Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1595	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1596	#require_symbol: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1597
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1598	# Whether a password must contain at least one lowercase letter.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1599	# Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1600	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1601	#require_lowercase: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1602
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1603	# Whether a password must contain at least one lowercase letter.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1604	# Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1605	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1606	#require_uppercase: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1607
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1608
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1609	# Configuration for sending emails from Synapse.
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1610	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1611	email:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1612	# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1613	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1614	#smtp_host: mail.server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1615
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1616	# The port on the mail server for outgoing SMTP. Defaults to 25.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1617	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1618	#smtp_port: 587
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1619
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1620	# Username/password for authentication to the SMTP server. By default, no
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1621	# authentication is attempted.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1622	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1623	# smtp_user: "exampleusername"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1624	# smtp_pass: "examplepassword"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1625
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1626	# Uncomment the following to require TLS transport security for SMTP.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1627	# By default, Synapse will connect over plain text, and will then switch to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1628	# TLS via STARTTLS if the SMTP server supports it. If this option is set,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1629	# Synapse will refuse to connect unless the server supports STARTTLS.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1630	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1631	#require_transport_security: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1632
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1633	# notif_from defines the "From" address to use when sending emails.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1634	# It must be set if email sending is enabled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1635	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1636	# The placeholder '%(app)s' will be replaced by the application name,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1637	# which is normally 'app_name' (below), but may be overridden by the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1638	# Matrix client application.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1639	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1640	# Note that the placeholder must be written '%(app)s', including the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1641	# trailing 's'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1642	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1643	#notif_from: "Your Friendly %(app)s homeserver <[email protected]>"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1644
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1645	# app_name defines the default value for '%(app)s' in notif_from. It
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1646	# defaults to 'Matrix'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1647	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1648	#app_name: my_branded_matrix_server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1649
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1650	# Uncomment the following to enable sending emails for messages that the user
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1651	# has missed. Disabled by default.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1652	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1653	#enable_notifs: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1654
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1655	# Uncomment the following to disable automatic subscription to email
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1656	# notifications for new users. Enabled by default.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1657	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1658	#notif_for_new_users: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1659
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1660	# Custom URL for client links within the email notifications. By default
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1661	# links will be based on "https://matrix.to".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1662	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1663	# (This setting used to be called riot_base_url; the old name is still
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1664	# supported for backwards-compatibility but is now deprecated.)
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1665	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1666	#client_base_url: "http://localhost/riot"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1667
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1668	# Configure the time that a validation email will expire after sending.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1669	# Defaults to 1h.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1670	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1671	#validation_token_lifetime: 15m
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1672
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1673	# Directory in which Synapse will try to find the template files below.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1674	# If not set, default templates from within the Synapse package will be used.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1675	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1676	# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1677	# If you do uncomment it, you will need to make sure that all the templates
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1678	# below are in the directory.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1679	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1680	# Synapse will look for the following templates in this directory:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1681	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1682	# * The contents of email notifications of missed events: 'notif_mail.html' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1683	# 'notif_mail.txt'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1684	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1685	# * The contents of account expiry notice emails: 'notice_expiry.html' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1686	# 'notice_expiry.txt'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1687	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1688	# * The contents of password reset emails sent by the homeserver:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1689	# 'password_reset.html' and 'password_reset.txt'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1690	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1691	# * HTML pages for success and failure that a user will see when they follow
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1692	# the link in the password reset email: 'password_reset_success.html' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1693	# 'password_reset_failure.html'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1694	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1695	# * The contents of address verification emails sent during registration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1696	# 'registration.html' and 'registration.txt'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1697	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1698	# * HTML pages for success and failure that a user will see when they follow
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1699	# the link in an address verification email sent during registration:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1700	# 'registration_success.html' and 'registration_failure.html'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1701	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1702	# * The contents of address verification emails sent when an address is added
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1703	# to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1704	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1705	# * HTML pages for success and failure that a user will see when they follow
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1706	# the link in an address verification email sent when an address is added
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1707	# to a Matrix account: 'add_threepid_success.html' and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1708	# 'add_threepid_failure.html'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1709	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1710	# You can see the default templates at:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1711	# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1712	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1713	#template_dir: "res/templates"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1714
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1715
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1716	# Password providers allow homeserver administrators to integrate
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1717	# their Synapse installation with existing authentication methods
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1718	# ex. LDAP, external tokens, etc.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1719	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1720	# For more information and known implementations, please see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1721	# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1722	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1723	# Note: instances wishing to use SAML or CAS authentication should
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1724	# instead use the `saml2_config` or `cas_config` options,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1725	# respectively.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1726	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1727	password_providers:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1728	# # Example config for an LDAP auth provider
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1729	# - module: "ldap_auth_provider.LdapAuthProvider"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1730	# config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1731	# enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1732	# uri: "ldap://ldap.example.com:389"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1733	# start_tls: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1734	# base: "ou=users,dc=example,dc=com"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1735	# attributes:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1736	# uid: "cn"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1737	# mail: "email"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1738	# name: "givenName"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1739	# #bind_dn:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1740	# #bind_password:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1741	# #filter: "(objectClass=posixAccount)"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1742
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1743
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1744
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1745	# Clients requesting push notifications can either have the body of
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1746	# the message sent in the notification poke along with other details
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1747	# like the sender, or just the event ID and room ID (`event_id_only`).
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1748	# If clients choose the former, this option controls whether the
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1749	# notification request includes the content of the event (other details
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1750	# like the sender are still included). For `event_id_only` push, it
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1751	# has no effect.
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1752	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1753	# For modern android devices the notification content will still appear
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1754	# because it is loaded by the app. iPhone, however will send a
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1755	# notification saying only that a message arrived and who it came from.
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1756	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1757	#push:
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1758	# include_content: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1759
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1760
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1761	#spam_checker:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1762	# module: "my_custom_project.SuperSpamChecker"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1763	# config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1764	# example_option: 'things'
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1765
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1766
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1767	# Uncomment to allow non-server-admin users to create groups on this server
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1768	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1769	#enable_group_creation: true
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1770
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1771	# If enabled, non server admins can only create groups with local parts
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1772	# starting with this prefix
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1773	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1774	#group_creation_prefix: "unofficial/"
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1775
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1776
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1777
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1778	# User Directory configuration
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1779	#
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1780	# 'enabled' defines whether users can search the user directory. If
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1781	# false then empty responses are returned to all queries. Defaults to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1782	# true.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1783	#
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1784	# 'search_all_users' defines whether to search all users visible to your HS
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1785	# when searching the user directory, rather than limiting to users visible
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1786	# in public rooms. Defaults to false. If you set it True, you'll have to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1787	# rebuild the user_directory search indexes, see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1788	# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
36 a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1789	#
a8627367c7be Add matrix synapse server role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1790	#user_directory:
37 2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1791	# enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1792	# search_all_users: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1793
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1794
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1795	# User Consent configuration
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1796	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1797	# for detailed instructions, see
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1798	# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1799	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1800	# Parts of this section are required if enabling the 'consent' resource under
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1801	# 'listeners', in particular 'template_dir' and 'version'.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1802	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1803	# 'template_dir' gives the location of the templates for the HTML forms.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1804	# This directory should contain one subdirectory per language (eg, 'en', 'fr'),
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1805	# and each language directory should contain the policy document (named as
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1806	# '<version>.html') and a success page (success.html).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1807	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1808	# 'version' specifies the 'current' version of the policy document. It defines
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1809	# the version to be served by the consent resource if there is no 'v'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1810	# parameter.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1811	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1812	# 'server_notice_content', if enabled, will send a user a "Server Notice"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1813	# asking them to consent to the privacy policy. The 'server_notices' section
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1814	# must also be configured for this to work. Notices will not be sent to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1815	# guest users unless 'send_server_notice_to_guests' is set to true.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1816	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1817	# 'block_events_error', if set, will block any attempts to send events
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1818	# until the user consents to the privacy policy. The value of the setting is
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1819	# used as the text of the error.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1820	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1821	# 'require_at_registration', if enabled, will add a step to the registration
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1822	# process, similar to how captcha works. Users will be required to accept the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1823	# policy before their account is created.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1824	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1825	# 'policy_name' is the display name of the policy users will see when registering
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1826	# for an account. Has no effect unless `require_at_registration` is enabled.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1827	# Defaults to "Privacy Policy".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1828	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1829	#user_consent:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1830	# template_dir: res/templates/privacy
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1831	# version: 1.0
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1832	# server_notice_content:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1833	# msgtype: m.text
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1834	# body: >-
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1835	# To continue using this homeserver you must review and agree to the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1836	# terms and conditions at %(consent_uri)s
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1837	# send_server_notice_to_guests: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1838	# block_events_error: >-
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1839	# To continue using this homeserver you must review and agree to the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1840	# terms and conditions at %(consent_uri)s
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1841	# require_at_registration: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1842	# policy_name: Privacy Policy
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1843	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1844
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1845
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1846
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1847	# Local statistics collection. Used in populating the room directory.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1848	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1849	# 'bucket_size' controls how large each statistics timeslice is. It can
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1850	# be defined in a human readable short form -- e.g. "1d", "1y".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1851	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1852	# 'retention' controls how long historical statistics will be kept for.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1853	# It can be defined in a human readable short form -- e.g. "1d", "1y".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1854	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1855	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1856	#stats:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1857	# enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1858	# bucket_size: 1d
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1859	# retention: 1y
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1860
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1861
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1862	# Server Notices room configuration
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1863	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1864	# Uncomment this section to enable a room which can be used to send notices
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1865	# from the server to users. It is a special room which cannot be left; notices
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1866	# come from a special "notices" user id.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1867	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1868	# If you uncomment this section, you must define the system_mxid_localpart
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1869	# setting, which defines the id of the user which will be used to send the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1870	# notices.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1871	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1872	# It's also possible to override the room name, the display name of the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1873	# "notices" user, and the avatar for the user.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1874	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1875	#server_notices:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1876	# system_mxid_localpart: notices
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1877	# system_mxid_display_name: "Server Notices"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1878	# system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1879	# room_name: "Server Notices"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1880
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1881
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1882
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1883	# Uncomment to disable searching the public room list. When disabled
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1884	# blocks searching local and remote room lists for local and remote
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1885	# users by always returning an empty list for all queries.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1886	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1887	#enable_room_list_search: false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1888
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1889	# The `alias_creation` option controls who's allowed to create aliases
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1890	# on this server.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1891	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1892	# The format of this option is a list of rules that contain globs that
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1893	# match against user_id, room_id and the new alias (fully qualified with
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1894	# server name). The action in the first rule that matches is taken,
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1895	# which can currently either be "allow" or "deny".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1896	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1897	# Missing user_id/room_id/alias fields default to "*".
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1898	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1899	# If no rules match the request is denied. An empty list means no one
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1900	# can create aliases.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1901	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1902	# Options for the rules include:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1903	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1904	# user_id: Matches against the creator of the alias
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1905	# alias: Matches against the alias being created
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1906	# room_id: Matches against the room ID the alias is being pointed at
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1907	# action: Whether to "allow" or "deny" the request if the rule matches
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1908	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1909	# The default is:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1910	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1911	#alias_creation_rules:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1912	# - user_id: "*"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1913	# alias: "*"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1914	# room_id: "*"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1915	# action: allow
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1916
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1917	# The `room_list_publication_rules` option controls who can publish and
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1918	# which rooms can be published in the public room list.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1919	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1920	# The format of this option is the same as that for
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1921	# `alias_creation_rules`.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1922	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1923	# If the room has one or more aliases associated with it, only one of
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1924	# the aliases needs to match the alias rule. If there are no aliases
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1925	# then only rules with `alias: *` match.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1926	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1927	# If no rules match the request is denied. An empty list means no one
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1928	# can publish rooms.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1929	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1930	# Options for the rules include:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1931	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1932	# user_id: Matches agaisnt the creator of the alias
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1933	# room_id: Matches against the room ID being published
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1934	# alias: Matches against any current local or canonical aliases
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1935	# associated with the room
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1936	# action: Whether to "allow" or "deny" the request if the rule matches
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1937	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1938	# The default is:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1939	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1940	#room_list_publication_rules:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1941	# - user_id: "*"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1942	# alias: "*"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1943	# room_id: "*"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1944	# action: allow
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1945
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1946
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1947	# Server admins can define a Python module that implements extra rules for
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1948	# allowing or denying incoming events. In order to work, this module needs to
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1949	# override the methods defined in synapse/events/third_party_rules.py.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1950	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1951	# This feature is designed to be used in closed federations only, where each
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1952	# participating server enforces the same rules.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1953	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1954	#third_party_event_rules:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1955	# module: "my_custom_project.SuperRulesSet"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1956	# config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1957	# example_option: 'things'
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1958
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1959
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1960	## Opentracing ##
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1961
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1962	# These settings enable opentracing, which implements distributed tracing.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1963	# This allows you to observe the causal chains of events across servers
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1964	# including requests, key lookups etc., across any server running
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1965	# synapse or any other other services which supports opentracing
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1966	# (specifically those implemented with Jaeger).
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1967	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1968	opentracing:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1969	# tracing is disabled by default. Uncomment the following line to enable it.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1970	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1971	#enabled: true
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1972
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1973	# The list of homeservers we wish to send and receive span contexts and span baggage.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1974	# See docs/opentracing.rst
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1975	# This is a list of regexes which are matched against the server_name of the
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1976	# homeserver.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1977	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1978	# By defult, it is empty, so no servers are matched.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1979	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1980	#homeserver_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1981	# - ".*"
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1982
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1983	# Jaeger can be configured to sample traces at different rates.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1984	# All configuration options provided by Jaeger can be set here.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1985	# Jaeger's configuration mostly related to trace sampling which
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1986	# is documented here:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1987	# https://www.jaegertracing.io/docs/1.13/sampling/.
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1988	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1989	#jaeger_config:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1990	# sampler:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1991	# type: const
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1992	# param: 1
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1993
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1994	# Logging whether spans were started and reported
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1995	#
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1996	# logging:
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1997	# false
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1998
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	1999
2ef98b7b40d4 Updated to buster-backports matrix. Luke Hoersten <luke@hoersten.org> parents: 36 diff changeset	2000	# vim:ft=yaml

author	Luke Hoersten <luke@hoersten.org>
	Tue, 09 Jun 2020 14:39:54 -0500
changeset 38	b4e705f4cda4
parent 37	2ef98b7b40d4
child 39	90b1b7c4be70
permissions	-rw-r--r--