matrix-synapse/templates/homeserver.yaml.j2
author Luke Hoersten <luke@hoersten.org>
Tue, 09 Jun 2020 14:39:54 -0500
changeset 38 b4e705f4cda4
parent 37 2ef98b7b40d4
child 39 90b1b7c4be70
permissions -rw-r--r--
Suppress warning.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     1
# Configuration file for Synapse.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     2
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     3
# This is a YAML file: see [1] for a quick introduction. Note in particular
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     4
# that *indentation is important*: all the elements of a list or dictionary
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     5
# should have the same indentation.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     6
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     7
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     8
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
     9
## Server ##
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    10
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    11
# The domain name of the server, with optional explicit port.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    12
# This is used by remote servers to connect to this server,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    13
# e.g. matrix.org, localhost:8080, etc.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    14
# This is also the last part of your UserID.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    15
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    16
server_name: "{{nginx_server_name}}"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    17
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    18
# When running as a daemon, the file to store the pid in
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    19
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    20
pid_file: "/var/run/matrix-synapse.pid"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    21
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    22
# The absolute URL to the web client which /_matrix/client will redirect
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    23
# to if 'webclient' is configured under the 'listeners' configuration.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    24
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    25
# This option can be also set to the filesystem path to the web client
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    26
# which will be served at /_matrix/client/ if 'webclient' is configured
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    27
# under the 'listeners' configuration, however this is a security risk:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    28
# https://github.com/matrix-org/synapse#security-note
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    29
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    30
#web_client_location: https://riot.example.com/
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    31
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    32
# The public-facing base URL that clients use to access this HS
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    33
# (not including _matrix/...). This is the same URL a user would
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    34
# enter into the 'custom HS URL' field on their client. If you
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    35
# use synapse with a reverse proxy, this should be the URL to reach
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    36
# synapse via the proxy.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    37
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    38
#public_baseurl: https://example.com/
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    39
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    40
# Set the soft limit on the number of file descriptors synapse can use
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    41
# Zero is used to indicate synapse should set the soft limit to the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    42
# hard limit.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    43
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    44
#soft_file_limit: 0
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    45
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    46
# Set to false to disable presence tracking on this homeserver.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    47
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    48
#use_presence: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    49
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    50
# Whether to require authentication to retrieve profile data (avatars,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    51
# display names) of other users through the client API. Defaults to
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    52
# 'false'. Note that profile data is also available via the federation
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    53
# API, so this setting is of limited value if federation is enabled on
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    54
# the server.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    55
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    56
#require_auth_for_profile_requests: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    57
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    58
# Uncomment to require a user to share a room with another user in order
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    59
# to retrieve their profile information. Only checked on Client-Server
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    60
# requests. Profile requests from other servers should be checked by the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    61
# requesting server. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    62
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    63
#limit_profile_requests_to_users_who_share_rooms: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    64
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    65
# If set to 'true', removes the need for authentication to access the server's
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    66
# public rooms directory through the client API, meaning that anyone can
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    67
# query the room directory. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    68
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    69
#allow_public_rooms_without_auth: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    70
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    71
# If set to 'true', allows any other homeserver to fetch the server's public
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    72
# rooms directory via federation. Defaults to 'false'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    73
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    74
#allow_public_rooms_over_federation: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    75
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    76
# The default room version for newly created rooms.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    77
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    78
# Known room versions are listed here:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    79
# https://matrix.org/docs/spec/#complete-list-of-room-versions
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    80
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    81
# For example, for room version 1, default_room_version should be set
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    82
# to "1".
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    83
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    84
#default_room_version: "5"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    85
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    86
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    87
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    88
#gc_thresholds: [700, 10, 10]
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    89
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    90
# Set the limit on the returned events in the timeline in the get
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    91
# and sync operations. The default value is -1, means no upper limit.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    92
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    93
#filter_timeline_limit: 5000
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    94
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    95
# Whether room invites to users on this server should be blocked
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    96
# (except those sent by local server admins). The default is False.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    97
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    98
#block_non_admin_invites: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
    99
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   100
# Room searching
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   101
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   102
# If disabled, new messages will not be indexed for searching and users
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   103
# will receive errors when searching for messages. Defaults to enabled.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   104
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   105
#enable_search: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   106
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   107
# Restrict federation to the following whitelist of domains.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   108
# N.B. we recommend also firewalling your federation listener to limit
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   109
# inbound federation traffic as early as possible, rather than relying
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   110
# purely on this application-layer restriction.  If not specified, the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   111
# default is to whitelist everything.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   112
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   113
#federation_domain_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   114
#  - lon.example.com
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   115
#  - nyc.example.com
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   116
#  - syd.example.com
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   117
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   118
# Prevent federation requests from being sent to the following
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   119
# blacklist IP address CIDR ranges. If this option is not specified, or
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   120
# specified with an empty list, no ip range blacklist will be enforced.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   121
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   122
# As of Synapse v1.4.0 this option also affects any outbound requests to identity
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   123
# servers provided by user input.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   124
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   125
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   126
# listed here, since they correspond to unroutable addresses.)
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   127
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   128
federation_ip_range_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   129
  - '127.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   130
  - '10.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   131
  - '172.16.0.0/12'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   132
  - '192.168.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   133
  - '100.64.0.0/10'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   134
  - '169.254.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   135
  - '::1/128'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   136
  - 'fe80::/64'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   137
  - 'fc00::/7'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   138
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   139
# List of ports that Synapse should listen on, their purpose and their
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   140
# configuration.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   141
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   142
# Options for each listener include:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   143
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   144
#   port: the TCP port to bind to
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   145
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   146
#   bind_addresses: a list of local addresses to listen on. The default is
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   147
#       'all local interfaces'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   148
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   149
#   type: the type of listener. Normally 'http', but other valid options are:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   150
#       'manhole' (see docs/manhole.md),
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   151
#       'metrics' (see docs/metrics-howto.md),
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   152
#       'replication' (see docs/workers.md).
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   153
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   154
#   tls: set to true to enable TLS for this listener. Will use the TLS
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   155
#       key/cert specified in tls_private_key_path / tls_certificate_path.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   156
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   157
#   x_forwarded: Only valid for an 'http' listener. Set to true to use the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   158
#       X-Forwarded-For header as the client IP. Useful when Synapse is
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   159
#       behind a reverse-proxy.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   160
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   161
#   resources: Only valid for an 'http' listener. A list of resources to host
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   162
#       on this port. Options for each resource are:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   163
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   164
#       names: a list of names of HTTP resources. See below for a list of
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   165
#           valid resource names.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   166
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   167
#       compress: set to true to enable HTTP comression for this resource.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   168
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   169
#   additional_resources: Only valid for an 'http' listener. A map of
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   170
#        additional endpoints which should be loaded via dynamic modules.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   171
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   172
# Valid resource names are:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   173
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   174
#   client: the client-server API (/_matrix/client), and the synapse admin
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   175
#       API (/_synapse/admin). Also implies 'media' and 'static'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   176
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   177
#   consent: user consent forms (/_matrix/consent). See
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   178
#       docs/consent_tracking.md.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   179
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   180
#   federation: the server-server API (/_matrix/federation). Also implies
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   181
#       'media', 'keys', 'openid'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   182
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   183
#   keys: the key discovery API (/_matrix/keys).
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   184
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   185
#   media: the media API (/_matrix/media).
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   186
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   187
#   metrics: the metrics interface. See docs/metrics-howto.md.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   188
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   189
#   openid: OpenID authentication.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   190
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   191
#   replication: the HTTP replication API (/_synapse/replication). See
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   192
#       docs/workers.md.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   193
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   194
#   static: static resources under synapse/static (/_matrix/static). (Mostly
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   195
#       useful for 'fallback authentication'.)
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   196
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   197
#   webclient: A web client. Requires web_client_location to be set.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   198
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   199
listeners:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   200
  # TLS-enabled listener: for when matrix traffic is sent directly to synapse.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   201
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   202
  # Disabled by default. To enable it, uncomment the following. (Note that you
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   203
  # will also need to give Synapse a TLS key and certificate: see the TLS section
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   204
  # below.)
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   205
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   206
  #- port: 8448
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   207
  #  type: http
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   208
  #  tls: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   209
  #  resources:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   210
  #    - names: [client, federation]
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   211
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   212
  # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   213
  # that unwraps TLS.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   214
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   215
  # If you plan to use a reverse proxy, please see
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   216
  # https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   217
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   218
  - port: 8008
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   219
    tls: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   220
    type: http
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   221
    x_forwarded: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   222
    bind_addresses: ['::1', '127.0.0.1']
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   223
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   224
    resources:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   225
      - names: [client, federation]
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   226
        compress: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   227
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   228
    # example additional_resources:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   229
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   230
    #additional_resources:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   231
    #  "/_matrix/my/custom/endpoint":
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   232
    #    module: my_module.CustomRequestHandler
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   233
    #    config: {}
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   234
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   235
  # Turn on the twisted ssh manhole service on localhost on the given
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   236
  # port.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   237
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   238
  #- port: 9000
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   239
  #  bind_addresses: ['::1', '127.0.0.1']
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   240
  #  type: manhole
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   241
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   242
# Forward extremities can build up in a room due to networking delays between
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   243
# homeservers. Once this happens in a large room, calculation of the state of
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   244
# that room can become quite expensive. To mitigate this, once the number of
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   245
# forward extremities reaches a given threshold, Synapse will send an
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   246
# org.matrix.dummy_event event, which will reduce the forward extremities
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   247
# in the room.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   248
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   249
# This setting defines the threshold (i.e. number of forward extremities in the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   250
# room) at which dummy events are sent. The default value is 10.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   251
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   252
#dummy_events_threshold: 5
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   253
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   254
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   255
## Homeserver blocking ##
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   256
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   257
# How to reach the server admin, used in ResourceLimitError
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   258
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   259
#admin_contact: 'mailto:[email protected]'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   260
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   261
# Global blocking
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   262
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   263
#hs_disabled: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   264
#hs_disabled_message: 'Human readable reason for why the HS is blocked'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   265
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   266
# Monthly Active User Blocking
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   267
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   268
# Used in cases where the admin or server owner wants to limit to the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   269
# number of monthly active users.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   270
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   271
# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   272
# anabled and a limit is reached the server returns a 'ResourceLimitError'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   273
# with error type Codes.RESOURCE_LIMIT_EXCEEDED
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   274
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   275
# 'max_mau_value' is the hard limit of monthly active users above which
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   276
# the server will start blocking user actions.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   277
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   278
# 'mau_trial_days' is a means to add a grace period for active users. It
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   279
# means that users must be active for this number of days before they
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   280
# can be considered active and guards against the case where lots of users
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   281
# sign up in a short space of time never to return after their initial
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   282
# session.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   283
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   284
# 'mau_limit_alerting' is a means of limiting client side alerting
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   285
# should the mau limit be reached. This is useful for small instances
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   286
# where the admin has 5 mau seats (say) for 5 specific people and no
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   287
# interest increasing the mau limit further. Defaults to True, which
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   288
# means that alerting is enabled
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   289
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   290
#limit_usage_by_mau: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   291
#max_mau_value: 50
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   292
#mau_trial_days: 2
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   293
#mau_limit_alerting: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   294
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   295
# If enabled, the metrics for the number of monthly active users will
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   296
# be populated, however no one will be limited. If limit_usage_by_mau
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   297
# is true, this is implied to be true.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   298
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   299
#mau_stats_only: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   300
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   301
# Sometimes the server admin will want to ensure certain accounts are
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   302
# never blocked by mau checking. These accounts are specified here.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   303
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   304
#mau_limit_reserved_threepids:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   305
#  - medium: 'email'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   306
#    address: '[email protected]'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   307
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   308
# Used by phonehome stats to group together related servers.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   309
#server_context: context
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   310
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   311
# Resource-constrained homeserver Settings
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   312
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   313
# If limit_remote_rooms.enabled is True, the room complexity will be
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   314
# checked before a user joins a new remote room. If it is above
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   315
# limit_remote_rooms.complexity, it will disallow joining or
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   316
# instantly leave.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   317
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   318
# limit_remote_rooms.complexity_error can be set to customise the text
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   319
# displayed to the user when a room above the complexity threshold has
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   320
# its join cancelled.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   321
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   322
# Uncomment the below lines to enable:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   323
#limit_remote_rooms:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   324
#  enabled: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   325
#  complexity: 1.0
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   326
#  complexity_error: "This room is too complex."
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   327
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   328
# Whether to require a user to be in the room to add an alias to it.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   329
# Defaults to 'true'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   330
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   331
#require_membership_for_aliases: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   332
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   333
# Whether to allow per-room membership profiles through the send of membership
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   334
# events with profile information that differ from the target's global profile.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   335
# Defaults to 'true'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   336
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   337
#allow_per_room_profiles: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   338
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   339
# How long to keep redacted events in unredacted form in the database. After
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   340
# this period redacted events get replaced with their redacted form in the DB.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   341
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   342
# Defaults to `7d`. Set to `null` to disable.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   343
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   344
#redaction_retention_period: 28d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   345
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   346
# How long to track users' last seen time and IPs in the database.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   347
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   348
# Defaults to `28d`. Set to `null` to disable clearing out of old rows.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   349
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   350
#user_ips_max_age: 14d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   351
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   352
# Message retention policy at the server level.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   353
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   354
# Room admins and mods can define a retention period for their rooms using the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   355
# 'm.room.retention' state event, and server admins can cap this period by setting
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   356
# the 'allowed_lifetime_min' and 'allowed_lifetime_max' config options.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   357
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   358
# If this feature is enabled, Synapse will regularly look for and purge events
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   359
# which are older than the room's maximum retention period. Synapse will also
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   360
# filter events received over federation so that events that should have been
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   361
# purged are ignored and not stored again.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   362
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   363
retention:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   364
  # The message retention policies feature is disabled by default. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   365
  # following line to enable it.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   366
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   367
  #enabled: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   368
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   369
  # Default retention policy. If set, Synapse will apply it to rooms that lack the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   370
  # 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   371
  # matter much because Synapse doesn't take it into account yet.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   372
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   373
  #default_policy:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   374
  #  min_lifetime: 1d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   375
  #  max_lifetime: 1y
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   376
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   377
  # Retention policy limits. If set, a user won't be able to send a
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   378
  # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   379
  # that's not within this range. This is especially useful in closed federations,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   380
  # in which server admins can make sure every federating server applies the same
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   381
  # rules.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   382
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   383
  #allowed_lifetime_min: 1d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   384
  #allowed_lifetime_max: 1y
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   385
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   386
  # Server admins can define the settings of the background jobs purging the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   387
  # events which lifetime has expired under the 'purge_jobs' section.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   388
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   389
  # If no configuration is provided, a single job will be set up to delete expired
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   390
  # events in every room daily.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   391
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   392
  # Each job's configuration defines which range of message lifetimes the job
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   393
  # takes care of. For example, if 'shortest_max_lifetime' is '2d' and
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   394
  # 'longest_max_lifetime' is '3d', the job will handle purging expired events in
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   395
  # rooms whose state defines a 'max_lifetime' that's both higher than 2 days, and
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   396
  # lower than or equal to 3 days. Both the minimum and the maximum value of a
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   397
  # range are optional, e.g. a job with no 'shortest_max_lifetime' and a
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   398
  # 'longest_max_lifetime' of '3d' will handle every room with a retention policy
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   399
  # which 'max_lifetime' is lower than or equal to three days.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   400
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   401
  # The rationale for this per-job configuration is that some rooms might have a
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   402
  # retention policy with a low 'max_lifetime', where history needs to be purged
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   403
  # of outdated messages on a more frequent basis than for the rest of the rooms
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   404
  # (e.g. every 12h), but not want that purge to be performed by a job that's
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   405
  # iterating over every room it knows, which could be heavy on the server.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   406
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   407
  #purge_jobs:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   408
  #  - shortest_max_lifetime: 1d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   409
  #    longest_max_lifetime: 3d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   410
  #    interval: 12h
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   411
  #  - shortest_max_lifetime: 3d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   412
  #    longest_max_lifetime: 1y
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   413
  #    interval: 1d
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   414
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   415
# Inhibits the /requestToken endpoints from returning an error that might leak
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   416
# information about whether an e-mail address is in use or not on this
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   417
# homeserver.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   418
# Note that for some endpoints the error situation is the e-mail already being
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   419
# used, and for others the error is entering the e-mail being unused.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   420
# If this option is enabled, instead of returning an error, these endpoints will
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   421
# act as if no error happened and return a fake session ID ('sid') to clients.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   422
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   423
#request_token_inhibit_3pid_errors: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   424
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   425
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   426
## TLS ##
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   427
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   428
# PEM-encoded X509 certificate for TLS.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   429
# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   430
# certificate, signed by a recognised Certificate Authority.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   431
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   432
# See 'ACME support' below to enable auto-provisioning this certificate via
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   433
# Let's Encrypt.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   434
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   435
# If supplying your own, be sure to use a `.pem` file that includes the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   436
# full certificate chain including any intermediate certificates (for
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   437
# instance, if using certbot, use `fullchain.pem` as your certificate,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   438
# not `cert.pem`).
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   439
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   440
#tls_certificate_path: "/home/lhoersten/nth.io.tls.crt"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   441
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   442
# PEM-encoded private key for TLS
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   443
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   444
#tls_private_key_path: "/home/lhoersten/nth.io.tls.key"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   445
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   446
# Whether to verify TLS server certificates for outbound federation requests.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   447
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   448
# Defaults to `true`. To disable certificate verification, uncomment the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   449
# following line.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   450
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   451
#federation_verify_certificates: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   452
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   453
# The minimum TLS version that will be used for outbound federation requests.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   454
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   455
# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   456
# that setting this value higher than `1.2` will prevent federation to most
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   457
# of the public Matrix network: only configure it to `1.3` if you have an
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   458
# entirely private federation setup and you can ensure TLS 1.3 support.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   459
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   460
#federation_client_minimum_tls_version: 1.2
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   461
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   462
# Skip federation certificate verification on the following whitelist
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   463
# of domains.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   464
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   465
# This setting should only be used in very specific cases, such as
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   466
# federation over Tor hidden services and similar. For private networks
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   467
# of homeservers, you likely want to use a private CA instead.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   468
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   469
# Only effective if federation_verify_certicates is `true`.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   470
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   471
#federation_certificate_verification_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   472
#  - lon.example.com
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   473
#  - *.domain.com
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   474
#  - *.onion
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   475
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   476
# List of custom certificate authorities for federation traffic.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   477
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   478
# This setting should only normally be used within a private network of
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   479
# homeservers.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   480
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   481
# Note that this list will replace those that are provided by your
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   482
# operating environment. Certificates must be in PEM format.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   483
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   484
#federation_custom_ca_list:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   485
#  - myCA1.pem
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   486
#  - myCA2.pem
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   487
#  - myCA3.pem
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   488
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   489
# ACME support: This will configure Synapse to request a valid TLS certificate
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   490
# for your configured `server_name` via Let's Encrypt.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   491
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   492
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   493
# ACME v2. This means that this feature currently won't work with installs set
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   494
# up after November 2019. For more info, and alternative solutions, see
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   495
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   496
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   497
# Note that provisioning a certificate in this way requires port 80 to be
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   498
# routed to Synapse so that it can complete the http-01 ACME challenge.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   499
# By default, if you enable ACME support, Synapse will attempt to listen on
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   500
# port 80 for incoming http-01 challenges - however, this will likely fail
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   501
# with 'Permission denied' or a similar error.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   502
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   503
# There are a couple of potential solutions to this:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   504
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   505
#  * If you already have an Apache, Nginx, or similar listening on port 80,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   506
#    you can configure Synapse to use an alternate port, and have your web
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   507
#    server forward the requests. For example, assuming you set 'port: 8009'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   508
#    below, on Apache, you would write:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   509
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   510
#    ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   511
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   512
#  * Alternatively, you can use something like `authbind` to give Synapse
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   513
#    permission to listen on port 80.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   514
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   515
acme:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   516
    # ACME support is disabled by default. Set this to `true` and uncomment
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   517
    # tls_certificate_path and tls_private_key_path above to enable it.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   518
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   519
    enabled: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   520
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   521
    # Endpoint to use to request certificates. If you only want to test,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   522
    # use Let's Encrypt's staging url:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   523
    #     https://acme-staging.api.letsencrypt.org/directory
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   524
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   525
    #url: https://acme-v01.api.letsencrypt.org/directory
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   526
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   527
    # Port number to listen on for the HTTP-01 challenge. Change this if
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   528
    # you are forwarding connections through Apache/Nginx/etc.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   529
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   530
    port: 80
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   531
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   532
    # Local addresses to listen on for incoming connections.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   533
    # Again, you may want to change this if you are forwarding connections
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   534
    # through Apache/Nginx/etc.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   535
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   536
    bind_addresses: ['::', '0.0.0.0']
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   537
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   538
    # How many days remaining on a certificate before it is renewed.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   539
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   540
    reprovision_threshold: 30
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   541
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   542
    # The domain that the certificate should be for. Normally this
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   543
    # should be the same as your Matrix domain (i.e., 'server_name'), but,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   544
    # by putting a file at 'https://<server_name>/.well-known/matrix/server',
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   545
    # you can delegate incoming traffic to another server. If you do that,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   546
    # you should give the target of the delegation here.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   547
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   548
    # For example: if your 'server_name' is 'example.com', but
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   549
    # 'https://example.com/.well-known/matrix/server' delegates to
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   550
    # 'matrix.example.com', you should put 'matrix.example.com' here.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   551
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   552
    # If not set, defaults to your 'server_name'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   553
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   554
    domain: matrix.example.com
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   555
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   556
    # file to use for the account key. This will be generated if it doesn't
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   557
    # exist.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   558
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   559
    # If unspecified, we will use CONFDIR/client.key.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   560
    #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   561
    account_key_file: /home/lhoersten/acme_account.key
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   562
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   563
# List of allowed TLS fingerprints for this server to publish along
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   564
# with the signing keys for this server. Other matrix servers that
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   565
# make HTTPS requests to this server will check that the TLS
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   566
# certificates returned by this server match one of the fingerprints.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   567
#
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   568
# Synapse automatically adds the fingerprint of its own certificate
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   569
# to the list. So if federation traffic is handled directly by synapse
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   570
# then no modification to the list is required.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   571
#
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   572
# If synapse is run behind a load balancer that handles the TLS then it
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   573
# will be necessary to add the fingerprints of the certificates used by
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   574
# the loadbalancers to this list if they are different to the one
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   575
# synapse is using.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   576
#
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   577
# Homeservers are permitted to cache the list of TLS fingerprints
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   578
# returned in the key responses up to the "valid_until_ts" returned in
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   579
# key. It may be necessary to publish the fingerprints of a new
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   580
# certificate and wait until the "valid_until_ts" of the previous key
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   581
# responses have passed before deploying it.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   582
#
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   583
# You can calculate a fingerprint from a given TLS listener via:
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   584
# openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   585
#   openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   586
# or by checking matrix.org/federationtester/api/report?server_name=$host
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   587
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   588
#tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   589
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   590
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   591
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   592
## Database ##
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   593
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   594
# The 'database' setting defines the database that synapse uses to store all of
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   595
# its data.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   596
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   597
# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   598
# 'psycopg2' (for PostgreSQL).
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   599
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   600
# 'args' gives options which are passed through to the database engine,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   601
# except for options starting 'cp_', which are used to configure the Twisted
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   602
# connection pool. For a reference to valid arguments, see:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   603
#   * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   604
#   * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   605
#   * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   606
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   607
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   608
# Example SQLite configuration:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   609
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   610
#database:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   611
#  name: sqlite3
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   612
#  args:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   613
#    database: /path/to/homeserver.db
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   614
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   615
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   616
# Example Postgres configuration:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   617
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   618
#database:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   619
#  name: psycopg2
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   620
#  args:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   621
#    user: synapse
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   622
#    password: secretpassword
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   623
#    database: synapse
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   624
#    host: localhost
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   625
#    cp_min: 5
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   626
#    cp_max: 10
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   627
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   628
# For more information on using Synapse with Postgres, see `docs/postgres.md`.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   629
#
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   630
database:
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   631
  name: sqlite3
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   632
  args:
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   633
    database: "{{matrix_synapse_db}}"
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   634
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   635
# Number of events to cache in memory.
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   636
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   637
#event_cache_size: 10K
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   638
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   639
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   640
## Logging ##
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   641
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   642
# A yaml python logging config file as described by
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   643
# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   644
#
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   645
log_config: "/etc/matrix-synapse/log.yaml"
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   646
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   647
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   648
## Ratelimiting ##
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   649
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   650
# Ratelimiting settings for client actions (registration, login, messaging).
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   651
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   652
# Each ratelimiting configuration is made of two parameters:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   653
#   - per_second: number of requests a client can send per second.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   654
#   - burst_count: number of requests a client can send before being throttled.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   655
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   656
# Synapse currently uses the following configurations:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   657
#   - one for messages that ratelimits sending based on the account the client
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   658
#     is using
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   659
#   - one for registration that ratelimits registration requests based on the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   660
#     client's IP address.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   661
#   - one for login that ratelimits login requests based on the client's IP
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   662
#     address.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   663
#   - one for login that ratelimits login requests based on the account the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   664
#     client is attempting to log into.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   665
#   - one for login that ratelimits login requests based on the account the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   666
#     client is attempting to log into, based on the amount of failed login
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   667
#     attempts for this account.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   668
#   - one for ratelimiting redactions by room admins. If this is not explicitly
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   669
#     set then it uses the same ratelimiting as per rc_message. This is useful
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   670
#     to allow room admins to deal with abuse quickly.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   671
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   672
# The defaults are as shown below.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   673
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   674
#rc_message:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   675
#  per_second: 0.2
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   676
#  burst_count: 10
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   677
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   678
#rc_registration:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   679
#  per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   680
#  burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   681
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   682
#rc_login:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   683
#  address:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   684
#    per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   685
#    burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   686
#  account:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   687
#    per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   688
#    burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   689
#  failed_attempts:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   690
#    per_second: 0.17
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   691
#    burst_count: 3
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   692
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   693
#rc_admin_redaction:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   694
#  per_second: 1
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   695
#  burst_count: 50
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   696
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   697
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   698
# Ratelimiting settings for incoming federation
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   699
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   700
# The rc_federation configuration is made up of the following settings:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   701
#   - window_size: window size in milliseconds
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   702
#   - sleep_limit: number of federation requests from a single server in
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   703
#     a window before the server will delay processing the request.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   704
#   - sleep_delay: duration in milliseconds to delay processing events
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   705
#     from remote servers by if they go over the sleep limit.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   706
#   - reject_limit: maximum number of concurrent federation requests
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   707
#     allowed from a single server
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   708
#   - concurrent: number of federation requests to concurrently process
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   709
#     from a single server
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   710
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   711
# The defaults are as shown below.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   712
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   713
#rc_federation:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   714
#  window_size: 1000
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   715
#  sleep_limit: 10
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   716
#  sleep_delay: 500
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   717
#  reject_limit: 50
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   718
#  concurrent: 3
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   719
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   720
# Target outgoing federation transaction frequency for sending read-receipts,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   721
# per-room.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   722
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   723
# If we end up trying to send out more read-receipts, they will get buffered up
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   724
# into fewer transactions.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   725
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   726
#federation_rr_transactions_per_room_per_second: 50
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   727
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   728
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   729
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   730
## Media Store ##
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   731
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   732
# Enable the media store service in the Synapse master. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   733
# following if you are using a separate media store worker.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   734
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   735
#enable_media_repo: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   736
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   737
# Directory where uploaded images and attachments are stored.
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   738
#
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   739
media_store_path: "{{matrix_synapse_media_store}}"
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   740
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   741
# Media storage providers allow media to be stored in different
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   742
# locations.
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   743
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   744
#media_storage_providers:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   745
#  - module: file_system
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   746
#    # Whether to store newly uploaded local files
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   747
#    store_local: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   748
#    # Whether to store newly downloaded remote files
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   749
#    store_remote: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   750
#    # Whether to wait for successful storage for local uploads
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   751
#    store_synchronous: false
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   752
#    config:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   753
#       directory: /mnt/some/other/directory
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   754
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   755
# The largest allowed upload size in bytes
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   756
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   757
#max_upload_size: 10M
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   758
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   759
# Maximum number of pixels that will be thumbnailed
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   760
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   761
#max_image_pixels: 32M
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   762
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   763
# Whether to generate new thumbnails on the fly to precisely match
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   764
# the resolution requested by the client. If true then whenever
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   765
# a new resolution is requested by the client the server will
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   766
# generate a new thumbnail. If false the server will pick a thumbnail
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   767
# from a precalculated list.
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   768
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   769
#dynamic_thumbnails: false
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   770
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   771
# List of thumbnails to precalculate when an image is uploaded.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   772
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   773
#thumbnail_sizes:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   774
#  - width: 32
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   775
#    height: 32
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   776
#    method: crop
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   777
#  - width: 96
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   778
#    height: 96
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   779
#    method: crop
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   780
#  - width: 320
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   781
#    height: 240
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   782
#    method: scale
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   783
#  - width: 640
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   784
#    height: 480
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   785
#    method: scale
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   786
#  - width: 800
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   787
#    height: 600
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   788
#    method: scale
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   789
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   790
# Is the preview URL API enabled?
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   791
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   792
# 'false' by default: uncomment the following to enable it (and specify a
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   793
# url_preview_ip_range_blacklist blacklist).
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   794
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   795
#url_preview_enabled: true
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   796
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   797
# List of IP address CIDR ranges that the URL preview spider is denied
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   798
# from accessing.  There are no defaults: you must explicitly
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   799
# specify a list for URL previewing to work.  You should specify any
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   800
# internal services in your network that you do not want synapse to try
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   801
# to connect to, otherwise anyone in any Matrix room could cause your
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   802
# synapse to issue arbitrary GET requests to your internal services,
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   803
# causing serious security issues.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   804
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   805
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   806
# listed here, since they correspond to unroutable addresses.)
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   807
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   808
# This must be specified if url_preview_enabled is set. It is recommended that
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   809
# you uncomment the following list as a starting point.
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   810
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   811
#url_preview_ip_range_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   812
#  - '127.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   813
#  - '10.0.0.0/8'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   814
#  - '172.16.0.0/12'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   815
#  - '192.168.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   816
#  - '100.64.0.0/10'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   817
#  - '169.254.0.0/16'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   818
#  - '::1/128'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   819
#  - 'fe80::/64'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   820
#  - 'fc00::/7'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   821
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   822
# List of IP address CIDR ranges that the URL preview spider is allowed
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   823
# to access even if they are specified in url_preview_ip_range_blacklist.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   824
# This is useful for specifying exceptions to wide-ranging blacklisted
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   825
# target IP ranges - e.g. for enabling URL previews for a specific private
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   826
# website only visible in your network.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   827
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   828
#url_preview_ip_range_whitelist:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   829
#   - '192.168.1.1'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   830
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   831
# Optional list of URL matches that the URL preview spider is
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   832
# denied from accessing.  You should use url_preview_ip_range_blacklist
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   833
# in preference to this, otherwise someone could define a public DNS
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   834
# entry that points to a private IP address and circumvent the blacklist.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   835
# This is more useful if you know there is an entire shape of URL that
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   836
# you know that will never want synapse to try to spider.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   837
#
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   838
# Each list entry is a dictionary of url component attributes as returned
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   839
# by urlparse.urlsplit as applied to the absolute form of the URL.  See
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   840
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   841
# The values of the dictionary are treated as an filename match pattern
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   842
# applied to that component of URLs, unless they start with a ^ in which
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   843
# case they are treated as a regular expression match.  If all the
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   844
# specified component matches for a given list item succeed, the URL is
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   845
# blacklisted.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   846
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   847
#url_preview_url_blacklist:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   848
#  # blacklist any URL with a username in its URI
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   849
#  - username: '*'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   850
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   851
#  # blacklist all *.google.com URLs
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   852
#  - netloc: 'google.com'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   853
#  - netloc: '*.google.com'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   854
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   855
#  # blacklist all plain HTTP URLs
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   856
#  - scheme: 'http'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   857
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   858
#  # blacklist http(s)://www.acme.com/foo
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   859
#  - netloc: 'www.acme.com'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   860
#    path: '/foo'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   861
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   862
#  # blacklist any URL with a literal IPv4 address
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   863
#  - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   864
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   865
# The largest allowed URL preview spidering size in bytes
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   866
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   867
#max_spider_size: 10M
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   868
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   869
# A list of values for the Accept-Language HTTP header used when
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   870
# downloading webpages during URL preview generation. This allows
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   871
# Synapse to specify the preferred languages that URL previews should
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   872
# be in when communicating with remote servers.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   873
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   874
# Each value is a IETF language tag; a 2-3 letter identifier for a
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   875
# language, optionally followed by subtags separated by '-', specifying
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   876
# a country or region variant.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   877
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   878
# Multiple values can be provided, and a weight can be added to each by
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   879
# using quality value syntax (;q=). '*' translates to any language.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   880
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   881
# Defaults to "en".
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   882
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   883
# Example:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   884
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   885
# url_preview_accept_language:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   886
#   - en-UK
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   887
#   - en-US;q=0.9
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   888
#   - fr;q=0.8
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   889
#   - *;q=0.7
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   890
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   891
url_preview_accept_language:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   892
#   - en
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   893
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   894
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   895
## Captcha ##
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   896
# See docs/CAPTCHA_SETUP for full details of configuring this.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   897
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   898
# This homeserver's ReCAPTCHA public key.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   899
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   900
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   901
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   902
# This homeserver's ReCAPTCHA private key.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   903
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   904
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   905
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   906
# Enables ReCaptcha checks when registering, preventing signup
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   907
# unless a captcha is answered. Requires a valid ReCaptcha
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   908
# public/private key.
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   909
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   910
#enable_registration_captcha: false
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   911
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   912
# The API endpoint to use for verifying m.login.recaptcha responses.
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   913
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   914
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   915
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   916
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   917
## TURN ##
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   918
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   919
# The public URIs of the TURN server to give to clients
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   920
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   921
#turn_uris: []
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   922
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   923
# The shared secret used to compute passwords for the TURN server
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   924
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   925
#turn_shared_secret: "YOUR_SHARED_SECRET"
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   926
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   927
# The Username and password if the TURN server needs them and
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   928
# does not use a token
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   929
#
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   930
#turn_username: "TURNSERVER_USERNAME"
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   931
#turn_password: "TURNSERVER_PASSWORD"
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   932
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   933
# How long generated TURN credentials last
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   934
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   935
#turn_user_lifetime: 1h
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   936
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   937
# Whether guests should be allowed to use the TURN server.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   938
# This defaults to True, otherwise VoIP will be unreliable for guests.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   939
# However, it does introduce a slight security risk as it allows users to
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   940
# connect to arbitrary endpoints without having first signed up for a
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   941
# valid account (e.g. by passing a CAPTCHA).
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   942
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   943
#turn_allow_guests: true
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   944
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   945
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   946
## Registration ##
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   947
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   948
# Registration can be rate-limited using the parameters in the "Ratelimiting"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   949
# section of this file.
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   950
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   951
# Enable registration for new users.
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   952
#
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   953
enable_registration: {{matrix_synapse_enable_registrations}}
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
   954
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   955
# Optional account validity configuration. This allows for accounts to be denied
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   956
# any request after a given period.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   957
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   958
# Once this feature is enabled, Synapse will look for registered users without an
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   959
# expiration date at startup and will add one to every account it found using the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   960
# current settings at that time.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   961
# This means that, if a validity period is set, and Synapse is restarted (it will
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   962
# then derive an expiration date from the current validity period), and some time
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   963
# after that the validity period changes and Synapse is restarted, the users'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   964
# expiration dates won't be updated unless their account is manually renewed. This
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   965
# date will be randomly selected within a range [now + period - d ; now + period],
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   966
# where d is equal to 10% of the validity period.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   967
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   968
account_validity:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   969
  # The account validity feature is disabled by default. Uncomment the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   970
  # following line to enable it.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   971
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   972
  #enabled: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   973
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   974
  # The period after which an account is valid after its registration. When
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   975
  # renewing the account, its validity period will be extended by this amount
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   976
  # of time. This parameter is required when using the account validity
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   977
  # feature.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   978
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   979
  #period: 6w
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   980
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   981
  # The amount of time before an account's expiry date at which Synapse will
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   982
  # send an email to the account's email address with a renewal link. By
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   983
  # default, no such emails are sent.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   984
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   985
  # If you enable this setting, you will also need to fill out the 'email' and
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   986
  # 'public_baseurl' configuration sections.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   987
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   988
  #renew_at: 1w
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   989
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   990
  # The subject of the email sent out with the renewal link. '%(app)s' can be
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   991
  # used as a placeholder for the 'app_name' parameter from the 'email'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   992
  # section.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   993
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   994
  # Note that the placeholder must be written '%(app)s', including the
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   995
  # trailing 's'.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   996
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   997
  # If this is not set, a default value is used.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   998
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
   999
  #renew_email_subject: "Renew your %(app)s account"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1000
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1001
  # Directory in which Synapse will try to find templates for the HTML files to
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1002
  # serve to the user when trying to renew an account. If not set, default
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1003
  # templates from within the Synapse package will be used.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1004
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1005
  #template_dir: "res/templates"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1006
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1007
  # File within 'template_dir' giving the HTML to be displayed to the user after
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1008
  # they successfully renewed their account. If not set, default text is used.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1009
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1010
  #account_renewed_html_path: "account_renewed.html"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1011
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1012
  # File within 'template_dir' giving the HTML to be displayed when the user
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1013
  # tries to renew an account with an invalid renewal token. If not set,
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1014
  # default text is used.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1015
  #
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1016
  #invalid_token_html_path: "invalid_token.html"
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1017
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1018
# Time that a user's session remains valid for, after they log in.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1019
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1020
# Note that this is not currently compatible with guest logins.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1021
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1022
# Note also that this is calculated at login time: changes are not applied
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1023
# retrospectively to users who have already logged in.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1024
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1025
# By default, this is infinite.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1026
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1027
#session_lifetime: 24h
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1028
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1029
# The user must provide all of the below types of 3PID when registering.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1030
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1031
#registrations_require_3pid:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1032
#  - email
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1033
#  - msisdn
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1034
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1035
# Explicitly disable asking for MSISDNs from the registration
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1036
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1037
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1038
#disable_msisdn_registration: true
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1039
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1040
# Mandate that users are only allowed to associate certain formats of
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1041
# 3PIDs with accounts on this server.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1042
#
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1043
#allowed_local_3pids:
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1044
#  - medium: email
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1045
#    pattern: '.*@matrix\.org'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1046
#  - medium: email
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1047
#    pattern: '.*@vector\.im'
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1048
#  - medium: msisdn
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1049
#    pattern: '\+44'
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1050
37
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1051
# Enable 3PIDs lookup requests to identity servers from this server.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1052
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1053
#enable_3pid_lookup: true
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1054
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1055
# If set, allows registration of standard or admin accounts by anyone who
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1056
# has the shared secret, even if registration is otherwise disabled.
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1057
#
2ef98b7b40d4 Updated to buster-backports matrix.
Luke Hoersten <luke@hoersten.org>
parents: 36
diff changeset
  1058
registration_shared_secret: "UgG6FB~1cV1Z5:v+_6m*1tE4m143m6xM*fiBp:T+ZhF+sNdeH*"
36
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1059
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1060
# Set the number of bcrypt rounds used to generate password hash.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1061
# Larger numbers increase the work factor needed to generate the hash.
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1062
# The default number is 12 (which equates to 2^12 rounds).
a8627367c7be Add matrix synapse server role.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
  1063
# N.B. that increasing this will exponentially increase the time required
a8627367c7be Add matrix synapse server