matrix-synapse/templates/homeserver.yaml.j2
changeset 36 a8627367c7be
child 37 2ef98b7b40d4
equal deleted inserted replaced
35:87e0c39ac37d 36:a8627367c7be
       
     1 # vim:ft=yaml
       
     2 # PEM encoded X509 certificate for TLS.
       
     3 # You can replace the self-signed certificate that synapse
       
     4 # autogenerates on launch with your own SSL certificate + key pair
       
     5 # if you like.  Any required intermediary certificates can be
       
     6 # appended after the primary certificate in hierarchical order.
       
     7 tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
       
     8 
       
     9 # PEM encoded private key for TLS
       
    10 tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
       
    11 
       
    12 # PEM dh parameters for ephemeral keys
       
    13 tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
       
    14 
       
    15 # Don't bind to the https port
       
    16 no_tls: True
       
    17 
       
    18 # List of allowed TLS fingerprints for this server to publish along
       
    19 # with the signing keys for this server. Other matrix servers that
       
    20 # make HTTPS requests to this server will check that the TLS
       
    21 # certificates returned by this server match one of the fingerprints.
       
    22 #
       
    23 # Synapse automatically adds the fingerprint of its own certificate
       
    24 # to the list. So if federation traffic is handled directly by synapse
       
    25 # then no modification to the list is required.
       
    26 #
       
    27 # If synapse is run behind a load balancer that handles the TLS then it
       
    28 # will be necessary to add the fingerprints of the certificates used by
       
    29 # the loadbalancers to this list if they are different to the one
       
    30 # synapse is using.
       
    31 #
       
    32 # Homeservers are permitted to cache the list of TLS fingerprints
       
    33 # returned in the key responses up to the "valid_until_ts" returned in
       
    34 # key. It may be necessary to publish the fingerprints of a new
       
    35 # certificate and wait until the "valid_until_ts" of the previous key
       
    36 # responses have passed before deploying it.
       
    37 #
       
    38 # You can calculate a fingerprint from a given TLS listener via:
       
    39 # openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
       
    40 #   openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
       
    41 # or by checking matrix.org/federationtester/api/report?server_name=$host
       
    42 #
       
    43 tls_fingerprints: []
       
    44 # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
       
    45 
       
    46 
       
    47 ## Server ##
       
    48 
       
    49 # When running as a daemon, the file to store the pid in
       
    50 pid_file: "/var/run/matrix-synapse.pid"
       
    51 
       
    52 # CPU affinity mask. Setting this restricts the CPUs on which the
       
    53 # process will be scheduled. It is represented as a bitmask, with the
       
    54 # lowest order bit corresponding to the first logical CPU and the
       
    55 # highest order bit corresponding to the last logical CPU. Not all CPUs
       
    56 # may exist on a given system but a mask may specify more CPUs than are
       
    57 # present.
       
    58 #
       
    59 # For example:
       
    60 #    0x00000001  is processor #0,
       
    61 #    0x00000003  is processors #0 and #1,
       
    62 #    0xFFFFFFFF  is all processors (#0 through #31).
       
    63 #
       
    64 # Pinning a Python process to a single CPU is desirable, because Python
       
    65 # is inherently single-threaded due to the GIL, and can suffer a
       
    66 # 30-40% slowdown due to cache blow-out and thread context switching
       
    67 # if the scheduler happens to schedule the underlying threads across
       
    68 # different cores. See
       
    69 # https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/.
       
    70 #
       
    71 # cpu_affinity: 0xFFFFFFFF
       
    72 
       
    73 # The path to the web client which will be served at /_matrix/client/
       
    74 # if 'webclient' is configured under the 'listeners' configuration.
       
    75 #
       
    76 # web_client_location: "/path/to/web/root"
       
    77 
       
    78 # The public-facing base URL for the client API (not including _matrix/...)
       
    79 # public_baseurl: https://example.com:8448/
       
    80 
       
    81 # Set the soft limit on the number of file descriptors synapse can use
       
    82 # Zero is used to indicate synapse should set the soft limit to the
       
    83 # hard limit.
       
    84 soft_file_limit: 0
       
    85 
       
    86 # The GC threshold parameters to pass to `gc.set_threshold`, if defined
       
    87 # gc_thresholds: [700, 10, 10]
       
    88 
       
    89 # Set the limit on the returned events in the timeline in the get
       
    90 # and sync operations. The default value is -1, means no upper limit.
       
    91 # filter_timeline_limit: 5000
       
    92 
       
    93 # Whether room invites to users on this server should be blocked
       
    94 # (except those sent by local server admins). The default is False.
       
    95 # block_non_admin_invites: True
       
    96 
       
    97 # Restrict federation to the following whitelist of domains.
       
    98 # N.B. we recommend also firewalling your federation listener to limit
       
    99 # inbound federation traffic as early as possible, rather than relying
       
   100 # purely on this application-layer restriction.  If not specified, the
       
   101 # default is to whitelist everything.
       
   102 #
       
   103 # federation_domain_whitelist:
       
   104 #  - lon.example.com
       
   105 #  - nyc.example.com
       
   106 #  - syd.example.com
       
   107 
       
   108 # List of ports that Synapse should listen on, their purpose and their
       
   109 # configuration.
       
   110 listeners:
       
   111   # Main HTTPS listener
       
   112   # For when matrix traffic is sent directly to synapse.
       
   113   # -
       
   114   #   # The port to listen for HTTPS requests on.
       
   115   #   port: 8448
       
   116 
       
   117   #   # Local addresses to listen on.
       
   118   #   # On Linux and Mac OS, `::` will listen on all IPv4 and IPv6
       
   119   #   # addresses by default. For most other OSes, this will only listen
       
   120   #   # on IPv6.
       
   121   #   bind_addresses:
       
   122   #     - '::1'
       
   123   #     - '127.0.0.1'
       
   124   #     # - '::'
       
   125   #     # - '0.0.0.0'
       
   126 
       
   127   #   # This is a 'http' listener, allows us to specify 'resources'.
       
   128   #   type: http
       
   129 
       
   130   #   tls: true
       
   131 
       
   132   #   # Use the X-Forwarded-For (XFF) header as the client IP and not the
       
   133   #   # actual client IP.
       
   134   #   x_forwarded: false
       
   135 
       
   136   #   # List of HTTP resources to serve on this listener.
       
   137   #   resources:
       
   138   #     -
       
   139   #       # List of resources to host on this listener.
       
   140   #       names:
       
   141   #         - client     # The client-server APIs, both v1 and v2
       
   142 
       
   143   #       # Should synapse compress HTTP responses to clients that support it?
       
   144   #       # This should be disabled if running synapse behind a load balancer
       
   145   #       # that can do automatic compression.
       
   146   #       compress: true
       
   147 
       
   148   #     - names: [federation]  # Federation APIs
       
   149   #       compress: false
       
   150 
       
   151   #   # optional list of additional endpoints which can be loaded via
       
   152   #   # dynamic modules
       
   153   #   # additional_resources:
       
   154   #   #   "/_matrix/my/custom/endpoint":
       
   155   #   #     module: my_module.CustomRequestHandler
       
   156   #   #     config: {}
       
   157 
       
   158   # Unsecure HTTP listener,
       
   159   # For when matrix traffic passes through loadbalancer that unwraps TLS.
       
   160   - port: 8008
       
   161     tls: false
       
   162     bind_addresses:
       
   163       - '::1'
       
   164       - '127.0.0.1'
       
   165       # - '::'
       
   166       # - '0.0.0.0'
       
   167     type: http
       
   168 
       
   169     x_forwarded: true
       
   170 
       
   171     resources:
       
   172       - names: [client]
       
   173         compress: true
       
   174       - names: [federation]
       
   175         compress: false
       
   176 
       
   177   # Turn on the twisted ssh manhole service on localhost on the given
       
   178   # port.
       
   179   # - port: 9000
       
   180   #   bind_addresses:
       
   181   #     - '::1'
       
   182   #     - '127.0.0.1'
       
   183   #   type: manhole
       
   184 
       
   185 
       
   186 # Database configuration
       
   187 database:
       
   188   # The database engine name
       
   189   name: "sqlite3"
       
   190   # Arguments to pass to the engine
       
   191   args:
       
   192     # Path to the database
       
   193     database: "{{matrix_synapse_db}}"
       
   194 
       
   195 # Number of events to cache in memory.
       
   196 event_cache_size: "10K"
       
   197 
       
   198 
       
   199 # A yaml python logging config file
       
   200 log_config: "/etc/matrix-synapse/log.yaml"
       
   201 
       
   202 
       
   203 
       
   204 ## Ratelimiting ##
       
   205 
       
   206 # Number of messages a client can send per second
       
   207 rc_messages_per_second: 0.2
       
   208 
       
   209 # Number of message a client can send before being throttled
       
   210 rc_message_burst_count: 10.0
       
   211 
       
   212 # The federation window size in milliseconds
       
   213 federation_rc_window_size: 1000
       
   214 
       
   215 # The number of federation requests from a single server in a window
       
   216 # before the server will delay processing the request.
       
   217 federation_rc_sleep_limit: 10
       
   218 
       
   219 # The duration in milliseconds to delay processing events from
       
   220 # remote servers by if they go over the sleep limit.
       
   221 federation_rc_sleep_delay: 500
       
   222 
       
   223 # The maximum number of concurrent federation requests allowed
       
   224 # from a single server
       
   225 federation_rc_reject_limit: 50
       
   226 
       
   227 # The number of federation requests to concurrently process from a
       
   228 # single server
       
   229 federation_rc_concurrent: 3
       
   230 
       
   231 
       
   232 
       
   233 # Directory where uploaded images and attachments are stored.
       
   234 media_store_path: "{{matrix_synapse_media_store}}"
       
   235 
       
   236 # Media storage providers allow media to be stored in different
       
   237 # locations.
       
   238 # media_storage_providers:
       
   239 # - module: file_system
       
   240 #   # Whether to write new local files.
       
   241 #   store_local: false
       
   242 #   # Whether to write new remote media
       
   243 #   store_remote: false
       
   244 #   # Whether to block upload requests waiting for write to this
       
   245 #   # provider to complete
       
   246 #   store_synchronous: false
       
   247 #   config:
       
   248 #     directory: /mnt/some/other/directory
       
   249 
       
   250 # Directory where in-progress uploads are stored.
       
   251 uploads_path: "{{matrix_synapse_uploads}}"
       
   252 
       
   253 # The largest allowed upload size in bytes
       
   254 max_upload_size: "10M"
       
   255 
       
   256 # Maximum number of pixels that will be thumbnailed
       
   257 max_image_pixels: "32M"
       
   258 
       
   259 # Whether to generate new thumbnails on the fly to precisely match
       
   260 # the resolution requested by the client. If true then whenever
       
   261 # a new resolution is requested by the client the server will
       
   262 # generate a new thumbnail. If false the server will pick a thumbnail
       
   263 # from a precalculated list.
       
   264 dynamic_thumbnails: false
       
   265 
       
   266 # List of thumbnail to precalculate when an image is uploaded.
       
   267 thumbnail_sizes:
       
   268 - width: 32
       
   269   height: 32
       
   270   method: crop
       
   271 - width: 96
       
   272   height: 96
       
   273   method: crop
       
   274 - width: 320
       
   275   height: 240
       
   276   method: scale
       
   277 - width: 640
       
   278   height: 480
       
   279   method: scale
       
   280 - width: 800
       
   281   height: 600
       
   282   method: scale
       
   283 
       
   284 # Is the preview URL API enabled?  If enabled, you *must* specify
       
   285 # an explicit url_preview_ip_range_blacklist of IPs that the spider is
       
   286 # denied from accessing.
       
   287 url_preview_enabled: False
       
   288 
       
   289 # List of IP address CIDR ranges that the URL preview spider is denied
       
   290 # from accessing.  There are no defaults: you must explicitly
       
   291 # specify a list for URL previewing to work.  You should specify any
       
   292 # internal services in your network that you do not want synapse to try
       
   293 # to connect to, otherwise anyone in any Matrix room could cause your
       
   294 # synapse to issue arbitrary GET requests to your internal services,
       
   295 # causing serious security issues.
       
   296 #
       
   297 # url_preview_ip_range_blacklist:
       
   298 # - '127.0.0.0/8'
       
   299 # - '10.0.0.0/8'
       
   300 # - '172.16.0.0/12'
       
   301 # - '192.168.0.0/16'
       
   302 # - '100.64.0.0/10'
       
   303 # - '169.254.0.0/16'
       
   304 #
       
   305 # List of IP address CIDR ranges that the URL preview spider is allowed
       
   306 # to access even if they are specified in url_preview_ip_range_blacklist.
       
   307 # This is useful for specifying exceptions to wide-ranging blacklisted
       
   308 # target IP ranges - e.g. for enabling URL previews for a specific private
       
   309 # website only visible in your network.
       
   310 #
       
   311 # url_preview_ip_range_whitelist:
       
   312 # - '192.168.1.1'
       
   313 
       
   314 # Optional list of URL matches that the URL preview spider is
       
   315 # denied from accessing.  You should use url_preview_ip_range_blacklist
       
   316 # in preference to this, otherwise someone could define a public DNS
       
   317 # entry that points to a private IP address and circumvent the blacklist.
       
   318 # This is more useful if you know there is an entire shape of URL that
       
   319 # you know that will never want synapse to try to spider.
       
   320 #
       
   321 # Each list entry is a dictionary of url component attributes as returned
       
   322 # by urlparse.urlsplit as applied to the absolute form of the URL.  See
       
   323 # https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
       
   324 # The values of the dictionary are treated as an filename match pattern
       
   325 # applied to that component of URLs, unless they start with a ^ in which
       
   326 # case they are treated as a regular expression match.  If all the
       
   327 # specified component matches for a given list item succeed, the URL is
       
   328 # blacklisted.
       
   329 #
       
   330 # url_preview_url_blacklist:
       
   331 # # blacklist any URL with a username in its URI
       
   332 # - username: '*'
       
   333 #
       
   334 # # blacklist all *.google.com URLs
       
   335 # - netloc: 'google.com'
       
   336 # - netloc: '*.google.com'
       
   337 #
       
   338 # # blacklist all plain HTTP URLs
       
   339 # - scheme: 'http'
       
   340 #
       
   341 # # blacklist http(s)://www.acme.com/foo
       
   342 # - netloc: 'www.acme.com'
       
   343 #   path: '/foo'
       
   344 #
       
   345 # # blacklist any URL with a literal IPv4 address
       
   346 # - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
       
   347 
       
   348 # The largest allowed URL preview spidering size in bytes
       
   349 max_spider_size: "10M"
       
   350 
       
   351 
       
   352 
       
   353 
       
   354 ## Captcha ##
       
   355 # See docs/CAPTCHA_SETUP for full details of configuring this.
       
   356 
       
   357 # This Home Server's ReCAPTCHA public key.
       
   358 recaptcha_public_key: "YOUR_PUBLIC_KEY"
       
   359 
       
   360 # This Home Server's ReCAPTCHA private key.
       
   361 recaptcha_private_key: "YOUR_PRIVATE_KEY"
       
   362 
       
   363 # Enables ReCaptcha checks when registering, preventing signup
       
   364 # unless a captcha is answered. Requires a valid ReCaptcha
       
   365 # public/private key.
       
   366 enable_registration_captcha: False
       
   367 
       
   368 # A secret key used to bypass the captcha test entirely.
       
   369 #captcha_bypass_secret: "YOUR_SECRET_HERE"
       
   370 
       
   371 # The API endpoint to use for verifying m.login.recaptcha responses.
       
   372 recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
       
   373 
       
   374 
       
   375 ## Turn ##
       
   376 
       
   377 # The public URIs of the TURN server to give to clients
       
   378 turn_uris: []
       
   379 
       
   380 # The shared secret used to compute passwords for the TURN server
       
   381 turn_shared_secret: "YOUR_SHARED_SECRET"
       
   382 
       
   383 # The Username and password if the TURN server needs them and
       
   384 # does not use a token
       
   385 #turn_username: "TURNSERVER_USERNAME"
       
   386 #turn_password: "TURNSERVER_PASSWORD"
       
   387 
       
   388 # How long generated TURN credentials last
       
   389 turn_user_lifetime: "1h"
       
   390 
       
   391 # Whether guests should be allowed to use the TURN server.
       
   392 # This defaults to True, otherwise VoIP will be unreliable for guests.
       
   393 # However, it does introduce a slight security risk as it allows users to
       
   394 # connect to arbitrary endpoints without having first signed up for a
       
   395 # valid account (e.g. by passing a CAPTCHA).
       
   396 turn_allow_guests: False
       
   397 
       
   398 
       
   399 ## Registration ##
       
   400 
       
   401 # Enable registration for new users.
       
   402 enable_registration: {{matrix_synapse_enable_registrations}}
       
   403 
       
   404 # The user must provide all of the below types of 3PID when registering.
       
   405 #
       
   406 # registrations_require_3pid:
       
   407 #     - email
       
   408 #     - msisdn
       
   409 
       
   410 # Mandate that users are only allowed to associate certain formats of
       
   411 # 3PIDs with accounts on this server.
       
   412 #
       
   413 # allowed_local_3pids:
       
   414 #     - medium: email
       
   415 #       pattern: ".*@matrix\.org"
       
   416 #     - medium: email
       
   417 #       pattern: ".*@vector\.im"
       
   418 #     - medium: msisdn
       
   419 #       pattern: "\+44"
       
   420 
       
   421 # If set, allows registration by anyone who also has the shared
       
   422 # secret, even if registration is otherwise disabled.
       
   423 # registration_shared_secret: <PRIVATE STRING>
       
   424 
       
   425 # Set the number of bcrypt rounds used to generate password hash.
       
   426 # Larger numbers increase the work factor needed to generate the hash.
       
   427 # The default number is 12 (which equates to 2^12 rounds).
       
   428 # N.B. that increasing this will exponentially increase the time required
       
   429 # to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
       
   430 bcrypt_rounds: 12
       
   431 
       
   432 # Allows users to register as guests without a password/email/etc, and
       
   433 # participate in rooms hosted on this server which have been made
       
   434 # accessible to anonymous users.
       
   435 allow_guest_access: False
       
   436 
       
   437 # The list of identity servers trusted to verify third party
       
   438 # identifiers by this server.
       
   439 trusted_third_party_id_servers:
       
   440     - matrix.org
       
   441     - vector.im
       
   442     - riot.im
       
   443 
       
   444 # Users who register on this homeserver will automatically be joined
       
   445 # to these rooms
       
   446 #auto_join_rooms:
       
   447 #    - "#example:example.com"
       
   448 
       
   449 
       
   450 ## Metrics ###
       
   451 
       
   452 # Enable collection and rendering of performance metrics
       
   453 enable_metrics: False
       
   454 
       
   455 ## API Configuration ##
       
   456 
       
   457 # A list of event types that will be included in the room_invite_state
       
   458 room_invite_state_types:
       
   459     - "m.room.join_rules"
       
   460     - "m.room.canonical_alias"
       
   461     - "m.room.avatar"
       
   462     - "m.room.name"
       
   463 
       
   464 
       
   465 # A list of application service config file to use
       
   466 app_service_config_files: []
       
   467 
       
   468 
       
   469 # macaroon_secret_key: <PRIVATE STRING>
       
   470 
       
   471 # Used to enable access token expiration.
       
   472 expire_access_token: False
       
   473 
       
   474 ## Signing Keys ##
       
   475 
       
   476 # Path to the signing key to sign messages with
       
   477 signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
       
   478 
       
   479 # The keys that the server used to sign messages with but won't use
       
   480 # to sign new messages. E.g. it has lost its private key
       
   481 old_signing_keys: {}
       
   482 #  "ed25519:auto":
       
   483 #    # Base64 encoded public key
       
   484 #    key: "The public part of your old signing key."
       
   485 #    # Millisecond POSIX timestamp when the key expired.
       
   486 #    expired_ts: 123456789123
       
   487 
       
   488 # How long key response published by this server is valid for.
       
   489 # Used to set the valid_until_ts in /key/v2 APIs.
       
   490 # Determines how quickly servers will query to check which keys
       
   491 # are still valid.
       
   492 key_refresh_interval: "1d" # 1 Day.
       
   493 
       
   494 # The trusted servers to download signing keys from.
       
   495 perspectives:
       
   496   servers:
       
   497     "matrix.org":
       
   498       verify_keys:
       
   499         "ed25519:auto":
       
   500           key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
       
   501 
       
   502 
       
   503 
       
   504 # Enable SAML2 for registration and login. Uses pysaml2
       
   505 # config_path:      Path to the sp_conf.py configuration file
       
   506 # idp_redirect_url: Identity provider URL which will redirect
       
   507 #                   the user back to /login/saml2 with proper info.
       
   508 # See pysaml2 docs for format of config.
       
   509 #saml2_config:
       
   510 #   enabled: true
       
   511 #   config_path: "/home/erikj/git/synapse/sp_conf.py"
       
   512 #   idp_redirect_url: "http://test/idp"
       
   513 
       
   514 
       
   515 
       
   516 # Enable CAS for registration and login.
       
   517 #cas_config:
       
   518 #   enabled: true
       
   519 #   server_url: "https://cas-server.com"
       
   520 #   service_url: "https://homeserver.domain.com:8448"
       
   521 #   #required_attributes:
       
   522 #   #    name: value
       
   523 
       
   524 
       
   525 # The JWT needs to contain a globally unique "sub" (subject) claim.
       
   526 #
       
   527 # jwt_config:
       
   528 #    enabled: true
       
   529 #    secret: "a secret"
       
   530 #    algorithm: "HS256"
       
   531 
       
   532 
       
   533 
       
   534 # Enable password for login.
       
   535 password_config:
       
   536    enabled: true
       
   537    # Uncomment and change to a secret random string for extra security.
       
   538    # DO NOT CHANGE THIS AFTER INITIAL SETUP!
       
   539    #pepper: ""
       
   540 
       
   541 
       
   542 
       
   543 # Enable sending emails for notification events
       
   544 # Defining a custom URL for Riot is only needed if email notifications
       
   545 # should contain links to a self-hosted installation of Riot; when set
       
   546 # the "app_name" setting is ignored.
       
   547 #
       
   548 # If your SMTP server requires authentication, the optional smtp_user &
       
   549 # smtp_pass variables should be used
       
   550 #
       
   551 #email:
       
   552 #   enable_notifs: false
       
   553 #   smtp_host: "localhost"
       
   554 #   smtp_port: 25
       
   555 #   smtp_user: "exampleusername"
       
   556 #   smtp_pass: "examplepassword"
       
   557 #   require_transport_security: False
       
   558 #   notif_from: "Your Friendly %(app)s Home Server <[email protected]>"
       
   559 #   app_name: Matrix
       
   560 #   template_dir: res/templates
       
   561 #   notif_template_html: notif_mail.html
       
   562 #   notif_template_text: notif_mail.txt
       
   563 #   notif_for_new_users: True
       
   564 #   riot_base_url: "http://localhost/riot"
       
   565 
       
   566 
       
   567 # password_providers:
       
   568 #     - module: "ldap_auth_provider.LdapAuthProvider"
       
   569 #       config:
       
   570 #         enabled: true
       
   571 #         uri: "ldap://ldap.example.com:389"
       
   572 #         start_tls: true
       
   573 #         base: "ou=users,dc=example,dc=com"
       
   574 #         attributes:
       
   575 #            uid: "cn"
       
   576 #            mail: "email"
       
   577 #            name: "givenName"
       
   578 #         #bind_dn:
       
   579 #         #bind_password:
       
   580 #         #filter: "(objectClass=posixAccount)"
       
   581 
       
   582 
       
   583 
       
   584 # Clients requesting push notifications can either have the body of
       
   585 # the message sent in the notification poke along with other details
       
   586 # like the sender, or just the event ID and room ID (`event_id_only`).
       
   587 # If clients choose the former, this option controls whether the
       
   588 # notification request includes the content of the event (other details
       
   589 # like the sender are still included). For `event_id_only` push, it
       
   590 # has no effect.
       
   591 
       
   592 # For modern android devices the notification content will still appear
       
   593 # because it is loaded by the app. iPhone, however will send a
       
   594 # notification saying only that a message arrived and who it came from.
       
   595 #
       
   596 #push:
       
   597 #   include_content: true
       
   598 
       
   599 
       
   600 # spam_checker:
       
   601 #     module: "my_custom_project.SuperSpamChecker"
       
   602 #     config:
       
   603 #         example_option: 'things'
       
   604 
       
   605 
       
   606 # Whether to allow non server admins to create groups on this server
       
   607 enable_group_creation: false
       
   608 
       
   609 # If enabled, non server admins can only create groups with local parts
       
   610 # starting with this prefix
       
   611 # group_creation_prefix: "unofficial/"
       
   612 
       
   613 
       
   614 
       
   615 # User Directory configuration
       
   616 #
       
   617 # 'search_all_users' defines whether to search all users visible to your HS
       
   618 # when searching the user directory, rather than limiting to users visible
       
   619 # in public rooms.  Defaults to false.  If you set it True, you'll have to run
       
   620 # UPDATE user_directory_stream_pos SET stream_id = NULL;
       
   621 # on your database to tell it to rebuild the user_directory search indexes.
       
   622 #
       
   623 #user_directory:
       
   624 #   search_all_users: false