ansible-roles: comparison dendrite/server/templates/dendrite.yaml.j2

equal deleted inserted replaced

-:3069b7d001f7
+:dd52907adff9
 # Note that this is NOT the same private key as used for TLS! To generate a
 # signing key, use "./bin/generate-keys --private-key matrix_key.pem".
 private_key: matrix_key.pem
 # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
-# to old signing private keys that were formerly in use on this domain. These
+# to old signing keys that were formerly in use on this domain name. These
 # keys will not be used for federation request or event signing, but will be
 # provided to any other homeserver that asks when trying to verify old events.
 old_private_keys:
 {% if dendrite_old_key %}- private_key: old_matrix_key.pem
 expired_at: 1626538450
 # considered valid by other homeservers.
 key_validity_period: 168h0m0s
 # Global database connection pool, for PostgreSQL monolith deployments only. If
 # this section is populated then you can omit the "database" blocks in all other
-# sections. For polylith deployments, or monolith deployments using SQLite databases,
+# sections. For monolith deployments using SQLite databases,
 # you must configure the "database" block for each component instead.
 database:
 connection_string: postgresql://{{dendrite_db_user}}:{{dendrite_db_pass}}@localhost/{{dendrite_db}}?sslmode=disable
 max_open_conns: 90
 max_idle_conns: 5
 conn_max_lifetime: -1
+# Configuration for in-memory caches. Caches can often improve performance by
+# keeping frequently accessed items (like events, identifiers etc.) in memory
+# rather than having to read them from the database.
+cache:
+# The estimated maximum size for the global cache in bytes, or in terabytes,
+# gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or
+# 'kb' suffix is specified. Note that this is not a hard limit, nor is it a
+# memory limit for the entire process. A cache that is too small may ultimately
+# provide little or no benefit.
+max_size_estimated: 1gb
+# The maximum amount of time that a cache entry can live for in memory before
+# it will be evicted and/or refreshed from the database. Lower values result in
+# easier admission of new cache entries but may also increase database load in
+# comparison to higher values, so adjust conservatively. Higher values may make
+# it harder for new items to make it into the cache, e.g. if new rooms suddenly
+# become popular.
+max_age: 1h
 # The server name to delegate server-server communications to, with optional port
 # e.g. localhost:443
 well_known_server_name: ""
+# The base URL to delegate client-server communications to e.g. https://localhost
+well_known_client_name: ""
 # Lists of domains that the server will trust as identity servers to verify third
 # party identifiers such as phone numbers and email addresses.
 trusted_third_party_id_servers:
 - matrix.org
 # Configures phone-home statistics reporting. These statistics contain the server
 # name, number of active users and some information on your deployment config.
 # We use this information to understand how Dendrite is being used in the wild.
 report_stats:
 enabled: false
-endpoint: https://matrix.org/report-usage-stats/push
+endpoint: https://panopticon.matrix.org/push
 # Server notices allows server admins to send messages to all users on the server.
 server_notices:
 enabled: false
 # The local part, display name and avatar URL (as a mxc:// URL) for the user that
 # Configuration for NATS JetStream
 jetstream:
 # A list of NATS Server addresses to connect to. If none are specified, an
 # internal NATS server will be started automatically when running Dendrite in
-# monolith mode. For polylith deployments, it is required to specify the address
+# monolith mode.
-# of at least one NATS Server node.
 addresses:
 # - localhost:4222
+# Disable the validation of TLS certificates of NATS. This is
+# not recommended in production since it may allow NATS traffic
+# to be sent to an insecure endpoint.
+disable_tls_validation: false
 # Persistent directory to store JetStream streams in. This directory should be
 # preserved across Dendrite restarts.
 storage_path: ./
 recaptcha_public_key: "{{dendrite_recaptcha_public_key}}"
 recaptcha_private_key: "{{dendrite_recaptcha_private_key}}"
 recaptcha_bypass_secret: "{{dendrite_recaptcha_bypass_secret}}"
 recaptcha_siteverify_api: "{{dendrite_recaptcha_siteverify_api}}"
 # TURN server information that this homeserver should send to clients.
 turn:
-turn_user_lifetime: ""
+turn_user_lifetime: "5m"
 turn_uris:
 #  - turn:turn.server.org?transport=udp
 #  - turn:turn.server.org?transport=tcp
 turn_shared_secret: ""
-turn_username: ""
+# If your TURN server requires static credentials, then you will need to enter
-turn_password: ""
+# them here instead of supplying a shared secret. Note that these credentials
+# will be visible to clients!
+# turn_username: ""
+# turn_password: ""
 # Settings for rate-limited endpoints. Rate limiting kicks in after the threshold
 # number of "slots" have been taken by requests from a specific host. Each "slot"
-# will be released after the cooloff time in milliseconds.
+# will be released after the cooloff time in milliseconds. Server administrators
+# and appservice users are exempt from rate limiting by default.
 rate_limiting:
 enabled: true
-threshold: 5
+threshold: 20
 cooloff_ms: 500
+exempt_user_ids:
+#  - "@user:domain.com"
 # Configuration for the Federation API.
 federation_api:
 # How many times we will try to resend a failed transaction to a specific server. The
 # backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc. Once
 send_max_retries: 16
 # Disable the validation of TLS certificates of remote federated homeservers. Do not
 # enable this option in production as it presents a security risk!
 disable_tls_validation: false
+# Disable HTTP keepalives, which also prevents connection reuse. Dendrite will typically
+# keep HTTP connections open to remote hosts for 5 minutes as they can be reused much
+# more quickly than opening new connections each time. Disabling keepalives will close
+# HTTP connections immediately after a successful request but may result in more CPU and
+# memory being used on TLS handshakes for each new connection instead.
+disable_http_keepalives: false
 # Perspective keyservers to use as a backup when direct key fetches fail. This may
 # be required to satisfy key requests for servers that are no longer online when
 # joining some rooms.
 key_perspectives:
 method: scale
 # Configuration for enabling experimental MSCs on this homeserver.
 mscs:
 mscs:
-- msc2836  # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
+#  - msc2836  # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
-- msc2946  # (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
 # Configuration for the Sync API.
 sync_api:
 # This option controls which HTTP header to inspect to find the real remote IP
 # address of the client. This is likely required if Dendrite is running behind
 # a reverse proxy server.
 # real_ip_header: X-Real-IP
+# Configuration for the full-text search engine.
+search:
+# Whether or not search is enabled.
+enabled: false
+# The path where the search index will be created in.
+index_path: "./searchindex"
+# The language most likely to be used on the server - used when indexing, to
+# ensure the returned results match expectations. A full list of possible languages
+# can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
+language: "en"
 # Configuration for the User API.
 user_api:
 # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
 # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information.
 # The length of time that a token issued for a relying party from
 # /_matrix/client/r0/user/{userId}/openid/request_token endpoint
 # is considered to be valid in milliseconds.
 # The default lifetime is 3600000ms (60 minutes).
 # openid_token_lifetime_ms: 3600000
+# Users who register on this homeserver will automatically be joined to the rooms listed under "auto_join_rooms" option.
+# By default, any room aliases included in this list will be created as a publicly joinable room
+# when the first user registers for the homeserver. If the room already exists,
+# make certain it is a publicly joinable room, i.e. the join rule of the room must be set to 'public'.
+# As Spaces are just rooms under the hood, Space aliases may also be used.
+auto_join_rooms:
+#  - "#main:matrix.org"
 # Configuration for Opentracing.
 # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
 # how this works and how to set it up.
 tracing:

changeset 215	dd52907adff9
parent 207	e16c94c81b53
child 227	2e0366f2dcbe