matrix-synapse/homeserver.yaml.tmpl

# All configuration options are documented on the following link:
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html

{{ if eq (env "SHARED_SECRET_AUTH_ENABLED") "1" }}
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#modules-1
modules:
    - module: shared_secret_authenticator.SharedSecretAuthProvider
      config:
        shared_secret: {{ secret "shared_secret_auth" }}
        m_login_password_support_enabled: true
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#server_name
server_name: {{ or (env "SERVER_NAME") (env "DOMAIN") }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#public_baseurl
public_baseurl: https://{{ env "DOMAIN" }}/

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#serve_server_wellknown
serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_without_auth
allow_public_rooms_without_auth: false

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_over_federation
allow_public_rooms_over_federation: {{ or (env "ALLOW_PUBLIC_ROOMS_FEDERATION") "true" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#listeners
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true

    {{ if eq (env "DISABLE_FEDERATION") "1" }}
    resources:
      {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
      - names: [client, openid]
        compress: true
      {{ else }}
      - names: [client]
        compress: true
      {{ end }}
    {{ else }}
    resources:
      {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
      - names: [client, openid, federation]
        compress: true
      {{ else }}
      - names: [client, federation]
        compress: true
      {{ end }}
    {{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#admin_contact
admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}'

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_remote_rooms
limit_remote_rooms:
  enabled: true
  complexity: 200.0

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_avatar_size
max_avatar_size: 10M

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forgotten_room_retention_period
forgotten_room_retention_period: 3d

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#request_token_inhibit_3pid_errors
request_token_inhibit_3pid_errors: true

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#redaction_retention_period
redaction_retention_period: {{ env "REDACTION_RETENTION_PERIOD" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_ips_max_age
user_ips_max_age: {{ env "USER_IPS_MAX_AGE" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#retention
retention:
  enabled: true
  default_policy:
    min_lifetime: 1d
    max_lifetime: {{ env "RETENTION_MAX_LIFETIME" }}
  allowed_lifetime_min: 1d
  allowed_lifetime_max: {{ env "ALLOWED_LIFETIME_MAX" }}
  purge_jobs:
    - longest_max_lifetime: 3d
      interval: 12h
    - shortest_max_lifetime: 3d
      interval: 1d

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist
{{ if eq (env "DISABLE_FEDERATION") "1" }}
federation_domain_whitelist: []
{{ else if eq (env "ENABLE_ALLOWLIST") "1" }}
federation_domain_whitelist: {{ env "FEDERATION_ALLOWLIST" }}
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#database-1
database:
  name: psycopg2
  txn_limit: 10000
  args:
    user: synapse
    password: "{{ secret "db_password" }}"
    database: synapse
    host: "{{ env "STACK_NAME" }}_db"
    port: 5432
    cp_min: 5
    cp_max: 10
    keepalives_idle: 10
    keepalives_interval: 10
    keepalives_count: 3

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#log_config
log_config: "/data/log.config"

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_store_path
media_store_path: "/data/media_store"

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_upload_size 
max_upload_size: 50M

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#turn
{{ if eq (env "TURN_ENABLED") "1" }}
turn_uris: {{ env "TURN_URIS" }}
turn_shared_secret: "{{ secret "turn_shared_secret" }}"
turn_user_lifetime: 1h
turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_registration
enable_registration: {{ env "ENABLE_REGISTRATION" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_3pid_lookup
enable_3pid_lookup: {{ env "ENABLE_3PID_LOOKUP" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_guest_access
allow_guest_access: false

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_shared_secret
registration_shared_secret: {{ secret "registration" }}

{{ if eq (env "AUTO_JOIN_ROOM_ENABLED") "1" }}
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#auto_join_rooms
auto_join_rooms:
  - "{{ env "AUTO_JOIN_ROOM" }}"
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#report_stats
report_stats: false

{{ if eq (env "APP_SERVICES_ENABLED") "1" }}
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#app_service_config_files
app_service_config_files: {{ env "APP_SERVICE_CONFIGS" }}
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#macaroon_secret_key
macaroon_secret_key: "{{ secret "macaroon" }}"

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#form_secret
form_secret: "{{ secret "form_secret" }}"

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#signing_key_path
signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key"

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers
{{ if eq (env "ENABLE_ALLOWLIST") "1" }}
trusted_key_servers: [] # NOTE(d1): defaults to requesting server directly, which matches FEDERATION_ALLOWLIST
{{ else }}
trusted_key_servers:
  - server_name: "matrix.org"
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#oidc_providers
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
oidc_providers:
  - idp_id: {{ env "KEYCLOAK_ID" }}
    idp_name: {{ env "KEYCLOAK_NAME" }}
    issuer: "{{ env "KEYCLOAK_URL" }}"
    client_id: "{{ env "KEYCLOAK_CLIENT_ID" }}"
    client_secret: "{{ secret "keycloak_client_secret" }}"
    scopes: ["openid", "profile"]
    allow_existing_users: {{ env "KEYCLOAK_ALLOW_EXISTING_USERS" }}
    user_mapping_provider:
      config:
        localpart_template: "{{ "{{ user.preferred_username }}" }}"
        display_name_template: "{{ "{{ user.name }}" }}"

  {{ if eq (env "KEYCLOAK2_ENABLED") "1" }}
  - idp_id: {{ env "KEYCLOAK2_ID" }}
    idp_name: {{ env "KEYCLOAK2_NAME" }}
    issuer: "{{ env "KEYCLOAK2_URL" }}"
    client_id: "{{ env "KEYCLOAK2_CLIENT_ID" }}"
    client_secret: "{{ secret "keycloak2_client_secret" }}"
    scopes: ["openid", "profile"]
    allow_existing_users: {{ env "KEYCLOAK2_ALLOW_EXISTING_USERS" }}
    user_mapping_provider:
      config:
        localpart_template: "{{ "{{ user.preferred_username }}" }}"
        display_name_template: "{{ "{{ user.name }}" }}"
  {{ end }}

  {{ if eq (env "KEYCLOAK3_ENABLED") "1" }}
  - idp_id: {{ env "KEYCLOAK3_ID" }}
    idp_name: {{ env "KEYCLOAK3_NAME" }}
    issuer: "{{ env "KEYCLOAK3_URL" }}"
    client_id: "{{ env "KEYCLOAK3_CLIENT_ID" }}"
    client_secret: "{{ secret "keycloak3_client_secret" }}"
    scopes: ["openid", "profile"]
    allow_existing_users: {{ env "KEYCLOAK3_ALLOW_EXISTING_USERS" }}
    user_mapping_provider:
      config:
        localpart_template: "{{ "{{ user.preferred_username }}" }}"
        display_name_template: "{{ "{{ user.name }}" }}"
  {{ end }}
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#sso 
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
sso:
  client_whitelist:
    - https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }}
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
password_config:
   enabled: {{ env "PASSWORD_LOGIN_ENABLED" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email
{{ if eq (env "SMTP_ENABLED") "1" }}
email:
  smtp_host: {{ env "SMTP_HOST" }}
  smtp_port: {{ env "SMTP_PORT" }}
  smtp_user: {{ env "SMTP_USER" }}
  smtp_pass: "{{ secret "smtp_password" }}"
  require_transport_security: true
  notif_from: Your Friendly %(app)s homeserver <{{ env "SMTP_FROM" }}>
  app_name: {{ env "SMTP_APP_NAME" }}
  enable_notifs: true
  client_base_url: https://{{ env "DOMAIN" }}
{{ end }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#encryption_enabled_by_default_for_room_type
encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_directory
user_directory:
  enabled: true
  search_all_users: true
  prefer_local_users: true

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_retention
media_retention:
  local_media_lifetime: {{ env "MEDIA_RETENTION_LOCAL_LIFETIME" }}
  remote_media_lifetime: {{ env "MEDIA_RETENTION_REMOTE_LIFETIME" }}

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_metrics
enable_metrics: false

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#track_appservice_user_ips
track_appservice_user_ips: false

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forget_rooms_on_leave
forget_rooms_on_leave: true

# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#opentracing-1
opentracing:
  enabled: false

# https://matrix-org.github.io/synapse/develop/usage/configuration/config_documentation.html#ratelimiting
rc_login:
  address:
    per_second: {{ env "LOGIN_LIMIT_IP_PER_SECOND" }}
    burst_count: {{ env "LOGIN_LIMIT_IP_BURST" }}
  account:
    per_second: {{ env "LOGIN_LIMIT_ACCOUNT_PER_SECOND" }}
    burst_count: {{ env "LOGIN_LIMIT_ACCOUNT_BURST" }}