|
|
|
|
@ -1,92 +1,32 @@
|
|
|
|
|
## Modules ##
|
|
|
|
|
# All configuration options are documented on the following link:
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
|
|
|
|
|
|
|
|
|
# Server admins can expand Synapse's functionality with external modules.
|
|
|
|
|
#
|
|
|
|
|
# See https://matrix-org.github.io/synapse/latest/modules.html for more
|
|
|
|
|
# documentation on how to configure or create custom modules for Synapse.
|
|
|
|
|
#
|
|
|
|
|
{{ if eq (env "SHARED_SECRET_AUTH_ENABLED") "1" }}
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#modules-1
|
|
|
|
|
modules:
|
|
|
|
|
# - module: my_super_module.MySuperClass
|
|
|
|
|
# config:
|
|
|
|
|
# do_thing: true
|
|
|
|
|
# - module: my_other_super_module.SomeClass
|
|
|
|
|
# config: {}
|
|
|
|
|
{{ if eq (env "SHARED_SECRET_AUTH_ENABLED") "1" }}
|
|
|
|
|
- module: shared_secret_authenticator.SharedSecretAuthProvider
|
|
|
|
|
config:
|
|
|
|
|
shared_secret: {{ secret "shared_secret_auth" }}
|
|
|
|
|
m_login_password_support_enabled: true
|
|
|
|
|
{{ end }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
## Server ##
|
|
|
|
|
|
|
|
|
|
# The public-facing domain of the server
|
|
|
|
|
#
|
|
|
|
|
# The server_name name will appear at the end of usernames and room addresses
|
|
|
|
|
# created on this server. For example if the server_name was example.com,
|
|
|
|
|
# usernames on this server would be in the format @user:example.com
|
|
|
|
|
#
|
|
|
|
|
# In most cases you should avoid using a matrix specific subdomain such as
|
|
|
|
|
# matrix.example.com or synapse.example.com as the server_name for the same
|
|
|
|
|
# reasons you wouldn't use user@email.example.com as your email address.
|
|
|
|
|
# See https://matrix-org.github.io/synapse/latest/delegate.html
|
|
|
|
|
# for information on how to host Synapse on a subdomain while preserving
|
|
|
|
|
# a clean server_name.
|
|
|
|
|
#
|
|
|
|
|
# The server_name cannot be changed later so it is important to
|
|
|
|
|
# configure this correctly before you start Synapse. It should be all
|
|
|
|
|
# lowercase and may contain an explicit port.
|
|
|
|
|
# Examples: matrix.org, localhost:8080
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#server_name
|
|
|
|
|
server_name: {{ or (env "SERVER_NAME") (env "DOMAIN") }}
|
|
|
|
|
|
|
|
|
|
# The public-facing base URL that clients use to access this Homeserver (not
|
|
|
|
|
# including _matrix/...). This is the same URL a user might enter into the
|
|
|
|
|
# 'Custom Homeserver URL' field on their client. If you use Synapse with a
|
|
|
|
|
# reverse proxy, this should be the URL to reach Synapse via the proxy.
|
|
|
|
|
# Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
|
|
|
|
|
# 'listeners' below).
|
|
|
|
|
#
|
|
|
|
|
# Defaults to 'https://<server_name>/'.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#public_baseurl
|
|
|
|
|
public_baseurl: https://{{ env "DOMAIN" }}/
|
|
|
|
|
|
|
|
|
|
# Uncomment the following to tell other servers to send federation traffic on
|
|
|
|
|
# port 443.
|
|
|
|
|
#
|
|
|
|
|
# By default, other servers will try to reach our server on port 8448, which can
|
|
|
|
|
# be inconvenient in some environments.
|
|
|
|
|
#
|
|
|
|
|
# Provided 'https://<server_name>/' on port 443 is routed to Synapse, this
|
|
|
|
|
# option configures Synapse to serve a file at
|
|
|
|
|
# 'https://<server_name>/.well-known/matrix/server'. This will tell other
|
|
|
|
|
# servers to send traffic to port 443 instead.
|
|
|
|
|
#
|
|
|
|
|
# See https://matrix-org.github.io/synapse/latest/delegate.html for more
|
|
|
|
|
# information.
|
|
|
|
|
#
|
|
|
|
|
# Defaults to 'false'.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#serve_server_wellknown
|
|
|
|
|
serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}
|
|
|
|
|
|
|
|
|
|
# If set to 'true', removes the need for authentication to access the server's
|
|
|
|
|
# public rooms directory through the client API, meaning that anyone can
|
|
|
|
|
# query the room directory. Defaults to 'false'.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_without_auth
|
|
|
|
|
allow_public_rooms_without_auth: false
|
|
|
|
|
|
|
|
|
|
# If set to 'true', allows any other homeserver to fetch the server's public
|
|
|
|
|
# rooms directory via federation. Defaults to 'false'.
|
|
|
|
|
#
|
|
|
|
|
allow_public_rooms_over_federation: false
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_over_federation
|
|
|
|
|
allow_public_rooms_over_federation: {{ or (env "ALLOW_PUBLIC_ROOMS_FEDERATION") "true" }}
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#listeners
|
|
|
|
|
listeners:
|
|
|
|
|
# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
|
|
|
|
|
# that unwraps TLS.
|
|
|
|
|
#
|
|
|
|
|
# If you plan to use a reverse proxy, please see
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
|
|
|
|
#
|
|
|
|
|
- port: 8008
|
|
|
|
|
tls: false
|
|
|
|
|
type: http
|
|
|
|
|
@ -112,153 +52,51 @@ listeners:
|
|
|
|
|
{{ end }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
## Homeserver blocking ##
|
|
|
|
|
|
|
|
|
|
# How to reach the server admin, used in ResourceLimitError
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#admin_contact
|
|
|
|
|
admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}'
|
|
|
|
|
|
|
|
|
|
# Resource-constrained homeserver settings
|
|
|
|
|
#
|
|
|
|
|
# When this is enabled, the room "complexity" will be checked before a user
|
|
|
|
|
# joins a new remote room. If it is above the complexity limit, the server will
|
|
|
|
|
# disallow joining, or will instantly leave.
|
|
|
|
|
#
|
|
|
|
|
# Room complexity is an arbitrary measure based on factors such as the number of
|
|
|
|
|
# users in the room.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_remote_rooms
|
|
|
|
|
limit_remote_rooms:
|
|
|
|
|
# Uncomment to enable room complexity checking.
|
|
|
|
|
#
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
# the limit above which rooms cannot be joined. The default is 1.0.
|
|
|
|
|
#
|
|
|
|
|
complexity: 200.0
|
|
|
|
|
|
|
|
|
|
# The largest allowed file size for a user avatar. Defaults to no restriction.
|
|
|
|
|
# Note that user avatar changes will not work if this is set without
|
|
|
|
|
# using Synapse's media repository.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_avatar_size
|
|
|
|
|
max_avatar_size: 10M
|
|
|
|
|
|
|
|
|
|
# How long to keep redacted events in unredacted form in the database. After
|
|
|
|
|
# this period redacted events get replaced with their redacted form in the DB.
|
|
|
|
|
#
|
|
|
|
|
# Defaults to `7d`. Set to `null` to disable.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forgotten_room_retention_period
|
|
|
|
|
forgotten_room_retention_period: 3d
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#request_token_inhibit_3pid_errors
|
|
|
|
|
request_token_inhibit_3pid_errors: true
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#redaction_retention_period
|
|
|
|
|
redaction_retention_period: {{ env "REDACTION_RETENTION_PERIOD" }}
|
|
|
|
|
|
|
|
|
|
# How long to track users' last seen time and IPs in the database.
|
|
|
|
|
#
|
|
|
|
|
# Defaults to `28d`. Set to `null` to disable clearing out of old rows.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_ips_max_age
|
|
|
|
|
user_ips_max_age: {{ env "USER_IPS_MAX_AGE" }}
|
|
|
|
|
|
|
|
|
|
# Message retention policy at the server level.
|
|
|
|
|
#
|
|
|
|
|
# Room admins and mods can define a retention period for their rooms using the
|
|
|
|
|
# 'm.room.retention' state event, and server admins can cap this period by setting
|
|
|
|
|
# the 'allowed_lifetime_min' and 'allowed_lifetime_max' config options.
|
|
|
|
|
#
|
|
|
|
|
# If this feature is enabled, Synapse will regularly look for and purge events
|
|
|
|
|
# which are older than the room's maximum retention period. Synapse will also
|
|
|
|
|
# filter events received over federation so that events that should have been
|
|
|
|
|
# purged are ignored and not stored again.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#retention
|
|
|
|
|
retention:
|
|
|
|
|
# The message retention policies feature is disabled by default. Uncomment the
|
|
|
|
|
# following line to enable it.
|
|
|
|
|
#
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
# Default retention policy. If set, Synapse will apply it to rooms that lack the
|
|
|
|
|
# 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't
|
|
|
|
|
# matter much because Synapse doesn't take it into account yet.
|
|
|
|
|
#
|
|
|
|
|
default_policy:
|
|
|
|
|
min_lifetime: 1d
|
|
|
|
|
max_lifetime: {{ env "RETENTION_MAX_LIFETIME" }}
|
|
|
|
|
|
|
|
|
|
# Retention policy limits. If set, and the state of a room contains a
|
|
|
|
|
# 'm.room.retention' event in its state which contains a 'min_lifetime' or a
|
|
|
|
|
# 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
|
|
|
|
|
# to these limits when running purge jobs.
|
|
|
|
|
#
|
|
|
|
|
allowed_lifetime_min: 1d
|
|
|
|
|
allowed_lifetime_max: {{ env "ALLOWED_LIFETIME_MAX" }}
|
|
|
|
|
|
|
|
|
|
# Server admins can define the settings of the background jobs purging the
|
|
|
|
|
# events which lifetime has expired under the 'purge_jobs' section.
|
|
|
|
|
#
|
|
|
|
|
# If no configuration is provided, a single job will be set up to delete expired
|
|
|
|
|
# events in every room daily.
|
|
|
|
|
#
|
|
|
|
|
# Each job's configuration defines which range of message lifetimes the job
|
|
|
|
|
# takes care of. For example, if 'shortest_max_lifetime' is '2d' and
|
|
|
|
|
# 'longest_max_lifetime' is '3d', the job will handle purging expired events in
|
|
|
|
|
# rooms whose state defines a 'max_lifetime' that's both higher than 2 days, and
|
|
|
|
|
# lower than or equal to 3 days. Both the minimum and the maximum value of a
|
|
|
|
|
# range are optional, e.g. a job with no 'shortest_max_lifetime' and a
|
|
|
|
|
# 'longest_max_lifetime' of '3d' will handle every room with a retention policy
|
|
|
|
|
# which 'max_lifetime' is lower than or equal to three days.
|
|
|
|
|
#
|
|
|
|
|
# The rationale for this per-job configuration is that some rooms might have a
|
|
|
|
|
# retention policy with a low 'max_lifetime', where history needs to be purged
|
|
|
|
|
# of outdated messages on a more frequent basis than for the rest of the rooms
|
|
|
|
|
# (e.g. every 12h), but not want that purge to be performed by a job that's
|
|
|
|
|
# iterating over every room it knows, which could be heavy on the server.
|
|
|
|
|
#
|
|
|
|
|
# If any purge job is configured, it is strongly recommended to have at least
|
|
|
|
|
# a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
|
|
|
|
|
# set, or one job without 'shortest_max_lifetime' and one job without
|
|
|
|
|
# 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
|
|
|
|
|
# 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
|
|
|
|
|
# room's policy to these values is done after the policies are retrieved from
|
|
|
|
|
# Synapse's database (which is done using the range specified in a purge job's
|
|
|
|
|
# configuration).
|
|
|
|
|
#
|
|
|
|
|
purge_jobs:
|
|
|
|
|
- longest_max_lifetime: 3d
|
|
|
|
|
interval: 12h
|
|
|
|
|
- shortest_max_lifetime: 3d
|
|
|
|
|
interval: 1d
|
|
|
|
|
|
|
|
|
|
## Federation ##
|
|
|
|
|
|
|
|
|
|
# Restrict federation to the following whitelist of domains.
|
|
|
|
|
# N.B. we recommend also firewalling your federation listener to limit
|
|
|
|
|
# inbound federation traffic as early as possible, rather than relying
|
|
|
|
|
# purely on this application-layer restriction. If not specified, the
|
|
|
|
|
# default is to whitelist everything.
|
|
|
|
|
#
|
|
|
|
|
#federation_domain_whitelist:
|
|
|
|
|
# - lon.example.com
|
|
|
|
|
# - nyc.example.com
|
|
|
|
|
# - syd.example.com
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist
|
|
|
|
|
{{ if eq (env "DISABLE_FEDERATION") "1" }}
|
|
|
|
|
federation_domain_whitelist: []
|
|
|
|
|
{{ else if eq (env "ENABLE_ALLOWLIST") "1" }}
|
|
|
|
|
federation_domain_whitelist: {{ env "FEDERATION_ALLOWLIST" }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
## Database ##
|
|
|
|
|
|
|
|
|
|
# The 'database' setting defines the database that synapse uses to store all of
|
|
|
|
|
# its data.
|
|
|
|
|
#
|
|
|
|
|
# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
|
|
|
|
|
# 'psycopg2' (for PostgreSQL).
|
|
|
|
|
#
|
|
|
|
|
# 'txn_limit' gives the maximum number of transactions to run per connection
|
|
|
|
|
# before reconnecting. Defaults to 0, which means no limit.
|
|
|
|
|
#
|
|
|
|
|
# 'args' gives options which are passed through to the database engine,
|
|
|
|
|
# except for options starting 'cp_', which are used to configure the Twisted
|
|
|
|
|
# connection pool. For a reference to valid arguments, see:
|
|
|
|
|
# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
|
|
|
|
|
# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
|
|
|
|
|
# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#database-1
|
|
|
|
|
database:
|
|
|
|
|
name: psycopg2
|
|
|
|
|
txn_limit: 10000
|
|
|
|
|
@ -274,327 +112,69 @@ database:
|
|
|
|
|
keepalives_interval: 10
|
|
|
|
|
keepalives_count: 3
|
|
|
|
|
|
|
|
|
|
## Logging ##
|
|
|
|
|
|
|
|
|
|
# A yaml python logging config file as described by
|
|
|
|
|
# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#log_config
|
|
|
|
|
log_config: "/data/log.config"
|
|
|
|
|
|
|
|
|
|
## Media Store ##
|
|
|
|
|
|
|
|
|
|
# Enable the media store service in the Synapse master. Uncomment the
|
|
|
|
|
# following if you are using a separate media store worker.
|
|
|
|
|
#
|
|
|
|
|
#enable_media_repo: false
|
|
|
|
|
|
|
|
|
|
# Directory where uploaded images and attachments are stored.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_store_path
|
|
|
|
|
media_store_path: "/data/media_store"
|
|
|
|
|
|
|
|
|
|
# The largest allowed upload size in bytes
|
|
|
|
|
#
|
|
|
|
|
# If you are using a reverse proxy you may also need to set this value in
|
|
|
|
|
# your reverse proxy's config. Notably Nginx has a small max body size by default.
|
|
|
|
|
# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_upload_size
|
|
|
|
|
max_upload_size: 50M
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#turn
|
|
|
|
|
{{ if eq (env "TURN_ENABLED") "1" }}
|
|
|
|
|
## TURN ##
|
|
|
|
|
|
|
|
|
|
# The public URIs of the TURN server to give to clients
|
|
|
|
|
#
|
|
|
|
|
turn_uris: {{ env "TURN_URIS" }}
|
|
|
|
|
|
|
|
|
|
# The shared secret used to compute passwords for the TURN server
|
|
|
|
|
#
|
|
|
|
|
turn_shared_secret: "{{ secret "turn_shared_secret" }}"
|
|
|
|
|
|
|
|
|
|
# How long generated TURN credentials last
|
|
|
|
|
#
|
|
|
|
|
turn_user_lifetime: 1h
|
|
|
|
|
|
|
|
|
|
# Whether guests should be allowed to use the TURN server.
|
|
|
|
|
# This defaults to True, otherwise VoIP will be unreliable for guests.
|
|
|
|
|
# However, it does introduce a slight security risk as it allows users to
|
|
|
|
|
# connect to arbitrary endpoints without having first signed up for a
|
|
|
|
|
# valid account (e.g. by passing a CAPTCHA).
|
|
|
|
|
#
|
|
|
|
|
turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
## Registration ##
|
|
|
|
|
#
|
|
|
|
|
# Registration can be rate-limited using the parameters in the "Ratelimiting"
|
|
|
|
|
# section of this file.
|
|
|
|
|
|
|
|
|
|
# Enable registration for new users.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_registration
|
|
|
|
|
enable_registration: {{ env "ENABLE_REGISTRATION" }}
|
|
|
|
|
|
|
|
|
|
# Enable 3PIDs lookup requests to identity servers from this server.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_3pid_lookup
|
|
|
|
|
enable_3pid_lookup: {{ env "ENABLE_3PID_LOOKUP" }}
|
|
|
|
|
|
|
|
|
|
# If set, allows registration of standard or admin accounts by anyone who
|
|
|
|
|
# has the shared secret, even if registration is otherwise disabled.
|
|
|
|
|
#
|
|
|
|
|
registration_shared_secret: {{ secret "registration_shared_secret" }}
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_guest_access
|
|
|
|
|
allow_guest_access: false
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_shared_secret
|
|
|
|
|
registration_shared_secret: {{ secret "registration" }}
|
|
|
|
|
|
|
|
|
|
# Users who register on this homeserver will automatically be joined
|
|
|
|
|
# to these rooms.
|
|
|
|
|
#
|
|
|
|
|
# By default, any room aliases included in this list will be created
|
|
|
|
|
# as a publicly joinable room when the first user registers for the
|
|
|
|
|
# homeserver. This behaviour can be customised with the settings below.
|
|
|
|
|
# If the room already exists, make certain it is a publicly joinable
|
|
|
|
|
# room. The join rule of the room must be set to 'public'.
|
|
|
|
|
#
|
|
|
|
|
{{ if eq (env "AUTO_JOIN_ROOM_ENABLED") "1" }}
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#auto_join_rooms
|
|
|
|
|
auto_join_rooms:
|
|
|
|
|
- "{{ env "AUTO_JOIN_ROOM" }}"
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
## Metrics ###
|
|
|
|
|
|
|
|
|
|
# Whether or not to report anonymized homeserver usage statistics.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#report_stats
|
|
|
|
|
report_stats: false
|
|
|
|
|
|
|
|
|
|
## API Configuration ##
|
|
|
|
|
|
|
|
|
|
# A list of application service config files to use
|
|
|
|
|
#
|
|
|
|
|
{{ if eq (env "APP_SERVICES_ENABLED") "1" }}
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#app_service_config_files
|
|
|
|
|
app_service_config_files: {{ env "APP_SERVICE_CONFIGS" }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
# a secret which is used to sign access tokens. If none is specified,
|
|
|
|
|
# the registration_shared_secret is used, if one is given; otherwise,
|
|
|
|
|
# a secret key is derived from the signing key.
|
|
|
|
|
#
|
|
|
|
|
macaroon_secret_key: "{{ secret "macaroon_secret_key" }}"
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#macaroon_secret_key
|
|
|
|
|
macaroon_secret_key: "{{ secret "macaroon" }}"
|
|
|
|
|
|
|
|
|
|
# a secret which is used to calculate HMACs for form values, to stop
|
|
|
|
|
# falsification of values. Must be specified for the User Consent
|
|
|
|
|
# forms to work.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#form_secret
|
|
|
|
|
form_secret: "{{ secret "form_secret" }}"
|
|
|
|
|
|
|
|
|
|
## Signing Keys ##
|
|
|
|
|
|
|
|
|
|
# Path to the signing key to sign messages with
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#signing_key_path
|
|
|
|
|
signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key"
|
|
|
|
|
|
|
|
|
|
# The trusted servers to download signing keys from.
|
|
|
|
|
#
|
|
|
|
|
# When we need to fetch a signing key, each server is tried in parallel.
|
|
|
|
|
#
|
|
|
|
|
# Normally, the connection to the key server is validated via TLS certificates.
|
|
|
|
|
# Additional security can be provided by configuring a `verify key`, which
|
|
|
|
|
# will make synapse check that the response is signed by that key.
|
|
|
|
|
#
|
|
|
|
|
# This setting supercedes an older setting named `perspectives`. The old format
|
|
|
|
|
# is still supported for backwards-compatibility, but it is deprecated.
|
|
|
|
|
#
|
|
|
|
|
# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
|
|
|
|
|
# warning on start-up. To suppress this warning, set
|
|
|
|
|
# 'suppress_key_server_warning' to true.
|
|
|
|
|
#
|
|
|
|
|
# Options for each entry in the list include:
|
|
|
|
|
#
|
|
|
|
|
# server_name: the name of the server. required.
|
|
|
|
|
#
|
|
|
|
|
# verify_keys: an optional map from key id to base64-encoded public key.
|
|
|
|
|
# If specified, we will check that the response is signed by at least
|
|
|
|
|
# one of the given keys.
|
|
|
|
|
#
|
|
|
|
|
# accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
|
|
|
|
|
# and federation_verify_certificates is not `true`, synapse will refuse
|
|
|
|
|
# to start, because this would allow anyone who can spoof DNS responses
|
|
|
|
|
# to masquerade as the trusted key server. If you know what you are doing
|
|
|
|
|
# and are sure that your network environment provides a secure connection
|
|
|
|
|
# to the key server, you can set this to `true` to override this
|
|
|
|
|
# behaviour.
|
|
|
|
|
#
|
|
|
|
|
# An example configuration might look like:
|
|
|
|
|
#
|
|
|
|
|
#trusted_key_servers:
|
|
|
|
|
# - server_name: "my_trusted_server.example.com"
|
|
|
|
|
# verify_keys:
|
|
|
|
|
# "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
|
|
|
|
|
# - server_name: "my_other_trusted_server.example.com"
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers
|
|
|
|
|
{{ if eq (env "ENABLE_ALLOWLIST") "1" }}
|
|
|
|
|
{{ env "TRUSTED_KEYSERVERS" }}
|
|
|
|
|
trusted_key_servers: [] # NOTE(d1): defaults to requesting server directly, which matches FEDERATION_ALLOWLIST
|
|
|
|
|
{{ else }}
|
|
|
|
|
trusted_key_servers:
|
|
|
|
|
- server_name: "matrix.org"
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
## Single sign-on integration ##
|
|
|
|
|
|
|
|
|
|
# List of OpenID Connect (OIDC) / OAuth 2.0 identity providers, for registration
|
|
|
|
|
# and login.
|
|
|
|
|
#
|
|
|
|
|
# Options for each entry include:
|
|
|
|
|
#
|
|
|
|
|
# idp_id: a unique identifier for this identity provider. Used internally
|
|
|
|
|
# by Synapse; should be a single word such as 'github'.
|
|
|
|
|
#
|
|
|
|
|
# Note that, if this is changed, users authenticating via that provider
|
|
|
|
|
# will no longer be recognised as the same user!
|
|
|
|
|
#
|
|
|
|
|
# (Use "oidc" here if you are migrating from an old "oidc_config"
|
|
|
|
|
# configuration.)
|
|
|
|
|
#
|
|
|
|
|
# idp_name: A user-facing name for this identity provider, which is used to
|
|
|
|
|
# offer the user a choice of login mechanisms.
|
|
|
|
|
#
|
|
|
|
|
# idp_icon: An optional icon for this identity provider, which is presented
|
|
|
|
|
# by clients and Synapse's own IdP picker page. If given, must be an
|
|
|
|
|
# MXC URI of the format mxc://<server-name>/<media-id>. (An easy way to
|
|
|
|
|
# obtain such an MXC URI is to upload an image to an (unencrypted) room
|
|
|
|
|
# and then copy the "url" from the source of the event.)
|
|
|
|
|
#
|
|
|
|
|
# idp_brand: An optional brand for this identity provider, allowing clients
|
|
|
|
|
# to style the login flow according to the identity provider in question.
|
|
|
|
|
# See the spec for possible options here.
|
|
|
|
|
#
|
|
|
|
|
# discover: set to 'false' to disable the use of the OIDC discovery mechanism
|
|
|
|
|
# to discover endpoints. Defaults to true.
|
|
|
|
|
#
|
|
|
|
|
# issuer: Required. The OIDC issuer. Used to validate tokens and (if discovery
|
|
|
|
|
# is enabled) to discover the provider's endpoints.
|
|
|
|
|
#
|
|
|
|
|
# client_id: Required. oauth2 client id to use.
|
|
|
|
|
#
|
|
|
|
|
# client_secret: oauth2 client secret to use. May be omitted if
|
|
|
|
|
# client_secret_jwt_key is given, or if client_auth_method is 'none'.
|
|
|
|
|
#
|
|
|
|
|
# client_secret_jwt_key: Alternative to client_secret: details of a key used
|
|
|
|
|
# to create a JSON Web Token to be used as an OAuth2 client secret. If
|
|
|
|
|
# given, must be a dictionary with the following properties:
|
|
|
|
|
#
|
|
|
|
|
# key: a pem-encoded signing key. Must be a suitable key for the
|
|
|
|
|
# algorithm specified. Required unless 'key_file' is given.
|
|
|
|
|
#
|
|
|
|
|
# key_file: the path to file containing a pem-encoded signing key file.
|
|
|
|
|
# Required unless 'key' is given.
|
|
|
|
|
#
|
|
|
|
|
# jwt_header: a dictionary giving properties to include in the JWT
|
|
|
|
|
# header. Must include the key 'alg', giving the algorithm used to
|
|
|
|
|
# sign the JWT, such as "ES256", using the JWA identifiers in
|
|
|
|
|
# RFC7518.
|
|
|
|
|
#
|
|
|
|
|
# jwt_payload: an optional dictionary giving properties to include in
|
|
|
|
|
# the JWT payload. Normally this should include an 'iss' key.
|
|
|
|
|
#
|
|
|
|
|
# client_auth_method: auth method to use when exchanging the token. Valid
|
|
|
|
|
# values are 'client_secret_basic' (default), 'client_secret_post' and
|
|
|
|
|
# 'none'.
|
|
|
|
|
#
|
|
|
|
|
# scopes: list of scopes to request. This should normally include the "openid"
|
|
|
|
|
# scope. Defaults to ["openid"].
|
|
|
|
|
#
|
|
|
|
|
# authorization_endpoint: the oauth2 authorization endpoint. Required if
|
|
|
|
|
# provider discovery is disabled.
|
|
|
|
|
#
|
|
|
|
|
# token_endpoint: the oauth2 token endpoint. Required if provider discovery is
|
|
|
|
|
# disabled.
|
|
|
|
|
#
|
|
|
|
|
# userinfo_endpoint: the OIDC userinfo endpoint. Required if discovery is
|
|
|
|
|
# disabled and the 'openid' scope is not requested.
|
|
|
|
|
#
|
|
|
|
|
# jwks_uri: URI where to fetch the JWKS. Required if discovery is disabled and
|
|
|
|
|
# the 'openid' scope is used.
|
|
|
|
|
#
|
|
|
|
|
# skip_verification: set to 'true' to skip metadata verification. Use this if
|
|
|
|
|
# you are connecting to a provider that is not OpenID Connect compliant.
|
|
|
|
|
# Defaults to false. Avoid this in production.
|
|
|
|
|
#
|
|
|
|
|
# user_profile_method: Whether to fetch the user profile from the userinfo
|
|
|
|
|
# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
|
|
|
|
|
#
|
|
|
|
|
# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
|
|
|
|
|
# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
|
|
|
|
|
# userinfo endpoint.
|
|
|
|
|
#
|
|
|
|
|
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
|
|
|
|
# match a pre-existing account instead of failing. This could be used if
|
|
|
|
|
# switching from password logins to OIDC. Defaults to false.
|
|
|
|
|
#
|
|
|
|
|
# user_mapping_provider: Configuration for how attributes returned from a OIDC
|
|
|
|
|
# provider are mapped onto a matrix user. This setting has the following
|
|
|
|
|
# sub-properties:
|
|
|
|
|
#
|
|
|
|
|
# module: The class name of a custom mapping module. Default is
|
|
|
|
|
# 'synapse.handlers.oidc.JinjaOidcMappingProvider'.
|
|
|
|
|
# See https://matrix-org.github.io/synapse/latest/sso_mapping_providers.html#openid-mapping-providers
|
|
|
|
|
# for information on implementing a custom mapping provider.
|
|
|
|
|
#
|
|
|
|
|
# config: Configuration for the mapping provider module. This section will
|
|
|
|
|
# be passed as a Python dictionary to the user mapping provider
|
|
|
|
|
# module's `parse_config` method.
|
|
|
|
|
#
|
|
|
|
|
# For the default provider, the following settings are available:
|
|
|
|
|
#
|
|
|
|
|
# subject_claim: name of the claim containing a unique identifier
|
|
|
|
|
# for the user. Defaults to 'sub', which OpenID Connect
|
|
|
|
|
# compliant providers should provide.
|
|
|
|
|
#
|
|
|
|
|
# localpart_template: Jinja2 template for the localpart of the MXID.
|
|
|
|
|
# If this is not set, the user will be prompted to choose their
|
|
|
|
|
# own username (see 'sso_auth_account_details.html' in the 'sso'
|
|
|
|
|
# section of this file).
|
|
|
|
|
#
|
|
|
|
|
# display_name_template: Jinja2 template for the display name to set
|
|
|
|
|
# on first login. If unset, no displayname will be set.
|
|
|
|
|
#
|
|
|
|
|
# email_template: Jinja2 template for the email address of the user.
|
|
|
|
|
# If unset, no email address will be added to the account.
|
|
|
|
|
#
|
|
|
|
|
# extra_attributes: a map of Jinja2 templates for extra attributes
|
|
|
|
|
# to send back to the client during login.
|
|
|
|
|
# Note that these are non-standard and clients will ignore them
|
|
|
|
|
# without modifications.
|
|
|
|
|
#
|
|
|
|
|
# When rendering, the Jinja2 templates are given a 'user' variable,
|
|
|
|
|
# which is set to the claims returned by the UserInfo Endpoint and/or
|
|
|
|
|
# in the ID Token.
|
|
|
|
|
#
|
|
|
|
|
# It is possible to configure Synapse to only allow logins if certain attributes
|
|
|
|
|
# match particular values in the OIDC userinfo. The requirements can be listed under
|
|
|
|
|
# `attribute_requirements` as shown below. All of the listed attributes must
|
|
|
|
|
# match for the login to be permitted. Additional attributes can be added to
|
|
|
|
|
# userinfo by expanding the `scopes` section of the OIDC config to retrieve
|
|
|
|
|
# additional information from the OIDC provider.
|
|
|
|
|
#
|
|
|
|
|
# If the OIDC claim is a list, then the attribute must match any value in the list.
|
|
|
|
|
# Otherwise, it must exactly match the value of the claim. Using the example
|
|
|
|
|
# below, the `family_name` claim MUST be "Stephensson", but the `groups`
|
|
|
|
|
# claim MUST contain "admin".
|
|
|
|
|
#
|
|
|
|
|
# attribute_requirements:
|
|
|
|
|
# - attribute: family_name
|
|
|
|
|
# value: "Stephensson"
|
|
|
|
|
# - attribute: groups
|
|
|
|
|
# value: "admin"
|
|
|
|
|
#
|
|
|
|
|
# See https://matrix-org.github.io/synapse/latest/openid.html
|
|
|
|
|
# for information on how to configure these options.
|
|
|
|
|
#
|
|
|
|
|
# For backwards compatibility, it is also possible to configure a single OIDC
|
|
|
|
|
# provider via an 'oidc_config' setting. This is now deprecated and admins are
|
|
|
|
|
# advised to migrate to the 'oidc_providers' format. (When doing that migration,
|
|
|
|
|
# use 'oidc' for the idp_id to ensure that existing users continue to be
|
|
|
|
|
# recognised.)
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#oidc_providers
|
|
|
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
|
|
|
oidc_providers:
|
|
|
|
|
|
|
|
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
|
|
|
- idp_id: {{ env "KEYCLOAK_ID" }}
|
|
|
|
|
idp_name: {{ env "KEYCLOAK_NAME" }}
|
|
|
|
|
issuer: "{{ env "KEYCLOAK_URL" }}"
|
|
|
|
|
@ -606,7 +186,6 @@ oidc_providers:
|
|
|
|
|
config:
|
|
|
|
|
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
|
|
|
|
display_name_template: "{{ "{{ user.name }}" }}"
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
{{ if eq (env "KEYCLOAK2_ENABLED") "1" }}
|
|
|
|
|
- idp_id: {{ env "KEYCLOAK2_ID" }}
|
|
|
|
|
@ -635,145 +214,68 @@ oidc_providers:
|
|
|
|
|
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
|
|
|
|
display_name_template: "{{ "{{ user.name }}" }}"
|
|
|
|
|
{{ end }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
# Additional settings to use with single-sign on systems such as OpenID Connect,
|
|
|
|
|
# SAML2 and CAS.
|
|
|
|
|
#
|
|
|
|
|
# Server admins can configure custom templates for pages related to SSO. See
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/templates.html for more information.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#sso
|
|
|
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
|
|
|
sso:
|
|
|
|
|
# A list of client URLs which are whitelisted so that the user does not
|
|
|
|
|
# have to confirm giving access to their account to the URL. Any client
|
|
|
|
|
# whose URL starts with an entry in the following list will not be subject
|
|
|
|
|
# to an additional confirmation step after the SSO login is completed.
|
|
|
|
|
#
|
|
|
|
|
# WARNING: An entry such as "https://my.client" is insecure, because it
|
|
|
|
|
# will also match "https://my.client.evil.site", exposing your users to
|
|
|
|
|
# phishing attacks from evil.site. To avoid this, include a slash after the
|
|
|
|
|
# hostname: "https://my.client/".
|
|
|
|
|
#
|
|
|
|
|
# The login fallback page (used by clients that don't natively support the
|
|
|
|
|
# required login flows) is whitelisted in addition to any URLs in this list.
|
|
|
|
|
#
|
|
|
|
|
# By default, this list contains only the login fallback page.
|
|
|
|
|
#
|
|
|
|
|
#client_whitelist:
|
|
|
|
|
# - https://riot.im/develop
|
|
|
|
|
# - https://my.custom.client/
|
|
|
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
|
|
|
client_whitelist:
|
|
|
|
|
- https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
client_whitelist:
|
|
|
|
|
- https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
|
|
|
|
|
password_config:
|
|
|
|
|
# Uncomment to disable password login
|
|
|
|
|
#
|
|
|
|
|
enabled: {{ env "PASSWORD_LOGIN_ENABLED" }}
|
|
|
|
|
|
|
|
|
|
# Configuration for sending emails from Synapse.
|
|
|
|
|
#
|
|
|
|
|
# Server admins can configure custom templates for email content. See
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/templates.html for more information.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email
|
|
|
|
|
{{ if eq (env "SMTP_ENABLED") "1" }}
|
|
|
|
|
email:
|
|
|
|
|
{{ if eq (env "SMTP_ENABLED") "1" }}
|
|
|
|
|
# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
|
|
|
|
#
|
|
|
|
|
smtp_host: {{ env "SMTP_HOST" }}
|
|
|
|
|
|
|
|
|
|
# The port on the mail server for outgoing SMTP. Defaults to 25.
|
|
|
|
|
#
|
|
|
|
|
smtp_port: {{ env "SMTP_PORT" }}
|
|
|
|
|
|
|
|
|
|
# Username/password for authentication to the SMTP server. By default, no
|
|
|
|
|
# authentication is attempted.
|
|
|
|
|
#
|
|
|
|
|
smtp_user: {{ env "SMTP_USER" }}
|
|
|
|
|
smtp_pass: "{{ secret "smtp_password" }}"
|
|
|
|
|
|
|
|
|
|
# Uncomment the following to require TLS transport security for SMTP.
|
|
|
|
|
# By default, Synapse will connect over plain text, and will then switch to
|
|
|
|
|
# TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
|
|
|
|
|
# Synapse will refuse to connect unless the server supports STARTTLS.
|
|
|
|
|
#
|
|
|
|
|
require_transport_security: true
|
|
|
|
|
|
|
|
|
|
# notif_from defines the "From" address to use when sending emails.
|
|
|
|
|
# It must be set if email sending is enabled.
|
|
|
|
|
#
|
|
|
|
|
# The placeholder '%(app)s' will be replaced by the application name,
|
|
|
|
|
# which is normally 'app_name' (below), but may be overridden by the
|
|
|
|
|
# Matrix client application.
|
|
|
|
|
#
|
|
|
|
|
# Note that the placeholder must be written '%(app)s', including the
|
|
|
|
|
# trailing 's'.
|
|
|
|
|
#
|
|
|
|
|
notif_from: Your Friendly %(app)s homeserver <{{ env "SMTP_FROM" }}>
|
|
|
|
|
|
|
|
|
|
# app_name defines the default value for '%(app)s' in notif_from and email
|
|
|
|
|
# subjects. It defaults to 'Matrix'.
|
|
|
|
|
#
|
|
|
|
|
app_name: {{ env "SMTP_APP_NAME" }}
|
|
|
|
|
|
|
|
|
|
# Uncomment the following to enable sending emails for messages that the user
|
|
|
|
|
# has missed. Disabled by default.
|
|
|
|
|
#
|
|
|
|
|
enable_notifs: true
|
|
|
|
|
|
|
|
|
|
# Custom URL for client links within the email notifications. By default
|
|
|
|
|
# links will be based on "https://matrix.to".
|
|
|
|
|
#
|
|
|
|
|
# (This setting used to be called riot_base_url; the old name is still
|
|
|
|
|
# supported for backwards-compatibility but is now deprecated.)
|
|
|
|
|
#
|
|
|
|
|
client_base_url: https://{{ env "DOMAIN" }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
## Rooms ##
|
|
|
|
|
|
|
|
|
|
# Controls whether locally-created rooms should be end-to-end encrypted by
|
|
|
|
|
# default.
|
|
|
|
|
#
|
|
|
|
|
# Possible options are "all", "invite", and "off". They are defined as:
|
|
|
|
|
#
|
|
|
|
|
# * "all": any locally-created room
|
|
|
|
|
# * "invite": any room created with the "private_chat" or "trusted_private_chat"
|
|
|
|
|
# room creation presets
|
|
|
|
|
# * "off": this option will take no effect
|
|
|
|
|
#
|
|
|
|
|
# The default value is "off".
|
|
|
|
|
#
|
|
|
|
|
# Note that this option will only affect rooms created after it is set. It
|
|
|
|
|
# will also not affect rooms created by other servers.
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#encryption_enabled_by_default_for_room_type
|
|
|
|
|
encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}
|
|
|
|
|
|
|
|
|
|
# User Directory configuration
|
|
|
|
|
#
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_directory
|
|
|
|
|
user_directory:
|
|
|
|
|
# Defines whether to search all users visible to your HS when searching
|
|
|
|
|
# the user directory. If false, search results will only contain users
|
|
|
|
|
# visible in public rooms and users sharing a room with the requester.
|
|
|
|
|
# Defaults to false.
|
|
|
|
|
#
|
|
|
|
|
# NB. If you set this to true, and the last time the user_directory search
|
|
|
|
|
# indexes were (re)built was before Synapse 1.44, you'll have to
|
|
|
|
|
# rebuild the indexes in order to search through all known users.
|
|
|
|
|
# These indexes are built the first time Synapse starts; admins can
|
|
|
|
|
# manually trigger a rebuild via API following the instructions at
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run
|
|
|
|
|
#
|
|
|
|
|
# Uncomment to return search results containing all known users, even if that
|
|
|
|
|
# user does not share a room with the requester.
|
|
|
|
|
#
|
|
|
|
|
search_all_users: true
|
|
|
|
|
enabled: true
|
|
|
|
|
search_all_users: true
|
|
|
|
|
prefer_local_users: true
|
|
|
|
|
|
|
|
|
|
## Media retention ##
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
# since https://github.com/matrix-org/synapse/releases/tag/v1.61.0
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_retention
|
|
|
|
|
media_retention:
|
|
|
|
|
local_media_lifetime: {{ env "MEDIA_RETENTION_LOCAL_LIFETIME" }}
|
|
|
|
|
remote_media_lifetime: {{ env "MEDIA_RETENTION_REMOTE_LIFETIME" }}
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_metrics
|
|
|
|
|
enable_metrics: false
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#track_appservice_user_ips
|
|
|
|
|
track_appservice_user_ips: false
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forget_rooms_on_leave
|
|
|
|
|
forget_rooms_on_leave: true
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#opentracing-1
|
|
|
|
|
opentracing:
|
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/develop/usage/configuration/config_documentation.html#ratelimiting
|
|
|
|
|
rc_login:
|
|
|
|
|
address:
|
|
|
|
|
per_second: {{ env "LOGIN_LIMIT_IP_PER_SECOND" }}
|
|
|
|
|
burst_count: {{ env "LOGIN_LIMIT_IP_BURST" }}
|
|
|
|
|
account:
|
|
|
|
|
per_second: {{ env "LOGIN_LIMIT_ACCOUNT_PER_SECOND" }}
|
|
|
|
|
burst_count: {{ env "LOGIN_LIMIT_ACCOUNT_BURST" }}
|
|
|
|
|
|
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#web_client_location
|
|
|
|
|
web_client_location: {{ env "WEB_CLIENT_LOCATION" }}
|
|
|
|
|
|
