TYPE=matrix-synapse DOMAIN=matrix-synapse.example.com TIMEOUT=300 ENABLE_AUTO_UPDATE=true LETS_ENCRYPT_ENV=production COMPOSE_FILE="compose.yml" # POST_DEPLOY_CMDS="db set_admin" ## Admin details ADMIN_EMAIL=admin@example.com ## Secrets SECRET_DB_PASSWORD_VERSION=v1 SECRET_FORM_SECRET_VERSION=v1 SECRET_MACAROON_VERSION=v1 SECRET_REGISTRATION_VERSION=v1 ## Federation #DISABLE_FEDERATION=1 # Set "true" to enable federation endpoint on $DOMAIN/.well-known/matrix/server SERVE_SERVER_WELLKNOWN=false ALLOW_PUBLIC_ROOMS_FEDERATION=false ## Registration ENABLE_REGISTRATION=false PASSWORD_LOGIN_ENABLED=true ## Room auto-join #AUTO_JOIN_ROOM_ENABLED=1 #AUTO_JOIN_ROOM="#example:example.com" ## Logging # for the homserver SQL_LOG_LEVEL=WARN ROOT_LOG_LEVEL=WARN # for nginx NGINX_ACCESS_LOG_LOCATION="/dev/null" NGINX_ERROR_LOG_LOCATION="/dev/null" # Comment the previous two lines and uncomment these to enable logging #NGINX_ACCESS_LOG_LOCATION="/dev/stdout" #NGINX_ERROR_LOG_LOCATION="/dev/stderr" ## Privacy ENABLE_3PID_LOOKUP=true USER_IPS_MAX_AGE=1d ENCRYPTED_BY_DEFAULT=all #ENABLE_ALLOWLIST=1 #FEDERATION_ALLOWLIST="[]" # Set these to keyservers you trust - usually the same as your federation allowlist #TRUSTED_KEYSERVERS="trusted_key_servers:\n - server_name: 'example.com'\n - server_name: 'example2.com'" ## Retention ALLOWED_LIFETIME_MAX=4w REDACTION_RETENTION_PERIOD=7d RETENTION_MAX_LIFETIME=4w #MEDIA_RETENTION_LOCAL_LIFETIME=30d #MEDIA_RETENTION_REMOTE_LIFETIME=14d ## Ratelimit #LOGIN_LIMIT_IP_PER_SECOND=5 #LOGIN_LIMIT_IP_BURST=15 #LOGIN_LIMIT_ACCOUNT_PER_SECOND=1 #LOGIN_LIMIT_ACCOUNT_BURST=10 ## Keycloak SSO #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml" #KEYCLOAK_ENABLED=1 #KEYCLOAK_ID=keycloak #KEYCLOAK_NAME= #KEYCLOAK_URL= #KEYCLOAK_CLIENT_ID= #KEYCLOAK_CLIENT_DOMAIN= #KEYCLOAK_ALLOW_EXISTING_USERS=false #SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1 ## TURN #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak3.yml" #KEYCLOAK3_ENABLED=1 #KEYCLOAK3_ID=keycloak3 #KEYCLOAK3_NAME= #KEYCLOAK3_URL= #KEYCLOAK3_CLIENT_ID= #KEYCLOAK3_CLIENT_DOMAIN= #KEYCLOAK3_ALLOW_EXISTING_USERS=false #SECRET_KEYCLOAK3_CLIENT_SECRET_VERSION=v1 #COMPOSE_FILE="$COMPOSE_FILE:compose.turn.yml" #TURN_ENABLED=1 #TURN_URIS="[\"turns:coturn.foo.zone?transport=udp\", \"turns:coturn.foo.zone?transport=tcp\"]" #TURN_ALLOW_GUESTS=true #SECRET_TURN_SHARED_SECRET_VERSION=v1 ## SMTP #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml" #SMTP_ENABLED=1 #SMTP_APP_NAME= #SMTP_FROM= #SMTP_HOST= #SMTP_PORT= #SMTP_USER= #SECRET_SMTP_PASSWORD_VERSION=v1 ## App services #APP_SERVICES_ENABLED=1 #APP_SERVICE_CONFIGS="[\"...\"]" ## Telegram bridge #COMPOSE_FILE="$COMPOSE_FILE:compose.telegram.yml" #APP_SERVICE_BOT_USERNAME=telegrambot #APP_SERVICE_DISPLAY_NAME="Telegram bridge bot" #APP_SERVICE_ID= #HOMESERVER_DOMAIN=$DOMAIN #HOMESERVER_URL=https://$DOMAIN #VERIFY_SSL=false #ENABLE_ENCRYPTION=true #TELEGRAM_APP_ID= #TELEGRAM_BRIDGE_PERMISSIONS="{ \"*\": \"relaybot\", \"@foo:matrix.example.com\": \"admin\" }" #TELEGRAM_SYNC_CHANNEL_MEMBERS=true #SECRET_TELEGRAM_DB_PASSWORD_VERSION=v1 #SECRET_TELEGRAM_API_HASH_VERSION=v1 #SECRET_TELEGRAM_BOT_TOKEN_VERSION=v1 #SECRET_TELEGRAM_AS_TOKEN_VERSION=v1 #SECRET_TELEGRAM_HS_TOKEN_VERSION=v1 ## Discord bridge #COMPOSE_FILE="$COMPOSE_FILE:compose.discord.yml" #DISCORD_CLIENT_ID= #DISCORD_BRIDGE_ADMIN= #SECRET_DISCORD_BOT_TOKEN_VERSION=v1 #SECRET_DISCORD_DB_PASSWORD_VERSION=v1 ## Signal bridge #COMPOSE_FILE="$COMPOSE_FILE:compose.signal.yml" #SIGNAL_ENABLE_ENCRYPTION=true #SIGNAL_BRIDGE_PERMISSIONS="{ \"*\": \"relay\" }" #SECRET_SIGNAL_AS_TOKEN_VERSION=v1 #SECRET_SIGNAL_DB_PASSWORD_VERSION=v1 #SECRET_SIGNAL_HS_TOKEN_VERSION=v1 ## Shared auth #COMPOSE_FILE="$COMPOSE_FILE:compose.shared_secret_auth.yml" #SHARED_SECRET_AUTH_ENABLED=1 #SECRET_SHARED_SECRET_AUTH_VERSION=v1 # length=128