# All configuration options are documented on the following link: # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html {{ if eq (env "SHARED_SECRET_AUTH_ENABLED") "1" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#modules-1 modules: - module: shared_secret_authenticator.SharedSecretAuthProvider config: shared_secret: {{ secret "shared_secret_auth" }} m_login_password_support_enabled: true {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#server_name server_name: {{ or (env "SERVER_NAME") (env "DOMAIN") }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#public_baseurl public_baseurl: https://{{ env "DOMAIN" }}/ # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#serve_server_wellknown serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_without_auth allow_public_rooms_without_auth: false # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_over_federation allow_public_rooms_over_federation: {{ or (env "ALLOW_PUBLIC_ROOMS_FEDERATION") "true" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#listeners listeners: - port: 8008 tls: false type: http x_forwarded: true {{ if eq (env "DISABLE_FEDERATION") "1" }} resources: {{ if eq (env "KEYCLOAK_ENABLED") "1" }} - names: [client, openid] compress: true {{ else }} - names: [client] compress: true {{ end }} {{ else }} resources: {{ if eq (env "KEYCLOAK_ENABLED") "1" }} - names: [client, openid, federation] compress: true {{ else }} - names: [client, federation] compress: true {{ end }} {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#admin_contact admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}' # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_remote_rooms limit_remote_rooms: enabled: true complexity: 200.0 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_avatar_size max_avatar_size: 10M # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forgotten_room_retention_period forgotten_room_retention_period: 3d # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#request_token_inhibit_3pid_errors request_token_inhibit_3pid_errors: true # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#redaction_retention_period redaction_retention_period: {{ env "REDACTION_RETENTION_PERIOD" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_ips_max_age user_ips_max_age: {{ env "USER_IPS_MAX_AGE" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#retention retention: enabled: true default_policy: min_lifetime: 1d max_lifetime: {{ env "RETENTION_MAX_LIFETIME" }} allowed_lifetime_min: 1d allowed_lifetime_max: {{ env "ALLOWED_LIFETIME_MAX" }} purge_jobs: - longest_max_lifetime: 3d interval: 12h - shortest_max_lifetime: 3d interval: 1d # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist {{ if eq (env "DISABLE_FEDERATION") "1" }} federation_domain_whitelist: [] {{ else if eq (env "ENABLE_ALLOWLIST") "1" }} federation_domain_whitelist: {{ env "FEDERATION_ALLOWLIST" }} {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#database-1 database: name: psycopg2 txn_limit: 10000 args: user: synapse password: "{{ secret "db_password" }}" database: synapse host: "{{ env "STACK_NAME" }}_db" port: 5432 cp_min: 5 cp_max: 10 keepalives_idle: 10 keepalives_interval: 10 keepalives_count: 3 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#log_config log_config: "/data/log.config" # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_store_path media_store_path: "/data/media_store" # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_upload_size max_upload_size: 50M # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#turn {{ if eq (env "TURN_ENABLED") "1" }} turn_uris: {{ env "TURN_URIS" }} turn_shared_secret: "{{ secret "turn_shared_secret" }}" turn_user_lifetime: 1h turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }} {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_registration enable_registration: {{ env "ENABLE_REGISTRATION" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_3pid_lookup enable_3pid_lookup: {{ env "ENABLE_3PID_LOOKUP" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_guest_access allow_guest_access: false # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_shared_secret registration_shared_secret: {{ secret "registration" }} {{ if eq (env "AUTO_JOIN_ROOM_ENABLED") "1" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#auto_join_rooms auto_join_rooms: - "{{ env "AUTO_JOIN_ROOM" }}" {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#report_stats report_stats: false {{ if eq (env "APP_SERVICES_ENABLED") "1" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#app_service_config_files app_service_config_files: {{ env "APP_SERVICE_CONFIGS" }} {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#macaroon_secret_key macaroon_secret_key: "{{ secret "macaroon" }}" # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#form_secret form_secret: "{{ secret "form_secret" }}" # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#signing_key_path signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key" # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers {{ if eq (env "ENABLE_ALLOWLIST") "1" }} trusted_key_servers: [] # NOTE(d1): defaults to requesting server directly, which matches FEDERATION_ALLOWLIST {{ else }} trusted_key_servers: - server_name: "matrix.org" {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#oidc_providers {{ if eq (env "KEYCLOAK_ENABLED") "1" }} oidc_providers: - idp_id: {{ env "KEYCLOAK_ID" }} idp_name: {{ env "KEYCLOAK_NAME" }} issuer: "{{ env "KEYCLOAK_URL" }}" client_id: "{{ env "KEYCLOAK_CLIENT_ID" }}" client_secret: "{{ secret "keycloak_client_secret" }}" scopes: ["openid", "profile"] allow_existing_users: {{ env "KEYCLOAK_ALLOW_EXISTING_USERS" }} user_mapping_provider: config: localpart_template: "{{ "{{ user.preferred_username }}" }}" display_name_template: "{{ "{{ user.name }}" }}" {{ if eq (env "KEYCLOAK2_ENABLED") "1" }} - idp_id: {{ env "KEYCLOAK2_ID" }} idp_name: {{ env "KEYCLOAK2_NAME" }} issuer: "{{ env "KEYCLOAK2_URL" }}" client_id: "{{ env "KEYCLOAK2_CLIENT_ID" }}" client_secret: "{{ secret "keycloak2_client_secret" }}" scopes: ["openid", "profile"] allow_existing_users: {{ env "KEYCLOAK2_ALLOW_EXISTING_USERS" }} user_mapping_provider: config: localpart_template: "{{ "{{ user.preferred_username }}" }}" display_name_template: "{{ "{{ user.name }}" }}" {{ end }} {{ if eq (env "KEYCLOAK3_ENABLED") "1" }} - idp_id: {{ env "KEYCLOAK3_ID" }} idp_name: {{ env "KEYCLOAK3_NAME" }} issuer: "{{ env "KEYCLOAK3_URL" }}" client_id: "{{ env "KEYCLOAK3_CLIENT_ID" }}" client_secret: "{{ secret "keycloak3_client_secret" }}" scopes: ["openid", "profile"] allow_existing_users: {{ env "KEYCLOAK3_ALLOW_EXISTING_USERS" }} user_mapping_provider: config: localpart_template: "{{ "{{ user.preferred_username }}" }}" display_name_template: "{{ "{{ user.name }}" }}" {{ end }} {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#sso {{ if eq (env "KEYCLOAK_ENABLED") "1" }} sso: client_whitelist: - https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }} {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config password_config: enabled: {{ env "PASSWORD_LOGIN_ENABLED" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email {{ if eq (env "SMTP_ENABLED") "1" }} email: smtp_host: {{ env "SMTP_HOST" }} smtp_port: {{ env "SMTP_PORT" }} smtp_user: {{ env "SMTP_USER" }} smtp_pass: "{{ secret "smtp_password" }}" require_transport_security: true notif_from: Your Friendly %(app)s homeserver <{{ env "SMTP_FROM" }}> app_name: {{ env "SMTP_APP_NAME" }} enable_notifs: true client_base_url: https://{{ env "DOMAIN" }} {{ end }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#encryption_enabled_by_default_for_room_type encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_directory user_directory: enabled: true search_all_users: true prefer_local_users: true # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_retention media_retention: local_media_lifetime: {{ env "MEDIA_RETENTION_LOCAL_LIFETIME" }} remote_media_lifetime: {{ env "MEDIA_RETENTION_REMOTE_LIFETIME" }} # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_metrics enable_metrics: false # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#track_appservice_user_ips track_appservice_user_ips: false # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forget_rooms_on_leave forget_rooms_on_leave: true # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#opentracing-1 opentracing: enabled: false # https://matrix-org.github.io/synapse/develop/usage/configuration/config_documentation.html#ratelimiting rc_login: address: per_second: {{ env "LOGIN_LIMIT_IP_PER_SECOND" }} burst_count: {{ env "LOGIN_LIMIT_IP_BURST" }} account: per_second: {{ env "LOGIN_LIMIT_ACCOUNT_PER_SECOND" }} burst_count: {{ env "LOGIN_LIMIT_ACCOUNT_BURST" }}