270 lines
11 KiB
Cheetah
270 lines
11 KiB
Cheetah
# All configuration options are documented on the following link:
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
|
|
|
{{ if eq (env "SHARED_SECRET_AUTH_ENABLED") "1" }}
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#modules-1
|
|
modules:
|
|
- module: shared_secret_authenticator.SharedSecretAuthProvider
|
|
config:
|
|
shared_secret: {{ secret "shared_secret_auth" }}
|
|
m_login_password_support_enabled: true
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#server_name
|
|
server_name: {{ or (env "SERVER_NAME") (env "DOMAIN") }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#public_baseurl
|
|
public_baseurl: https://{{ env "DOMAIN" }}/
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#serve_server_wellknown
|
|
serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_without_auth
|
|
allow_public_rooms_without_auth: false
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_public_rooms_over_federation
|
|
allow_public_rooms_over_federation: {{ env "ALLOW_PUBLIC_ROOMS_FEDERATION" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#listeners
|
|
listeners:
|
|
- port: 8008
|
|
tls: false
|
|
type: http
|
|
x_forwarded: true
|
|
|
|
{{ if eq (env "DISABLE_FEDERATION") "1" }}
|
|
resources:
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
- names: [client, openid]
|
|
compress: true
|
|
{{ else }}
|
|
- names: [client]
|
|
compress: true
|
|
{{ end }}
|
|
{{ else }}
|
|
resources:
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
- names: [client, openid, federation]
|
|
compress: true
|
|
{{ else }}
|
|
- names: [client, federation]
|
|
compress: true
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#admin_contact
|
|
admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}'
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_remote_rooms
|
|
limit_remote_rooms:
|
|
enabled: true
|
|
complexity: 200.0
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_avatar_size
|
|
max_avatar_size: 10M
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forgotten_room_retention_period
|
|
forgotten_room_retention_period: 3d
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#request_token_inhibit_3pid_errors
|
|
request_token_inhibit_3pid_errors: true
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#redaction_retention_period
|
|
redaction_retention_period: {{ env "REDACTION_RETENTION_PERIOD" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_ips_max_age
|
|
user_ips_max_age: {{ env "USER_IPS_MAX_AGE" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#retention
|
|
retention:
|
|
enabled: true
|
|
default_policy:
|
|
min_lifetime: 1d
|
|
max_lifetime: {{ env "RETENTION_MAX_LIFETIME" }}
|
|
allowed_lifetime_min: 1d
|
|
allowed_lifetime_max: {{ env "ALLOWED_LIFETIME_MAX" }}
|
|
purge_jobs:
|
|
- longest_max_lifetime: 3d
|
|
interval: 12h
|
|
- shortest_max_lifetime: 3d
|
|
interval: 1d
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist
|
|
{{ if eq (env "DISABLE_FEDERATION") "1" }}
|
|
federation_domain_whitelist: []
|
|
{{ else if eq (env "ENABLE_ALLOWLIST") "1" }}
|
|
federation_domain_whitelist: {{ env "FEDERATION_ALLOWLIST" }}
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#database-1
|
|
database:
|
|
name: psycopg2
|
|
txn_limit: 10000
|
|
args:
|
|
user: synapse
|
|
password: "{{ secret "db_password" }}"
|
|
database: synapse
|
|
host: "{{ env "STACK_NAME" }}_db"
|
|
port: 5432
|
|
cp_min: 5
|
|
cp_max: 10
|
|
keepalives_idle: 10
|
|
keepalives_interval: 10
|
|
keepalives_count: 3
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#log_config
|
|
log_config: "/data/log.config"
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_store_path
|
|
media_store_path: "/data/media_store"
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_upload_size
|
|
max_upload_size: 50M
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#turn
|
|
{{ if eq (env "TURN_ENABLED") "1" }}
|
|
turn_uris: {{ env "TURN_URIS" }}
|
|
turn_shared_secret: "{{ secret "turn_shared_secret" }}"
|
|
turn_user_lifetime: 1h
|
|
turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_registration
|
|
enable_registration: {{ env "ENABLE_REGISTRATION" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_3pid_lookup
|
|
enable_3pid_lookup: {{ env "ENABLE_3PID_LOOKUP" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#allow_guest_access
|
|
allow_guest_access: false
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_shared_secret
|
|
registration_shared_secret: {{ secret "registration" }}
|
|
|
|
{{ if eq (env "AUTO_JOIN_ROOM_ENABLED") "1" }}
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#auto_join_rooms
|
|
auto_join_rooms:
|
|
- "{{ env "AUTO_JOIN_ROOM" }}"
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#report_stats
|
|
report_stats: false
|
|
|
|
{{ if eq (env "APP_SERVICES_ENABLED") "1" }}
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#app_service_config_files
|
|
app_service_config_files: {{ env "APP_SERVICE_CONFIGS" }}
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#macaroon_secret_key
|
|
macaroon_secret_key: "{{ secret "macaroon" }}"
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#form_secret
|
|
form_secret: "{{ secret "form_secret" }}"
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#signing_key_path
|
|
signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key"
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers
|
|
{{ if eq (env "ENABLE_ALLOWLIST") "1" }}
|
|
trusted_key_servers: [] # NOTE(d1): defaults to requesting server directly, which matches FEDERATION_ALLOWLIST
|
|
{{ else }}
|
|
trusted_key_servers:
|
|
- server_name: "matrix.org"
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#oidc_providers
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
oidc_providers:
|
|
- idp_id: {{ env "KEYCLOAK_ID" }}
|
|
idp_name: {{ env "KEYCLOAK_NAME" }}
|
|
issuer: "{{ env "KEYCLOAK_URL" }}"
|
|
client_id: "{{ env "KEYCLOAK_CLIENT_ID" }}"
|
|
client_secret: "{{ secret "keycloak_client_secret" }}"
|
|
scopes: ["openid", "profile"]
|
|
allow_existing_users: {{ env "KEYCLOAK_ALLOW_EXISTING_USERS" }}
|
|
user_mapping_provider:
|
|
config:
|
|
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
|
display_name_template: "{{ "{{ user.name }}" }}"
|
|
|
|
{{ if eq (env "KEYCLOAK2_ENABLED") "1" }}
|
|
- idp_id: {{ env "KEYCLOAK2_ID" }}
|
|
idp_name: {{ env "KEYCLOAK2_NAME" }}
|
|
issuer: "{{ env "KEYCLOAK2_URL" }}"
|
|
client_id: "{{ env "KEYCLOAK2_CLIENT_ID" }}"
|
|
client_secret: "{{ secret "keycloak2_client_secret" }}"
|
|
scopes: ["openid", "profile"]
|
|
allow_existing_users: {{ env "KEYCLOAK2_ALLOW_EXISTING_USERS" }}
|
|
user_mapping_provider:
|
|
config:
|
|
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
|
display_name_template: "{{ "{{ user.name }}" }}"
|
|
{{ end }}
|
|
|
|
{{ if eq (env "KEYCLOAK3_ENABLED") "1" }}
|
|
- idp_id: {{ env "KEYCLOAK3_ID" }}
|
|
idp_name: {{ env "KEYCLOAK3_NAME" }}
|
|
issuer: "{{ env "KEYCLOAK3_URL" }}"
|
|
client_id: "{{ env "KEYCLOAK3_CLIENT_ID" }}"
|
|
client_secret: "{{ secret "keycloak3_client_secret" }}"
|
|
scopes: ["openid", "profile"]
|
|
allow_existing_users: {{ env "KEYCLOAK3_ALLOW_EXISTING_USERS" }}
|
|
user_mapping_provider:
|
|
config:
|
|
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
|
display_name_template: "{{ "{{ user.name }}" }}"
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#sso
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
sso:
|
|
client_whitelist:
|
|
- https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }}
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
|
|
password_config:
|
|
enabled: {{ env "PASSWORD_LOGIN_ENABLED" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email
|
|
{{ if eq (env "SMTP_ENABLED") "1" }}
|
|
email:
|
|
smtp_host: {{ env "SMTP_HOST" }}
|
|
smtp_port: {{ env "SMTP_PORT" }}
|
|
smtp_user: {{ env "SMTP_USER" }}
|
|
smtp_pass: "{{ secret "smtp_password" }}"
|
|
require_transport_security: true
|
|
notif_from: Your Friendly %(app)s homeserver <{{ env "SMTP_FROM" }}>
|
|
app_name: {{ env "SMTP_APP_NAME" }}
|
|
enable_notifs: true
|
|
client_base_url: https://{{ env "DOMAIN" }}
|
|
{{ end }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#encryption_enabled_by_default_for_room_type
|
|
encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_directory
|
|
user_directory:
|
|
enabled: true
|
|
search_all_users: true
|
|
prefer_local_users: true
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_retention
|
|
media_retention:
|
|
local_media_lifetime: {{ env "MEDIA_RETENTION_LOCAL_LIFETIME" }}
|
|
remote_media_lifetime: {{ env "MEDIA_RETENTION_REMOTE_LIFETIME" }}
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_metrics
|
|
enable_metrics: false
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#track_appservice_user_ips
|
|
track_appservice_user_ips: false
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#forget_rooms_on_leave
|
|
forget_rooms_on_leave: true
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#opentracing-1
|
|
opentracing:
|
|
enabled: false
|