2022-11-12 14:24:54 +01:00
|
|
|
# Configuration file for Synapse.
|
|
|
|
#
|
|
|
|
# This is a YAML file: see [1] for a quick introduction. Note in particular
|
|
|
|
# that *indentation is important*: all the elements of a list or dictionary
|
|
|
|
# should have the same indentation.
|
|
|
|
#
|
|
|
|
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
|
|
|
#
|
|
|
|
# For more information on how to configure Synapse, including a complete accounting of
|
|
|
|
# each option, go to docs/usage/configuration/config_documentation.md or
|
|
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
2022-12-02 04:05:41 +01:00
|
|
|
server_name: "{{ matrix.baseurl }}"
|
2022-11-12 14:24:54 +01:00
|
|
|
pid_file: /data/homeserver.pid
|
2023-04-16 16:10:44 +02:00
|
|
|
enable_metrics: true
|
2022-11-12 14:24:54 +01:00
|
|
|
listeners:
|
|
|
|
- port: 8008
|
|
|
|
tls: false
|
|
|
|
type: http
|
|
|
|
x_forwarded: true
|
|
|
|
resources:
|
|
|
|
- names: [client, federation]
|
|
|
|
compress: false
|
2023-04-16 16:10:44 +02:00
|
|
|
- port: 9091
|
|
|
|
tls: false
|
|
|
|
type: metrics
|
2022-11-12 14:24:54 +01:00
|
|
|
database:
|
|
|
|
name: psycopg2
|
|
|
|
args:
|
|
|
|
user: {{ matrix.db.user }}
|
|
|
|
password: {{ matrix.db.password }}
|
|
|
|
database: {{ matrix.db.database }}
|
|
|
|
host: db
|
|
|
|
cp_min: 5
|
|
|
|
cp_max: 10
|
|
|
|
log_config: "/config/tobiasmanske.de.log.config"
|
|
|
|
media_store_path: /data/media_store
|
|
|
|
report_stats: true
|
|
|
|
macaroon_secret_key: "{{ matrix.secrets.macaroon }}"
|
|
|
|
form_secret: "{{ matrix.secrets.form }}"
|
|
|
|
signing_key_path: "/config/tobiasmanske.de.signing.key"
|
|
|
|
trusted_key_servers:
|
|
|
|
- server_name: "matrix.org"
|
|
|
|
oidc_providers:
|
|
|
|
- idp_id: keycloak
|
|
|
|
idp_name: "KeyCloak"
|
|
|
|
issuer: "{{ matrix.oidc.issuer }}"
|
|
|
|
client_id: "{{ matrix.oidc.client_id }}"
|
|
|
|
client_secret: "{{ matrix.oidc.client_secret }}"
|
|
|
|
scopes: ["openid", "profile"]
|
|
|
|
user_mapping_provider:
|
|
|
|
config:
|
|
|
|
{% raw %}
|
2022-12-02 04:05:41 +01:00
|
|
|
localpart_template: "{{ user.mx_localpart }}"
|
2022-11-12 14:24:54 +01:00
|
|
|
display_name_template: "{{ user.name }}"
|
|
|
|
{% endraw %}
|
|
|
|
backchannel_logout_enabled: true # Optional
|
|
|
|
|
2023-03-13 22:40:10 +01:00
|
|
|
enable_registration: true
|
|
|
|
registration_requires_token: true
|
|
|
|
registration_shared_secret: "{{ matrix.secrets.registration }}"
|
2022-11-12 14:24:54 +01:00
|
|
|
password_config:
|
2022-12-02 04:05:41 +01:00
|
|
|
enabled: true
|
2022-11-12 14:24:54 +01:00
|
|
|
|
|
|
|
redis:
|
|
|
|
enabled: true
|
|
|
|
host: redis
|
|
|
|
port: 6379
|
|
|
|
|
2022-12-02 04:05:41 +01:00
|
|
|
app_service_config_files:
|
|
|
|
- /data/reg-mautrix-tg.yaml
|
|
|
|
- /data/reg-mautrix-slack.yaml
|
2023-04-04 17:37:39 +02:00
|
|
|
- /data/reg-mautrix-signal.yaml
|
2022-12-02 04:05:41 +01:00
|
|
|
|
|
|
|
rc_message:
|
|
|
|
per_second: 100
|
|
|
|
burst_count: 100
|
|
|
|
rc_joins:
|
|
|
|
local:
|
|
|
|
per_second: 100
|
|
|
|
burst_count: 100
|
2024-01-09 23:31:44 +01:00
|
|
|
rc_login:
|
|
|
|
address:
|
|
|
|
per_second: 1000
|
|
|
|
burst_count: 1000
|
2023-03-05 05:10:52 +01:00
|
|
|
server_notices:
|
|
|
|
system_mxid_localpart: "server"
|
|
|
|
system_mxid_display_name: "Server Notices"
|
|
|
|
system_mxid_avatar_url: "mxc://unruhig.eu/khyOCChmyYSOsIFIbUWGGEWq"
|
|
|
|
room_name: "Server Notices"
|
2022-12-02 04:05:41 +01:00
|
|
|
|
|
|
|
modules:
|
|
|
|
- module: shared_secret_authenticator.SharedSecretAuthProvider
|
|
|
|
config:
|
|
|
|
shared_secret: "{{ matrix.authenticator.shared_secret }}"
|
|
|
|
|
|
|
|
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
|
|
|
|
# Below, we explicitly enable support for the old `m.login.password` login type,
|
|
|
|
# which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software.
|
|
|
|
# If you don't need such legacy support, consider setting this to `false` or omitting it entirely.
|
|
|
|
m_login_password_support_enabled: true
|
|
|
|
|
|
|
|
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
|
|
|
|
# Advertising support for such an authentication type causes a problem with Element, however.
|
|
|
|
# See: https://github.com/vector-im/element-web/issues/19605
|
|
|
|
#
|
|
|
|
# Uncomment the line below to disable `com.devture.shared_secret_auth` support.
|
|
|
|
# You will then need to:
|
|
|
|
# - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type
|
|
|
|
# - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests
|
|
|
|
# com_devture_shared_secret_auth_support_enabled: false
|
|
|
|
|
2023-03-05 06:21:58 +01:00
|
|
|
media_storage_providers:
|
|
|
|
- module: s3_storage_provider.S3StorageProviderBackend
|
|
|
|
store_local: True
|
|
|
|
store_remote: True
|
|
|
|
store_synchronous: True
|
|
|
|
config:
|
|
|
|
bucket: "{{ matrix.storage.s3.bucket }}"
|
|
|
|
# All of the below options are optional, for use with non-AWS S3-like
|
|
|
|
# services, or to specify access tokens here instead of some external method.
|
|
|
|
endpoint_url: "{{ matrix.storage.s3.endpoint_url }}"
|
|
|
|
access_key_id: "{{ matrix.storage.s3.access_key_id }}"
|
|
|
|
secret_access_key: "{{ matrix.storage.s3.secret_access_key }}"
|
|
|
|
|
2022-11-12 14:24:54 +01:00
|
|
|
|
|
|
|
# vim:ft=yaml
|