Refactor: Dir structure
This commit is contained in:
122
ansible/plays/services/matrix/synapse-config/homeserver.yaml
Normal file
122
ansible/plays/services/matrix/synapse-config/homeserver.yaml
Normal file
@ -0,0 +1,122 @@
|
||||
# Configuration file for Synapse.
|
||||
#
|
||||
# This is a YAML file: see [1] for a quick introduction. Note in particular
|
||||
# that *indentation is important*: all the elements of a list or dictionary
|
||||
# should have the same indentation.
|
||||
#
|
||||
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
||||
#
|
||||
# For more information on how to configure Synapse, including a complete accounting of
|
||||
# each option, go to docs/usage/configuration/config_documentation.md or
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
||||
server_name: "{{ matrix.baseurl }}"
|
||||
pid_file: /data/homeserver.pid
|
||||
enable_metrics: true
|
||||
listeners:
|
||||
- port: 8008
|
||||
tls: false
|
||||
type: http
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
- port: 9091
|
||||
tls: false
|
||||
type: metrics
|
||||
database:
|
||||
name: psycopg2
|
||||
args:
|
||||
user: {{ matrix.db.user }}
|
||||
password: {{ matrix.db.password }}
|
||||
database: {{ matrix.db.database }}
|
||||
host: db
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
log_config: "/config/tobiasmanske.de.log.config"
|
||||
media_store_path: /data/media_store
|
||||
report_stats: true
|
||||
macaroon_secret_key: "{{ matrix.secrets.macaroon }}"
|
||||
form_secret: "{{ matrix.secrets.form }}"
|
||||
signing_key_path: "/config/tobiasmanske.de.signing.key"
|
||||
trusted_key_servers:
|
||||
- server_name: "matrix.org"
|
||||
oidc_providers:
|
||||
- idp_id: keycloak
|
||||
idp_name: "KeyCloak"
|
||||
issuer: "{{ matrix.oidc.issuer }}"
|
||||
client_id: "{{ matrix.oidc.client_id }}"
|
||||
client_secret: "{{ matrix.oidc.client_secret }}"
|
||||
scopes: ["openid", "profile"]
|
||||
user_mapping_provider:
|
||||
config:
|
||||
{% raw %}
|
||||
localpart_template: "{{ user.mx_localpart }}"
|
||||
display_name_template: "{{ user.name }}"
|
||||
{% endraw %}
|
||||
backchannel_logout_enabled: true # Optional
|
||||
|
||||
enable_registration: true
|
||||
registration_requires_token: true
|
||||
registration_shared_secret: "{{ matrix.secrets.registration }}"
|
||||
password_config:
|
||||
enabled: true
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
host: redis
|
||||
port: 6379
|
||||
|
||||
app_service_config_files:
|
||||
- /data/reg-mautrix-tg.yaml
|
||||
- /data/reg-mautrix-slack.yaml
|
||||
- /data/reg-mautrix-signal.yaml
|
||||
|
||||
rc_message:
|
||||
per_second: 100
|
||||
burst_count: 100
|
||||
rc_joins:
|
||||
local:
|
||||
per_second: 100
|
||||
burst_count: 100
|
||||
server_notices:
|
||||
system_mxid_localpart: "server"
|
||||
system_mxid_display_name: "Server Notices"
|
||||
system_mxid_avatar_url: "mxc://unruhig.eu/khyOCChmyYSOsIFIbUWGGEWq"
|
||||
room_name: "Server Notices"
|
||||
|
||||
modules:
|
||||
- module: shared_secret_authenticator.SharedSecretAuthProvider
|
||||
config:
|
||||
shared_secret: "{{ matrix.authenticator.shared_secret }}"
|
||||
|
||||
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
|
||||
# Below, we explicitly enable support for the old `m.login.password` login type,
|
||||
# which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software.
|
||||
# If you don't need such legacy support, consider setting this to `false` or omitting it entirely.
|
||||
m_login_password_support_enabled: true
|
||||
|
||||
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
|
||||
# Advertising support for such an authentication type causes a problem with Element, however.
|
||||
# See: https://github.com/vector-im/element-web/issues/19605
|
||||
#
|
||||
# Uncomment the line below to disable `com.devture.shared_secret_auth` support.
|
||||
# You will then need to:
|
||||
# - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type
|
||||
# - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests
|
||||
# com_devture_shared_secret_auth_support_enabled: false
|
||||
|
||||
media_storage_providers:
|
||||
- module: s3_storage_provider.S3StorageProviderBackend
|
||||
store_local: True
|
||||
store_remote: True
|
||||
store_synchronous: True
|
||||
config:
|
||||
bucket: "{{ matrix.storage.s3.bucket }}"
|
||||
# All of the below options are optional, for use with non-AWS S3-like
|
||||
# services, or to specify access tokens here instead of some external method.
|
||||
endpoint_url: "{{ matrix.storage.s3.endpoint_url }}"
|
||||
access_key_id: "{{ matrix.storage.s3.access_key_id }}"
|
||||
secret_access_key: "{{ matrix.storage.s3.secret_access_key }}"
|
||||
|
||||
|
||||
# vim:ft=yaml
|
||||
Reference in New Issue
Block a user