# Configuration file for Synapse. # # This is a YAML file: see [1] for a quick introduction. Note in particular # that *indentation is important*: all the elements of a list or dictionary # should have the same indentation. # # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html # # For more information on how to configure Synapse, including a complete accounting of # each option, go to docs/usage/configuration/config_documentation.md or # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html server_name: "{{ matrix.baseurl }}" pid_file: /data/homeserver.pid enable_metrics: true listeners: - port: 8008 tls: false type: http x_forwarded: true resources: - names: [client, federation] compress: false - port: 9091 tls: false type: metrics database: name: psycopg2 args: user: {{ matrix.db.user }} password: {{ matrix.db.password }} database: {{ matrix.db.database }} host: db cp_min: 5 cp_max: 10 log_config: "/config/tobiasmanske.de.log.config" media_store_path: /data/media_store report_stats: true macaroon_secret_key: "{{ matrix.secrets.macaroon }}" form_secret: "{{ matrix.secrets.form }}" signing_key_path: "/config/tobiasmanske.de.signing.key" trusted_key_servers: - server_name: "matrix.org" oidc_providers: - idp_id: keycloak idp_name: "KeyCloak" issuer: "{{ matrix.oidc.issuer }}" client_id: "{{ matrix.oidc.client_id }}" client_secret: "{{ matrix.oidc.client_secret }}" scopes: ["openid", "profile"] user_mapping_provider: config: {% raw %} localpart_template: "{{ user.mx_localpart }}" display_name_template: "{{ user.name }}" {% endraw %} backchannel_logout_enabled: true # Optional enable_registration: true registration_requires_token: true registration_shared_secret: "{{ matrix.secrets.registration }}" password_config: enabled: true redis: enabled: true host: redis port: 6379 app_service_config_files: - /data/reg-mautrix-tg.yaml - /data/reg-mautrix-slack.yaml - /data/reg-mautrix-signal.yaml rc_message: per_second: 100 burst_count: 100 rc_joins: local: per_second: 100 burst_count: 100 server_notices: system_mxid_localpart: "server" system_mxid_display_name: "Server Notices" system_mxid_avatar_url: "mxc://unruhig.eu/khyOCChmyYSOsIFIbUWGGEWq" room_name: "Server Notices" modules: - module: shared_secret_authenticator.SharedSecretAuthProvider config: shared_secret: "{{ matrix.authenticator.shared_secret }}" # By default, only login requests of type `com.devture.shared_secret_auth` are supported. # Below, we explicitly enable support for the old `m.login.password` login type, # which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software. # If you don't need such legacy support, consider setting this to `false` or omitting it entirely. m_login_password_support_enabled: true # By default, only login requests of type `com.devture.shared_secret_auth` are supported. # Advertising support for such an authentication type causes a problem with Element, however. # See: https://github.com/vector-im/element-web/issues/19605 # # Uncomment the line below to disable `com.devture.shared_secret_auth` support. # You will then need to: # - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type # - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests # com_devture_shared_secret_auth_support_enabled: false media_storage_providers: - module: s3_storage_provider.S3StorageProviderBackend store_local: True store_remote: True store_synchronous: True config: bucket: "{{ matrix.storage.s3.bucket }}" # All of the below options are optional, for use with non-AWS S3-like # services, or to specify access tokens here instead of some external method. endpoint_url: "{{ matrix.storage.s3.endpoint_url }}" access_key_id: "{{ matrix.storage.s3.access_key_id }}" secret_access_key: "{{ matrix.storage.s3.secret_access_key }}" # vim:ft=yaml