|
|
|
|
@ -1,268 +0,0 @@
|
|
|
|
|
# vim:ft=yaml |
|
|
|
|
# PEM encoded X509 certificate for TLS. |
|
|
|
|
# You can replace the self-signed certificate that synapse |
|
|
|
|
# autogenerates on launch with your own SSL certificate + key pair |
|
|
|
|
# if you like. Any required intermediary certificates can be |
|
|
|
|
# appended after the primary certificate in hierarchical order. |
|
|
|
|
--- |
|
|
|
|
tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt" |
|
|
|
|
|
|
|
|
|
# PEM encoded private key for TLS |
|
|
|
|
tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key" |
|
|
|
|
|
|
|
|
|
# PEM dh parameters for ephemeral keys |
|
|
|
|
tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh" |
|
|
|
|
|
|
|
|
|
# Don't bind to the https port |
|
|
|
|
# We're proxying through caddy so no need |
|
|
|
|
no_tls: False |
|
|
|
|
|
|
|
|
|
## Server ## |
|
|
|
|
|
|
|
|
|
# When running as a daemon, the file to store the pid in |
|
|
|
|
pid_file: "/var/run/matrix-synapse.pid" |
|
|
|
|
|
|
|
|
|
# Whether to serve a web client from the HTTP/HTTPS root resource. |
|
|
|
|
web_client: False |
|
|
|
|
|
|
|
|
|
# The public-facing base URL for the client API (not including _matrix/...) |
|
|
|
|
public_baseurl: https://matrix.{{ domain }}/ |
|
|
|
|
|
|
|
|
|
# Set the soft limit on the number of file descriptors synapse can use |
|
|
|
|
# Zero is used to indicate synapse should set the soft limit to the |
|
|
|
|
# hard limit. |
|
|
|
|
soft_file_limit: 0 |
|
|
|
|
|
|
|
|
|
# The GC threshold parameters to pass to `gc.set_threshold`, if defined |
|
|
|
|
# gc_thresholds: [700, 10, 10] |
|
|
|
|
|
|
|
|
|
# A list of other Home Servers to fetch the public room directory from |
|
|
|
|
# and include in the public room directory of this home server |
|
|
|
|
# This is a temporary stopgap solution to populate new server with a |
|
|
|
|
# list of rooms until there exists a good solution of a decentralized |
|
|
|
|
# room directory. |
|
|
|
|
# secondary_directory_servers: |
|
|
|
|
# - matrix.org |
|
|
|
|
# - vector.im |
|
|
|
|
|
|
|
|
|
# List of ports that Synapse should listen on, their purpose and their |
|
|
|
|
# configuration. |
|
|
|
|
listeners: |
|
|
|
|
- port: 8008 |
|
|
|
|
tls: False |
|
|
|
|
bind_address: '127.0.0.1' |
|
|
|
|
type: http |
|
|
|
|
x_forwarded: True |
|
|
|
|
resources: |
|
|
|
|
- names: [client, webclient] |
|
|
|
|
compress: true |
|
|
|
|
- port: 8448 |
|
|
|
|
tls: True |
|
|
|
|
bind_address: '::' |
|
|
|
|
type: http |
|
|
|
|
x_forwarded: False |
|
|
|
|
resources: |
|
|
|
|
- names: [federation] |
|
|
|
|
compress: false |
|
|
|
|
|
|
|
|
|
database: |
|
|
|
|
name: "sqlite3" |
|
|
|
|
args: |
|
|
|
|
database: "/var/lib/matrix-synapse/homeserver.db" |
|
|
|
|
|
|
|
|
|
# Number of events to cache in memory. |
|
|
|
|
event_cache_size: "10K" |
|
|
|
|
|
|
|
|
|
# A yaml python logging config file |
|
|
|
|
log_config: "/etc/matrix-synapse/log.yaml" |
|
|
|
|
|
|
|
|
|
## Ratelimiting ## |
|
|
|
|
|
|
|
|
|
rc_messages_per_second: 0.2 |
|
|
|
|
rc_message_burst_count: 10.0 |
|
|
|
|
federation_rc_window_size: 1000 |
|
|
|
|
federation_rc_sleep_limit: 10 |
|
|
|
|
federation_rc_sleep_delay: 500 |
|
|
|
|
federation_rc_reject_limit: 50 |
|
|
|
|
federation_rc_concurrent: 3 |
|
|
|
|
media_store_path: "/var/lib/matrix-synapse/media" |
|
|
|
|
max_upload_size: "10M" |
|
|
|
|
max_image_pixels: "32M" |
|
|
|
|
|
|
|
|
|
dynamic_thumbnails: false |
|
|
|
|
thumbnail_sizes: |
|
|
|
|
- width: 32 |
|
|
|
|
height: 32 |
|
|
|
|
method: crop |
|
|
|
|
- width: 96 |
|
|
|
|
height: 96 |
|
|
|
|
method: crop |
|
|
|
|
- width: 320 |
|
|
|
|
height: 240 |
|
|
|
|
method: scale |
|
|
|
|
- width: 640 |
|
|
|
|
height: 480 |
|
|
|
|
method: scale |
|
|
|
|
- width: 800 |
|
|
|
|
height: 600 |
|
|
|
|
method: scale |
|
|
|
|
|
|
|
|
|
url_preview_enabled: False |
|
|
|
|
# url_preview_ip_range_blacklist: |
|
|
|
|
# - '127.0.0.0/8' |
|
|
|
|
# - '10.0.0.0/8' |
|
|
|
|
# - '172.16.0.0/12' |
|
|
|
|
# - '192.168.0.0/16' |
|
|
|
|
# url_preview_ip_range_whitelist: |
|
|
|
|
# - '192.168.1.1' |
|
|
|
|
# url_preview_url_blacklist: |
|
|
|
|
# # blacklist any URL with a username in its URI |
|
|
|
|
# - username: '*' |
|
|
|
|
# |
|
|
|
|
# # blacklist all *.google.com URLs |
|
|
|
|
# - netloc: 'google.com' |
|
|
|
|
# - netloc: '*.google.com' |
|
|
|
|
# |
|
|
|
|
# # blacklist all plain HTTP URLs |
|
|
|
|
# - scheme: 'http' |
|
|
|
|
# |
|
|
|
|
# # blacklist http(s)://www.acme.com/foo |
|
|
|
|
# - netloc: 'www.acme.com' |
|
|
|
|
# path: '/foo' |
|
|
|
|
# |
|
|
|
|
# # blacklist any URL with a literal IPv4 address |
|
|
|
|
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' |
|
|
|
|
|
|
|
|
|
max_spider_size: "10M" |
|
|
|
|
|
|
|
|
|
## Captcha ## |
|
|
|
|
|
|
|
|
|
enable_registration_captcha: False |
|
|
|
|
# recaptcha_public_key: "YOUR_PUBLIC_KEY" |
|
|
|
|
# recaptcha_private_key: "YOUR_PRIVATE_KEY" |
|
|
|
|
|
|
|
|
|
# A secret key used to bypass the captcha test entirely. |
|
|
|
|
#captcha_bypass_secret: "YOUR_SECRET_HERE" |
|
|
|
|
|
|
|
|
|
# The API endpoint to use for verifying m.login.recaptcha responses. |
|
|
|
|
# recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" |
|
|
|
|
|
|
|
|
|
## Turn ## |
|
|
|
|
|
|
|
|
|
# The public URIs of the TURN server to give to clients |
|
|
|
|
turn_uris: [] |
|
|
|
|
|
|
|
|
|
# The shared secret used to compute passwords for the TURN server |
|
|
|
|
turn_shared_secret: "YOUR_SHARED_SECRET" |
|
|
|
|
|
|
|
|
|
# How long generated TURN credentials last |
|
|
|
|
turn_user_lifetime: "1h" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Registration ## |
|
|
|
|
|
|
|
|
|
# Enable registration for new users. |
|
|
|
|
enable_registration: False |
|
|
|
|
|
|
|
|
|
# If set, allows registration by anyone who also has the shared |
|
|
|
|
# secret, even if registration is otherwise disabled. |
|
|
|
|
# registration_shared_secret: <PRIVATE STRING> |
|
|
|
|
|
|
|
|
|
# Sets the expiry for the short term user creation in |
|
|
|
|
# milliseconds. For instance the bellow duration is two weeks |
|
|
|
|
# in milliseconds. |
|
|
|
|
user_creation_max_duration: 1209600000 |
|
|
|
|
|
|
|
|
|
# Set the number of bcrypt rounds used to generate password hash. |
|
|
|
|
# Larger numbers increase the work factor needed to generate the hash. |
|
|
|
|
# The default number of rounds is 12. |
|
|
|
|
bcrypt_rounds: 12 |
|
|
|
|
|
|
|
|
|
# Allows users to register as guests without a password/email/etc, and |
|
|
|
|
# participate in rooms hosted on this server which have been made |
|
|
|
|
# accessible to anonymous users. |
|
|
|
|
allow_guest_access: False |
|
|
|
|
|
|
|
|
|
# The list of identity servers trusted to verify third party |
|
|
|
|
# identifiers by this server. |
|
|
|
|
trusted_third_party_id_servers: |
|
|
|
|
- matrix.org |
|
|
|
|
- vector.im |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Metrics ### |
|
|
|
|
|
|
|
|
|
# Enable collection and rendering of performance metrics |
|
|
|
|
enable_metrics: False |
|
|
|
|
|
|
|
|
|
## API Configuration ## |
|
|
|
|
|
|
|
|
|
# A list of event types that will be included in the room_invite_state |
|
|
|
|
room_invite_state_types: |
|
|
|
|
- "m.room.join_rules" |
|
|
|
|
- "m.room.canonical_alias" |
|
|
|
|
- "m.room.avatar" |
|
|
|
|
- "m.room.name" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# A list of application service config file to use |
|
|
|
|
app_service_config_files: [] |
|
|
|
|
|
|
|
|
|
# macaroon_secret_key: <PRIVATE STRING> |
|
|
|
|
|
|
|
|
|
# Used to enable access token expiration. |
|
|
|
|
expire_access_token: False |
|
|
|
|
|
|
|
|
|
## Signing Keys ## |
|
|
|
|
|
|
|
|
|
# Path to the signing key to sign messages with |
|
|
|
|
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" |
|
|
|
|
|
|
|
|
|
# The keys that the server used to sign messages with but won't use |
|
|
|
|
# to sign new messages. E.g. it has lost its private key |
|
|
|
|
old_signing_keys: {} |
|
|
|
|
# "ed25519:auto": |
|
|
|
|
# # Base64 encoded public key |
|
|
|
|
# key: "The public part of your old signing key." |
|
|
|
|
# # Millisecond POSIX timestamp when the key expired. |
|
|
|
|
# expired_ts: 123456789123 |
|
|
|
|
|
|
|
|
|
# How long key response published by this server is valid for. |
|
|
|
|
# Used to set the valid_until_ts in /key/v2 APIs. |
|
|
|
|
# Determines how quickly servers will query to check which keys |
|
|
|
|
# are still valid. |
|
|
|
|
key_refresh_interval: "1d" # 1 Day. |
|
|
|
|
|
|
|
|
|
# The trusted servers to download signing keys from. |
|
|
|
|
perspectives: |
|
|
|
|
servers: |
|
|
|
|
"matrix.org": |
|
|
|
|
verify_keys: |
|
|
|
|
"ed25519:auto": |
|
|
|
|
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The JWT needs to contain a globally unique "sub" (subject) claim. |
|
|
|
|
# |
|
|
|
|
# jwt_config: |
|
|
|
|
# enabled: true |
|
|
|
|
# secret: "a secret" |
|
|
|
|
# algorithm: "HS256" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable password for login. |
|
|
|
|
password_config: |
|
|
|
|
enabled: true |
|
|
|
|
|
|
|
|
|
# Enable sending emails for notification events |
|
|
|
|
#email: |
|
|
|
|
# enable_notifs: false |
|
|
|
|
# smtp_host: "localhost" |
|
|
|
|
# smtp_port: 25 |
|
|
|
|
# notif_from: "Your Friendly %(app)s Home Server <noreply@example.com>" |
|
|
|
|
# app_name: Matrix |
|
|
|
|
# template_dir: res/templates |
|
|
|
|
# notif_template_html: notif_mail.html |
|
|
|
|
# notif_template_text: notif_mail.txt |
|
|
|
|
# notif_for_new_users: True |
|
|
|
|
|
