|
|
@ -33,11 +33,6 @@ pid_file: /homeserver.pid
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# cpu_affinity: 0xFFFFFFFF
|
|
|
|
# cpu_affinity: 0xFFFFFFFF
|
|
|
|
|
|
|
|
|
|
|
|
# The path to the web client which will be served at /_matrix/client/
|
|
|
|
|
|
|
|
# if 'webclient' is configured under the 'listeners' configuration.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# web_client_location: "/path/to/web/root"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The public-facing base URL that clients use to access this HS
|
|
|
|
# The public-facing base URL that clients use to access this HS
|
|
|
|
# (not including _matrix/...). This is the same URL a user would
|
|
|
|
# (not including _matrix/...). This is the same URL a user would
|
|
|
|
# enter into the 'custom HS URL' field on their client. If you
|
|
|
|
# enter into the 'custom HS URL' field on their client. If you
|
|
|
@ -64,6 +59,13 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
|
|
|
|
# (except those sent by local server admins). The default is False.
|
|
|
|
# (except those sent by local server admins). The default is False.
|
|
|
|
# block_non_admin_invites: True
|
|
|
|
# block_non_admin_invites: True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Room searching
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# If disabled, new messages will not be indexed for searching and users
|
|
|
|
|
|
|
|
# will receive errors when searching for messages. Defaults to enabled.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# enable_search: false
|
|
|
|
|
|
|
|
|
|
|
|
# Restrict federation to the following whitelist of domains.
|
|
|
|
# Restrict federation to the following whitelist of domains.
|
|
|
|
# N.B. we recommend also firewalling your federation listener to limit
|
|
|
|
# N.B. we recommend also firewalling your federation listener to limit
|
|
|
|
# inbound federation traffic as early as possible, rather than relying
|
|
|
|
# inbound federation traffic as early as possible, rather than relying
|
|
|
@ -137,8 +139,6 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js
|
|
|
|
# static: static resources under synapse/static (/_matrix/static). (Mostly
|
|
|
|
# static: static resources under synapse/static (/_matrix/static). (Mostly
|
|
|
|
# useful for 'fallback authentication'.)
|
|
|
|
# useful for 'fallback authentication'.)
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# webclient: A web client. Requires web_client_location to be set.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
listeners:
|
|
|
|
listeners:
|
|
|
|
{% if matrix_synapse_metrics_enabled %}
|
|
|
|
{% if matrix_synapse_metrics_enabled %}
|
|
|
|
- type: metrics
|
|
|
|
- type: metrics
|
|
|
@ -192,41 +192,33 @@ listeners:
|
|
|
|
# bind_addresses: ['::1', '127.0.0.1']
|
|
|
|
# bind_addresses: ['::1', '127.0.0.1']
|
|
|
|
# type: manhole
|
|
|
|
# type: manhole
|
|
|
|
|
|
|
|
|
|
|
|
# Homeserver blocking
|
|
|
|
|
|
|
|
#
|
|
|
|
## Homeserver blocking ##
|
|
|
|
|
|
|
|
|
|
|
|
# How to reach the server admin, used in ResourceLimitError
|
|
|
|
# How to reach the server admin, used in ResourceLimitError
|
|
|
|
# admin_contact: 'mailto:admin@server.com'
|
|
|
|
# admin_contact: 'mailto:admin@server.com'
|
|
|
|
#
|
|
|
|
|
|
|
|
# Global block config
|
|
|
|
# Global blocking
|
|
|
|
#
|
|
|
|
|
|
|
|
# hs_disabled: False
|
|
|
|
# hs_disabled: False
|
|
|
|
# hs_disabled_message: 'Human readable reason for why the HS is blocked'
|
|
|
|
# hs_disabled_message: 'Human readable reason for why the HS is blocked'
|
|
|
|
# hs_disabled_limit_type: 'error code(str), to help clients decode reason'
|
|
|
|
# hs_disabled_limit_type: 'error code(str), to help clients decode reason'
|
|
|
|
#
|
|
|
|
|
|
|
|
# Monthly Active User Blocking
|
|
|
|
# Monthly Active User Blocking
|
|
|
|
#
|
|
|
|
|
|
|
|
# Enables monthly active user checking
|
|
|
|
|
|
|
|
# limit_usage_by_mau: False
|
|
|
|
# limit_usage_by_mau: False
|
|
|
|
# max_mau_value: 50
|
|
|
|
# max_mau_value: 50
|
|
|
|
# mau_trial_days: 2
|
|
|
|
# mau_trial_days: 2
|
|
|
|
#
|
|
|
|
|
|
|
|
# If enabled, the metrics for the number of monthly active users will
|
|
|
|
# If enabled, the metrics for the number of monthly active users will
|
|
|
|
# be populated, however no one will be limited. If limit_usage_by_mau
|
|
|
|
# be populated, however no one will be limited. If limit_usage_by_mau
|
|
|
|
# is true, this is implied to be true.
|
|
|
|
# is true, this is implied to be true.
|
|
|
|
# mau_stats_only: False
|
|
|
|
# mau_stats_only: False
|
|
|
|
#
|
|
|
|
|
|
|
|
# Sometimes the server admin will want to ensure certain accounts are
|
|
|
|
# Sometimes the server admin will want to ensure certain accounts are
|
|
|
|
# never blocked by mau checking. These accounts are specified here.
|
|
|
|
# never blocked by mau checking. These accounts are specified here.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# mau_limit_reserved_threepids:
|
|
|
|
# mau_limit_reserved_threepids:
|
|
|
|
# - medium: 'email'
|
|
|
|
# - medium: 'email'
|
|
|
|
# address: 'reserved_user@example.com'
|
|
|
|
# address: 'reserved_user@example.com'
|
|
|
|
#
|
|
|
|
|
|
|
|
# Room searching
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# If disabled, new messages will not be indexed for searching and users
|
|
|
|
|
|
|
|
# will receive errors when searching for messages. Defaults to enabled.
|
|
|
|
|
|
|
|
# enable_search: true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## TLS ##
|
|
|
|
## TLS ##
|
|
|
@ -321,7 +313,8 @@ tls_fingerprints: []
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Database configuration
|
|
|
|
## Database ##
|
|
|
|
|
|
|
|
|
|
|
|
database:
|
|
|
|
database:
|
|
|
|
# The database engine name
|
|
|
|
# The database engine name
|
|
|
|
name: "psycopg2"
|
|
|
|
name: "psycopg2"
|
|
|
@ -337,6 +330,7 @@ database:
|
|
|
|
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
|
|
|
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Logging ##
|
|
|
|
|
|
|
|
|
|
|
|
# A yaml python logging config file
|
|
|
|
# A yaml python logging config file
|
|
|
|
log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
|
|
|
|
log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
|
|
|
@ -369,6 +363,15 @@ federation_rc_reject_limit: 50
|
|
|
|
# single server
|
|
|
|
# single server
|
|
|
|
federation_rc_concurrent: 3
|
|
|
|
federation_rc_concurrent: 3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Number of registration requests a client can send per second.
|
|
|
|
|
|
|
|
# Defaults to 1/minute (0.17).
|
|
|
|
|
|
|
|
# rc_registration_requests_per_second: 0.17
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Number of registration requests a client can send before being
|
|
|
|
|
|
|
|
# throttled.
|
|
|
|
|
|
|
|
# Defaults to 3.
|
|
|
|
|
|
|
|
# rc_registration_request_burst_count: 3.0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Directory where uploaded images and attachments are stored.
|
|
|
|
# Directory where uploaded images and attachments are stored.
|
|
|
@ -404,7 +407,7 @@ max_image_pixels: "32M"
|
|
|
|
# from a precalculated list.
|
|
|
|
# from a precalculated list.
|
|
|
|
dynamic_thumbnails: false
|
|
|
|
dynamic_thumbnails: false
|
|
|
|
|
|
|
|
|
|
|
|
# List of thumbnail to precalculate when an image is uploaded.
|
|
|
|
# List of thumbnails to precalculate when an image is uploaded.
|
|
|
|
thumbnail_sizes:
|
|
|
|
thumbnail_sizes:
|
|
|
|
- width: 32
|
|
|
|
- width: 32
|
|
|
|
height: 32
|
|
|
|
height: 32
|
|
|
@ -494,7 +497,6 @@ max_spider_size: "10M"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Captcha ##
|
|
|
|
## Captcha ##
|
|
|
|
# See docs/CAPTCHA_SETUP for full details of configuring this.
|
|
|
|
# See docs/CAPTCHA_SETUP for full details of configuring this.
|
|
|
|
|
|
|
|
|
|
|
@ -510,13 +512,13 @@ recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
|
|
|
enable_registration_captcha: False
|
|
|
|
enable_registration_captcha: False
|
|
|
|
|
|
|
|
|
|
|
|
# A secret key used to bypass the captcha test entirely.
|
|
|
|
# A secret key used to bypass the captcha test entirely.
|
|
|
|
#captcha_bypass_secret: "YOUR_SECRET_HERE"
|
|
|
|
# captcha_bypass_secret: "YOUR_SECRET_HERE"
|
|
|
|
|
|
|
|
|
|
|
|
# The API endpoint to use for verifying m.login.recaptcha responses.
|
|
|
|
# The API endpoint to use for verifying m.login.recaptcha responses.
|
|
|
|
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
|
|
|
|
recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Turn ##
|
|
|
|
## TURN ##
|
|
|
|
|
|
|
|
|
|
|
|
# The public URIs of the TURN server to give to clients
|
|
|
|
# The public URIs of the TURN server to give to clients
|
|
|
|
turn_uris: {{ matrix_synapse_turn_uris|to_json }}
|
|
|
|
turn_uris: {{ matrix_synapse_turn_uris|to_json }}
|
|
|
@ -526,8 +528,8 @@ turn_shared_secret: {{ matrix_synapse_turn_shared_secret|to_json }}
|
|
|
|
|
|
|
|
|
|
|
|
# The Username and password if the TURN server needs them and
|
|
|
|
# The Username and password if the TURN server needs them and
|
|
|
|
# does not use a token
|
|
|
|
# does not use a token
|
|
|
|
#turn_username: "TURNSERVER_USERNAME"
|
|
|
|
# turn_username: "TURNSERVER_USERNAME"
|
|
|
|
#turn_password: "TURNSERVER_PASSWORD"
|
|
|
|
# turn_password: "TURNSERVER_PASSWORD"
|
|
|
|
|
|
|
|
|
|
|
|
# How long generated TURN credentials last
|
|
|
|
# How long generated TURN credentials last
|
|
|
|
turn_user_lifetime: "1h"
|
|
|
|
turn_user_lifetime: "1h"
|
|
|
@ -541,6 +543,8 @@ turn_allow_guests: False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Registration ##
|
|
|
|
## Registration ##
|
|
|
|
|
|
|
|
# Registration can be rate-limited using the parameters in the "Ratelimiting"
|
|
|
|
|
|
|
|
# section of this file.
|
|
|
|
|
|
|
|
|
|
|
|
# Enable registration for new users.
|
|
|
|
# Enable registration for new users.
|
|
|
|
enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|
|
|
enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|
|
@ -603,8 +607,6 @@ trusted_third_party_id_servers:
|
|
|
|
|
|
|
|
|
|
|
|
# Users who register on this homeserver will automatically be joined
|
|
|
|
# Users who register on this homeserver will automatically be joined
|
|
|
|
# to these rooms
|
|
|
|
# to these rooms
|
|
|
|
#auto_join_rooms:
|
|
|
|
|
|
|
|
# - "#example:example.com"
|
|
|
|
|
|
|
|
{% if matrix_synapse_auto_join_rooms|length > 0 %}
|
|
|
|
{% if matrix_synapse_auto_join_rooms|length > 0 %}
|
|
|
|
auto_join_rooms:
|
|
|
|
auto_join_rooms:
|
|
|
|
{{ matrix_synapse_auto_join_rooms|to_nice_yaml }}
|
|
|
|
{{ matrix_synapse_auto_join_rooms|to_nice_yaml }}
|
|
|
@ -624,6 +626,16 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms }}
|
|
|
|
enable_metrics: {{ matrix_synapse_metrics_enabled }}
|
|
|
|
enable_metrics: {{ matrix_synapse_metrics_enabled }}
|
|
|
|
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
|
|
|
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable sentry integration
|
|
|
|
|
|
|
|
# NOTE: While attempts are made to ensure that the logs don't contain
|
|
|
|
|
|
|
|
# any sensitive information, this cannot be guaranteed. By enabling
|
|
|
|
|
|
|
|
# this option the sentry server may therefore receive sensitive
|
|
|
|
|
|
|
|
# information, and it in turn may then diseminate sensitive information
|
|
|
|
|
|
|
|
# through insecure notification channels if so configured.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# sentry:
|
|
|
|
|
|
|
|
# dsn: "..."
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## API Configuration ##
|
|
|
|
## API Configuration ##
|
|
|
|
|
|
|
|
|
|
|
@ -689,7 +701,8 @@ perspectives:
|
|
|
|
|
|
|
|
|
|
|
|
# Enable SAML2 for registration and login. Uses pysaml2.
|
|
|
|
# Enable SAML2 for registration and login. Uses pysaml2.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# saml2_config:
|
|
|
|
# `sp_config` is the configuration for the pysaml2 Service Provider.
|
|
|
|
|
|
|
|
# See pysaml2 docs for format of config.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# # The following is the configuration for the pysaml2 Service Provider.
|
|
|
|
# # The following is the configuration for the pysaml2 Service Provider.
|
|
|
|
# # See pysaml2 docs for format of config.
|
|
|
|
# # See pysaml2 docs for format of config.
|
|
|
@ -848,7 +861,7 @@ password_providers:
|
|
|
|
# because it is loaded by the app. iPhone, however will send a
|
|
|
|
# because it is loaded by the app. iPhone, however will send a
|
|
|
|
# notification saying only that a message arrived and who it came from.
|
|
|
|
# notification saying only that a message arrived and who it came from.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#push:
|
|
|
|
# push:
|
|
|
|
# include_content: true
|
|
|
|
# include_content: true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -875,7 +888,7 @@ enable_group_creation: false
|
|
|
|
# UPDATE user_directory_stream_pos SET stream_id = NULL;
|
|
|
|
# UPDATE user_directory_stream_pos SET stream_id = NULL;
|
|
|
|
# on your database to tell it to rebuild the user_directory search indexes.
|
|
|
|
# on your database to tell it to rebuild the user_directory search indexes.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#user_directory:
|
|
|
|
# user_directory:
|
|
|
|
# search_all_users: false
|
|
|
|
# search_all_users: false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -955,12 +968,55 @@ enable_group_creation: false
|
|
|
|
# on this server.
|
|
|
|
# on this server.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# The format of this option is a list of rules that contain globs that
|
|
|
|
# The format of this option is a list of rules that contain globs that
|
|
|
|
# match against user_id and the new alias (fully qualified with server
|
|
|
|
# match against user_id, room_id and the new alias (fully qualified with
|
|
|
|
# name). The action in the first rule that matches is taken, which can
|
|
|
|
# server name). The action in the first rule that matches is taken,
|
|
|
|
# currently either be "allow" or "deny".
|
|
|
|
# which can currently either be "allow" or "deny".
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# If no rules match the request is denied.
|
|
|
|
# Missing user_id/room_id/alias fields default to "*".
|
|
|
|
alias_creation_rules:
|
|
|
|
#
|
|
|
|
- user_id: "*"
|
|
|
|
# If no rules match the request is denied. An empty list means no one
|
|
|
|
alias: "*"
|
|
|
|
# can create aliases.
|
|
|
|
action: allow
|
|
|
|
#
|
|
|
|
|
|
|
|
# Options for the rules include:
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# user_id: Matches against the creator of the alias
|
|
|
|
|
|
|
|
# alias: Matches against the alias being created
|
|
|
|
|
|
|
|
# room_id: Matches against the room ID the alias is being pointed at
|
|
|
|
|
|
|
|
# action: Whether to "allow" or "deny" the request if the rule matches
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# The default is:
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# alias_creation_rules:
|
|
|
|
|
|
|
|
# - user_id: "*"
|
|
|
|
|
|
|
|
# alias: "*"
|
|
|
|
|
|
|
|
# room_id: "*"
|
|
|
|
|
|
|
|
# action: allow
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The `room_list_publication_rules` option controls who can publish and
|
|
|
|
|
|
|
|
# which rooms can be published in the public room list.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# The format of this option is the same as that for
|
|
|
|
|
|
|
|
# `alias_creation_rules`.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# If the room has one or more aliases associated with it, only one of
|
|
|
|
|
|
|
|
# the aliases needs to match the alias rule. If there are no aliases
|
|
|
|
|
|
|
|
# then only rules with `alias: *` match.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# If no rules match the request is denied. An empty list means no one
|
|
|
|
|
|
|
|
# can publish rooms.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# Options for the rules include:
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# user_id: Matches against the creator of the alias
|
|
|
|
|
|
|
|
# room_id: Matches against the room ID being published
|
|
|
|
|
|
|
|
# alias: Matches against any current local or canonical aliases
|
|
|
|
|
|
|
|
# associated with the room
|
|
|
|
|
|
|
|
# action: Whether to "allow" or "deny" the request if the rule matches
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# The default is:
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# room_list_publication_rules:
|
|
|
|
|
|
|
|
# - user_id: "*"
|
|
|
|
|
|
|
|
# alias: "*"
|
|
|
|
|
|
|
|
# room_id: "*"
|
|
|
|
|
|
|
|
# action: allow
|
|
|
|