|
|
@ -74,6 +74,16 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#restrict_public_rooms_to_local_users: true
|
|
|
|
#restrict_public_rooms_to_local_users: true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The default room version for newly created rooms.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# Known room versions are listed here:
|
|
|
|
|
|
|
|
# https://matrix.org/docs/spec/#complete-list-of-room-versions
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# For example, for room version 1, default_room_version should be set
|
|
|
|
|
|
|
|
# to "1".
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#default_room_version: "4"
|
|
|
|
|
|
|
|
|
|
|
|
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
|
|
|
|
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#gc_thresholds: [700, 10, 10]
|
|
|
|
#gc_thresholds: [700, 10, 10]
|
|
|
@ -256,6 +266,22 @@ listeners:
|
|
|
|
|
|
|
|
|
|
|
|
# Monthly Active User Blocking
|
|
|
|
# Monthly Active User Blocking
|
|
|
|
#
|
|
|
|
#
|
|
|
|
|
|
|
|
# Used in cases where the admin or server owner wants to limit to the
|
|
|
|
|
|
|
|
# number of monthly active users.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
|
|
|
|
|
|
|
|
# anabled and a limit is reached the server returns a 'ResourceLimitError'
|
|
|
|
|
|
|
|
# with error type Codes.RESOURCE_LIMIT_EXCEEDED
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# 'max_mau_value' is the hard limit of monthly active users above which
|
|
|
|
|
|
|
|
# the server will start blocking user actions.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# 'mau_trial_days' is a means to add a grace period for active users. It
|
|
|
|
|
|
|
|
# means that users must be active for this number of days before they
|
|
|
|
|
|
|
|
# can be considered active and guards against the case where lots of users
|
|
|
|
|
|
|
|
# sign up in a short space of time never to return after their initial
|
|
|
|
|
|
|
|
# session.
|
|
|
|
|
|
|
|
#
|
|
|
|
#limit_usage_by_mau: False
|
|
|
|
#limit_usage_by_mau: False
|
|
|
|
#max_mau_value: 50
|
|
|
|
#max_mau_value: 50
|
|
|
|
#mau_trial_days: 2
|
|
|
|
#mau_trial_days: 2
|
|
|
@ -305,12 +331,12 @@ tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }}
|
|
|
|
#
|
|
|
|
#
|
|
|
|
tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }}
|
|
|
|
tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }}
|
|
|
|
|
|
|
|
|
|
|
|
# Whether to verify TLS certificates when sending federation traffic.
|
|
|
|
# Whether to verify TLS server certificates for outbound federation requests.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# This currently defaults to `false`, however this will change in
|
|
|
|
# Defaults to `true`. To disable certificate verification, uncomment the
|
|
|
|
# Synapse 1.0 when valid federation certificates will be required.
|
|
|
|
# following line.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#federation_verify_certificates: true
|
|
|
|
#federation_verify_certificates: false
|
|
|
|
|
|
|
|
|
|
|
|
# Skip federation certificate verification on the following whitelist
|
|
|
|
# Skip federation certificate verification on the following whitelist
|
|
|
|
# of domains.
|
|
|
|
# of domains.
|
|
|
@ -764,7 +790,9 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|
|
|
# This means that, if a validity period is set, and Synapse is restarted (it will
|
|
|
|
# This means that, if a validity period is set, and Synapse is restarted (it will
|
|
|
|
# then derive an expiration date from the current validity period), and some time
|
|
|
|
# then derive an expiration date from the current validity period), and some time
|
|
|
|
# after that the validity period changes and Synapse is restarted, the users'
|
|
|
|
# after that the validity period changes and Synapse is restarted, the users'
|
|
|
|
# expiration dates won't be updated unless their account is manually renewed.
|
|
|
|
# expiration dates won't be updated unless their account is manually renewed. This
|
|
|
|
|
|
|
|
# date will be randomly selected within a range [now + period - d ; now + period],
|
|
|
|
|
|
|
|
# where d is equal to 10% of the validity period.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#account_validity:
|
|
|
|
#account_validity:
|
|
|
|
# enabled: True
|
|
|
|
# enabled: True
|
|
|
@ -944,12 +972,43 @@ signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key"
|
|
|
|
|
|
|
|
|
|
|
|
# The trusted servers to download signing keys from.
|
|
|
|
# The trusted servers to download signing keys from.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#perspectives:
|
|
|
|
# When we need to fetch a signing key, each server is tried in parallel.
|
|
|
|
# servers:
|
|
|
|
#
|
|
|
|
# "matrix.org":
|
|
|
|
# Normally, the connection to the key server is validated via TLS certificates.
|
|
|
|
# verify_keys:
|
|
|
|
# Additional security can be provided by configuring a `verify key`, which
|
|
|
|
# "ed25519:auto":
|
|
|
|
# will make synapse check that the response is signed by that key.
|
|
|
|
# key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
|
|
|
|
#
|
|
|
|
|
|
|
|
# This setting supercedes an older setting named `perspectives`. The old format
|
|
|
|
|
|
|
|
# is still supported for backwards-compatibility, but it is deprecated.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# Options for each entry in the list include:
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# server_name: the name of the server. required.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# verify_keys: an optional map from key id to base64-encoded public key.
|
|
|
|
|
|
|
|
# If specified, we will check that the response is signed by at least
|
|
|
|
|
|
|
|
# one of the given keys.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
|
|
|
|
|
|
|
|
# and federation_verify_certificates is not `true`, synapse will refuse
|
|
|
|
|
|
|
|
# to start, because this would allow anyone who can spoof DNS responses
|
|
|
|
|
|
|
|
# to masquerade as the trusted key server. If you know what you are doing
|
|
|
|
|
|
|
|
# and are sure that your network environment provides a secure connection
|
|
|
|
|
|
|
|
# to the key server, you can set this to `true` to override this
|
|
|
|
|
|
|
|
# behaviour.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# An example configuration might look like:
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#trusted_key_servers:
|
|
|
|
|
|
|
|
# - server_name: "my_trusted_server.example.com"
|
|
|
|
|
|
|
|
# verify_keys:
|
|
|
|
|
|
|
|
# "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
|
|
|
|
|
|
|
|
# - server_name: "my_other_trusted_server.example.com"
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# The default configuration is:
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#trusted_key_servers:
|
|
|
|
|
|
|
|
# - server_name: "matrix.org"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable SAML2 for registration and login. Uses pysaml2.
|
|
|
|
# Enable SAML2 for registration and login. Uses pysaml2.
|
|
|
@ -1026,14 +1085,73 @@ password_config:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable sending emails for notification events or expiry notices
|
|
|
|
# Enable sending emails for password resets, notification events or
|
|
|
|
# Defining a custom URL for Riot is only needed if email notifications
|
|
|
|
# account expiry notices
|
|
|
|
# should contain links to a self-hosted installation of Riot; when set
|
|
|
|
|
|
|
|
# the "app_name" setting is ignored.
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# If your SMTP server requires authentication, the optional smtp_user &
|
|
|
|
# If your SMTP server requires authentication, the optional smtp_user &
|
|
|
|
# smtp_pass variables should be used
|
|
|
|
# smtp_pass variables should be used
|
|
|
|
#
|
|
|
|
#
|
|
|
|
|
|
|
|
#email:
|
|
|
|
|
|
|
|
# enable_notifs: false
|
|
|
|
|
|
|
|
# smtp_host: "localhost"
|
|
|
|
|
|
|
|
# smtp_port: 25 # SSL: 465, STARTTLS: 587
|
|
|
|
|
|
|
|
# smtp_user: "exampleusername"
|
|
|
|
|
|
|
|
# smtp_pass: "examplepassword"
|
|
|
|
|
|
|
|
# require_transport_security: False
|
|
|
|
|
|
|
|
# notif_from: "Your Friendly %(app)s Home Server <noreply@example.com>"
|
|
|
|
|
|
|
|
# app_name: Matrix
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Enable email notifications by default
|
|
|
|
|
|
|
|
# notif_for_new_users: True
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Defining a custom URL for Riot is only needed if email notifications
|
|
|
|
|
|
|
|
# # should contain links to a self-hosted installation of Riot; when set
|
|
|
|
|
|
|
|
# # the "app_name" setting is ignored
|
|
|
|
|
|
|
|
# riot_base_url: "http://localhost/riot"
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Enable sending password reset emails via the configured, trusted
|
|
|
|
|
|
|
|
# # identity servers
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# # IMPORTANT! This will give a malicious or overtaken identity server
|
|
|
|
|
|
|
|
# # the ability to reset passwords for your users! Make absolutely sure
|
|
|
|
|
|
|
|
# # that you want to do this! It is strongly recommended that password
|
|
|
|
|
|
|
|
# # reset emails be sent by the homeserver instead
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# # If this option is set to false and SMTP options have not been
|
|
|
|
|
|
|
|
# # configured, resetting user passwords via email will be disabled
|
|
|
|
|
|
|
|
# #trust_identity_server_for_password_resets: false
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Configure the time that a validation email or text message code
|
|
|
|
|
|
|
|
# # will expire after sending
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# # This is currently used for password resets
|
|
|
|
|
|
|
|
# #validation_token_lifetime: 1h
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Template directory. All template files should be stored within this
|
|
|
|
|
|
|
|
# # directory
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# #template_dir: res/templates
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Templates for email notifications
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# notif_template_html: notif_mail.html
|
|
|
|
|
|
|
|
# notif_template_text: notif_mail.txt
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Templates for account expiry notices
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# expiry_template_html: notice_expiry.html
|
|
|
|
|
|
|
|
# expiry_template_text: notice_expiry.txt
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Templates for password reset emails sent by the homeserver
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# #password_reset_template_html: password_reset.html
|
|
|
|
|
|
|
|
# #password_reset_template_text: password_reset.txt
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# # Templates for password reset success and failure pages that a user
|
|
|
|
|
|
|
|
# # will see after attempting to reset their password
|
|
|
|
|
|
|
|
# #
|
|
|
|
|
|
|
|
# #password_reset_template_success_html: password_reset_success.html
|
|
|
|
|
|
|
|
# #password_reset_template_failure_html: password_reset_failure.html
|
|
|
|
{% if matrix_synapse_email_enabled %}
|
|
|
|
{% if matrix_synapse_email_enabled %}
|
|
|
|
email:
|
|
|
|
email:
|
|
|
|
enable_notifs: true
|
|
|
|
enable_notifs: true
|
|
|
@ -1147,9 +1265,9 @@ push:
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# 'search_all_users' defines whether to search all users visible to your HS
|
|
|
|
# 'search_all_users' defines whether to search all users visible to your HS
|
|
|
|
# when searching the user directory, rather than limiting to users visible
|
|
|
|
# when searching the user directory, rather than limiting to users visible
|
|
|
|
# in public rooms. Defaults to false. If you set it True, you'll have to run
|
|
|
|
# in public rooms. Defaults to false. If you set it True, you'll have to
|
|
|
|
# UPDATE user_directory_stream_pos SET stream_id = NULL;
|
|
|
|
# rebuild the user_directory search indexes, see
|
|
|
|
# on your database to tell it to rebuild the user_directory search indexes.
|
|
|
|
# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#user_directory:
|
|
|
|
#user_directory:
|
|
|
|
# enabled: true
|
|
|
|
# enabled: true
|
|
|
@ -1207,6 +1325,21 @@ push:
|
|
|
|
#
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Local statistics collection. Used in populating the room directory.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# 'bucket_size' controls how large each statistics timeslice is. It can
|
|
|
|
|
|
|
|
# be defined in a human readable short form -- e.g. "1d", "1y".
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# 'retention' controls how long historical statistics will be kept for.
|
|
|
|
|
|
|
|
# It can be defined in a human readable short form -- e.g. "1d", "1y".
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#stats:
|
|
|
|
|
|
|
|
# enabled: true
|
|
|
|
|
|
|
|
# bucket_size: 1d
|
|
|
|
|
|
|
|
# retention: 1y
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Server Notices room configuration
|
|
|
|
# Server Notices room configuration
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# Uncomment this section to enable a room which can be used to send notices
|
|
|
|
# Uncomment this section to enable a room which can be used to send notices
|
|
|
|