380 lines
17 KiB
YAML
380 lines
17 KiB
YAML
# Synapse is a Matrix homeserver
|
|
# See: https://github.com/matrix-org/synapse
|
|
|
|
matrix_synapse_enabled: true
|
|
|
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.4"
|
|
|
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
|
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
|
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
|
|
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
|
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
|
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
|
|
|
# Controls whether the Synapse container exposes the Client/Server API port (tcp/8008).
|
|
matrix_synapse_container_expose_client_api_port: false
|
|
|
|
# Controls whether the Synapse container exposes the Server/Server (Federation) API port (tcp/8048).
|
|
# This is for the plain HTTP API. If you need Synapse to handle TLS encryption,
|
|
# that would be on another port (tcp/8448) controlled by `matrix_synapse_tls_federation_listener_enabled`.
|
|
matrix_synapse_container_expose_federation_api_port: false
|
|
|
|
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
|
|
matrix_synapse_container_expose_metrics_port: false
|
|
|
|
# A list of extra arguments to pass to the container
|
|
matrix_synapse_container_extra_arguments: []
|
|
|
|
# List of systemd services that matrix-synapse.service depends on
|
|
matrix_synapse_systemd_required_services_list: ['docker.service']
|
|
|
|
# List of systemd services that matrix-synapse.service wants
|
|
matrix_synapse_systemd_wanted_services_list: []
|
|
|
|
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages"
|
|
|
|
# Specifies which template files to use when configuring Synapse.
|
|
# If you'd like to have your own different configuration, feel free to copy and paste
|
|
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
|
|
# and then change the specific host's `vars.yaml` file like this:
|
|
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
|
|
|
|
matrix_synapse_macaroon_secret_key: ""
|
|
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
|
|
# The list of identity servers to use for Synapse.
|
|
# We assume this role runs standalone without a local Identity server, so we point Synapse to public ones.
|
|
# This most likely gets overwritten later, so that a local Identity server is used.
|
|
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_public }}"
|
|
|
|
matrix_synapse_max_upload_size_mb: 10
|
|
matrix_synapse_max_log_file_size_mb: 100
|
|
matrix_synapse_max_log_files_count: 10
|
|
|
|
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
|
matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}"
|
|
|
|
# Log levels
|
|
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
|
|
# warning: setting log level to DEBUG will make synapse log sensitive information such
|
|
# as access tokens
|
|
matrix_synapse_log_level: "INFO"
|
|
matrix_synapse_storage_sql_log_level: "INFO"
|
|
matrix_synapse_root_log_level: "INFO"
|
|
|
|
# Rate limits
|
|
matrix_synapse_rc_messages_per_second: 0.2
|
|
matrix_synapse_rc_message_burst_count: 10.0
|
|
|
|
matrix_synapse_rc_registration:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
|
|
matrix_synapse_rc_login:
|
|
address:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
account:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
failed_attempts:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
|
|
matrix_synapse_federation_rc_window_size: 1000
|
|
matrix_synapse_federation_rc_sleep_limit: 10
|
|
matrix_synapse_federation_rc_sleep_delay: 500
|
|
matrix_synapse_federation_rc_reject_limit: 50
|
|
matrix_synapse_federation_rc_concurrent: 3
|
|
matrix_synapse_federation_rr_transactions_per_room_per_second: 50
|
|
|
|
# Controls whether the TLS federation listener is enabled (tcp/8448).
|
|
# Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`).
|
|
# Note that federation may potentially be enabled as non-TLS on tcp/8048 as well.
|
|
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
|
|
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
|
|
matrix_synapse_tls_federation_listener_enabled: true
|
|
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
|
|
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
|
|
|
|
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
|
# (things like number of users, number of messages sent, uptime, load, etc.)
|
|
matrix_synapse_report_stats: false
|
|
|
|
# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
|
|
# If users participate in large rooms with many other servers,
|
|
# disabling this will decrease server load significantly.
|
|
matrix_synapse_use_presence: true
|
|
|
|
# Controls whether people with access to the homeserver can register by themselves.
|
|
matrix_synapse_enable_registration: false
|
|
|
|
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
|
|
matrix_synapse_registrations_require_3pid: []
|
|
|
|
# Users who register on this homeserver will automatically be joined to these rooms.
|
|
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
|
|
matrix_synapse_auto_join_rooms: []
|
|
|
|
# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created
|
|
# automatically if they don't already exist.
|
|
matrix_synapse_autocreate_auto_join_rooms: true
|
|
|
|
# Controls password-peppering for Synapse. Not to be changed after initial setup.
|
|
matrix_synapse_password_config_pepper: ""
|
|
|
|
# Controls the number of events that Synapse caches in memory.
|
|
matrix_synapse_event_cache_size: "100K"
|
|
|
|
# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
|
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
|
# To learn more, see:
|
|
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
|
# - https://github.com/matrix-org/synapse/issues/3939
|
|
matrix_synapse_cache_factor: 0.5
|
|
|
|
# Controls whether Synapse will federate at all.
|
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
|
# Also see: `matrix_synapse_tls_federation_listener_enabled` if you wish to keep federation enabled,
|
|
# but want to stop the TLS listener (port 8448).
|
|
matrix_synapse_federation_enabled: true
|
|
|
|
# A list of domain names that are allowed to federate with the given Synapse server.
|
|
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
|
|
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
|
|
matrix_synapse_federation_domain_whitelist: ~
|
|
|
|
# A list of additional "volumes" to mount in the container.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
|
matrix_synapse_container_additional_volumes: []
|
|
|
|
# A list of additional loggers to register in synapse.log.config.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
|
|
matrix_synapse_additional_loggers: []
|
|
|
|
# A list of service config files
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains fs paths
|
|
matrix_synapse_app_service_config_files: []
|
|
|
|
# This is set dynamically during execution depending on whether
|
|
# any password providers have been enabled or not.
|
|
matrix_synapse_password_providers_enabled: false
|
|
|
|
# Whether clients can request to include message content in push notifications
|
|
# sent through third party servers. Setting this to false requires mobile clients
|
|
# to load message content directly from the homeserver.
|
|
matrix_synapse_push_include_content: true
|
|
|
|
# If url previews should be generated. This will cause a request from Synapse to
|
|
# URLs shared by users.
|
|
matrix_synapse_url_preview_enabled: true
|
|
|
|
# Enable exposure of metrics to Prometheus
|
|
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.rst
|
|
matrix_synapse_metrics_enabled: false
|
|
matrix_synapse_metrics_port: 9100
|
|
|
|
# Postgres database information
|
|
matrix_synapse_database_host: ""
|
|
matrix_synapse_database_user: ""
|
|
matrix_synapse_database_password: ""
|
|
matrix_synapse_database_database: ""
|
|
|
|
matrix_synapse_turn_uris: []
|
|
matrix_synapse_turn_shared_secret: ""
|
|
|
|
matrix_synapse_email_enabled: false
|
|
matrix_synapse_email_smtp_host: ""
|
|
matrix_synapse_email_smtp_port: 587
|
|
matrix_synapse_email_smtp_require_transport_security: false
|
|
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
|
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
|
|
|
|
|
# Enable this to activate the REST auth password provider module.
|
|
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
|
|
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.2/rest_auth_provider.py"
|
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
|
|
|
# Enable this to activate the Shared Secret Auth password provider module.
|
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
|
|
|
# Enable this to activate LDAP password provider
|
|
matrix_synapse_ext_password_provider_ldap_enabled: false
|
|
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
|
|
matrix_synapse_ext_password_provider_ldap_start_tls: true
|
|
matrix_synapse_ext_password_provider_ldap_base: ""
|
|
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
|
|
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
|
|
matrix_synapse_ext_password_provider_ldap_bind_password: ""
|
|
matrix_synapse_ext_password_provider_ldap_filter: ""
|
|
|
|
|
|
matrix_s3_media_store_enabled: false
|
|
matrix_s3_media_store_custom_endpoint_enabled: false
|
|
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
|
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
|
|
matrix_s3_media_store_bucket_name: "your-bucket-name"
|
|
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
|
|
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
|
|
matrix_s3_media_store_region: "eu-central-1"
|
|
|
|
# Controls whether the self-check feature should validate SSL certificates.
|
|
matrix_synapse_self_check_validate_certificates: true
|
|
|
|
|
|
# Matrix Appservice Discord is a Matrix <-> Discord bridge
|
|
# Enable Discord bridge
|
|
matrix_appservice_discord_enabled: false
|
|
|
|
matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest"
|
|
|
|
matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
|
|
|
|
matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID"
|
|
matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
|
|
|
|
# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005).
|
|
matrix_appservice_discord_container_expose_client_server_api_port: false
|
|
|
|
matrix_appservice_discord_configuration_yaml: |
|
|
bridge:
|
|
domain: "{{ matrix_domain }}"
|
|
homeserverUrl: "{{ matrix_homeserver_url }}"
|
|
auth:
|
|
clientID: "{{matrix_appservice_discord_client_id}}"
|
|
botToken: "{{matrix_appservice_discord_bot_token}}"
|
|
database:
|
|
filename: "/data/discord.db"
|
|
userStorePath: "/data/user-store.db"
|
|
roomStorePath: "/data/room-store.db"
|
|
|
|
matrix_appservice_discord_configuration_extension_yaml: |
|
|
# This is a sample of the config file showing all avaliable options.
|
|
# Where possible we have documented what they do, and all values are the
|
|
# default values.
|
|
#
|
|
#bridge:
|
|
# # Domain part of the bridge, e.g. matrix.org
|
|
# domain: "localhost"
|
|
# # This should be your publically facing URL because Discord may use it to
|
|
# # fetch media from the media store.
|
|
# homeserverUrl: "http://localhost:8008"
|
|
# # Interval at which to process users in the 'presence queue'. If you have
|
|
# # 5 users, one user will be processed every 500 milliseconds according to the
|
|
# # value below. This has a minimum value of 250.
|
|
# # WARNING: This has a high chance of spamming the homeserver with presence
|
|
# # updates since it will send one each time somebody changes state or is online.
|
|
# presenceInterval: 500
|
|
# # Disable setting presence for 'ghost users' which means Discord users on Matrix
|
|
# # will not be shown as away or online.
|
|
# disablePresence: false
|
|
# # Disable sending typing notifications when somebody on Discord types.
|
|
# disableTypingNotifications: false
|
|
# # Disable deleting messages on Discord if a message is redacted on Matrix.
|
|
# disableDeletionForwarding: false
|
|
# # Enable users to bridge rooms using !discord commands. See
|
|
# # https://t2bot.io/discord for instructions.
|
|
# enableSelfServiceBridging: false
|
|
# # Disable sending of read receipts for Matrix events which have been
|
|
# # successfully bridged to Discord.
|
|
# disableReadReceipts: false
|
|
# Authentication configuration for the discord bot.
|
|
#auth:
|
|
# clientID: "12345"
|
|
# botToken: "foobar"
|
|
#logging:
|
|
# # What level should the logger output to the console at.
|
|
# console: "warn" #silly, verbose, info, http, warn, error, silent
|
|
# lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
|
# files:
|
|
# - file: "debug.log"
|
|
# disable:
|
|
# - "PresenceHandler" # Will not capture presence logging
|
|
# - file: "warn.log" # Will capture warnings
|
|
# level: "warn"
|
|
# - file: "botlogs.log" # Will capture logs from DiscordBot
|
|
# level: "info"
|
|
# enable:
|
|
# - "DiscordBot"
|
|
#database:
|
|
# userStorePath: "user-store.db"
|
|
# roomStorePath: "room-store.db"
|
|
# # You may either use SQLite or Postgresql for the bridge database, which contains
|
|
# # important mappings for events and user puppeting configurations.
|
|
# # Use the filename option for SQLite, or connString for Postgresql.
|
|
# # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
|
# # WARNING: You will almost certainly be fine with sqlite unless your bridge
|
|
# # is in heavy demand and you suffer from IO slowness.
|
|
# filename: "discord.db"
|
|
# # connString: "postgresql://user:password@localhost/database_name"
|
|
#room:
|
|
# # Set the default visibility of alias rooms, defaults to "public".
|
|
# # One of: "public", "private"
|
|
# defaultVisibility: "public"
|
|
#channel:
|
|
# # Pattern of the name given to bridged rooms.
|
|
# # Can use :guild for the guild name and :name for the channel name.
|
|
# namePattern: "[Discord] :guild :name"
|
|
# # Changes made to rooms when a channel is deleted.
|
|
# deleteOptions:
|
|
# # Prefix the room name with a string.
|
|
# #namePrefix: "[Deleted]"
|
|
# # Prefix the room topic with a string.
|
|
# #topicPrefix: "This room has been deleted"
|
|
# # Disable people from talking in the room by raising the event PL to 50
|
|
# disableMessaging: false
|
|
# # Remove the discord alias from the room.
|
|
# unsetRoomAlias: true
|
|
# # Remove the room from the directory.
|
|
# unlistFromDirectory: true
|
|
# # Set the room to be unavaliable for joining without an invite.
|
|
# setInviteOnly: true
|
|
# # Make all the discord users leave the room.
|
|
# ghostsLeave: true
|
|
#limits:
|
|
# # Delay in milliseconds between discord users joining a room.
|
|
# roomGhostJoinDelay: 6000
|
|
# # Delay in milliseconds before sending messages to discord to avoid echos.
|
|
# # (Copies of a sent message may arrive from discord before we've
|
|
# # fininished handling it, causing us to echo it back to the room)
|
|
# discordSendDelay: 750
|
|
|
|
matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml else {} }}"
|
|
|
|
matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}"
|
|
|
|
|
|
# Controls whether searching the public room list is enabled.
|
|
matrix_enable_room_list_search: true
|
|
|
|
# Controls who's allowed to create aliases on this server.
|
|
matrix_alias_creation_rules:
|
|
- user_id: "*"
|
|
alias: "*"
|
|
room_id: "*"
|
|
action: allow
|
|
|
|
# Controls who can publish and which rooms can be published in the public room list.
|
|
matrix_room_list_publication_rules:
|
|
- user_id: "*"
|
|
alias: "*"
|
|
room_id: "*"
|
|
action: allow
|