homeserver.yaml 10.6 KB
Newer Older
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
1
2
# Configuration file for Synapse.
#
3
4
# This has been shorted to be more readable. For more information, see https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml.

Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
5
6
7
8
9
10
11

## Server ##

# The public-facing domain of the server
server_name: "die-fachschaft.de"

# When running as a daemon, the file to store the pid in
12
pid_file: /var/lib/synapse/homeserver.pid
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
13
14
15
16
17
18
19

# The absolute URL to the web client which /_matrix/client will redirect
# to if 'webclient' is configured under the 'listeners' configuration.
web_client_location: https://element.die-fachschaft.de/

# The public-facing base URL that clients use to access this HS
# (not including _matrix/...). This is the same URL a user would
20
# enter into the 'custom HS URL' field on their client.
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
public_baseurl: https://matrix.die-fachschaft.de/

# If set to 'true', allows any other homeserver to fetch the server's public
# rooms directory via federation. Defaults to 'false'.
allow_public_rooms_over_federation: true

# The default room version for newly created rooms.
default_room_version: "6"

# List of ports that Synapse should listen on, their purpose and their
# configuration.
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']

    resources:
      - names: [client, federation]
        compress: false


## Homeserver blocking ##

# How to reach the server admin, used in ResourceLimitError
#
admin_contact: 'mailto:rbfsmi@lists.uni-paderborn.de'


## Federation ##

# Prevent federation requests from being sent to the following
# blacklist IP address CIDR ranges. If this option is not specified, or
# specified with an empty list, no ip range blacklist will be enforced.
#
# As of Synapse v1.4.0 this option also affects any outbound requests to identity
# servers provided by user input.
#
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
# listed here, since they correspond to unroutable addresses.)
#
federation_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '169.254.0.0/16'
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'


## Database ##

77
# Postgres configuration:
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
78
database:
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
79
  name: psycopg2
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
80
  args:
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
81
    user: synapse_user
82
83
    # This is replaced upon configuration by a script called /set_postgresql_password.sh.
    password: POSTGRESQL_PASSWORD 
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
84
85
86
87
88
    database: synapse
    host: localhost
    cp_min: 5
    cp_max: 10

Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
89
90
91
92
93

## Logging ##

# A yaml python logging config file as described by
# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
94
log_config: "/etc/synapse/synapse.log.config"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
95
96
97
98
99


## Media Store ##

# Directory where uploaded images and attachments are stored.
100
media_store_path: "/var/lib/synapse/media_store"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
101
102
103

# The largest allowed upload size in bytes
#
104
max_upload_size: 50M
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
105
106
107

# Maximum number of pixels that will be thumbnailed
#
108
max_image_pixels: 32M
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
109
110

# Whether to generate new thumbnails on the fly to precisely match
111
112
# the resolution requested by the client.
dynamic_thumbnails: true
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
113
114
115
116


## Registration ##

117
118
# Disable registration for new users.
enable_registration: false
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
119
120
121
122
123

# Allows users to register as guests without a password/email/etc, and
# participate in rooms hosted on this server which have been made
# accessible to anonymous users.
#
124
allow_guest_access: true
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
125
126
127
128
129
130
131
132
133
134

# Users who register on this homeserver will automatically be joined
# to these rooms.
#
# By default, any room aliases included in this list will be created
# as a publicly joinable room when the first user registers for the
# homeserver. This behaviour can be customised with the settings below.
#
auto_join_rooms:
  - "#allgemein:die-fachschaft.de"
135
136
  - "#announcements:die-fachschaft.de"
  - "#support:die-fachschaft.de"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
137

138
# Allow guests to have auto join.
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
139
#
140
auto_join_rooms_for_guests: true
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
141
142
143
144
145
146
147
148
149
150


## Metrics ###

# Enable collection and rendering of performance metrics
#
enable_metrics: false

# Whether or not to report anonymized homeserver usage statistics.
#
151
report_stats: false
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
152
153
154
155
156
157


## Signing Keys ##

# Path to the signing key to sign messages with
#
158
signing_key_path: "/var/lib/synapse/signing.key"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
159
160
161
162
163
164
165
166
167

# The trusted servers to download signing keys from.
#
trusted_key_servers:
  - server_name: "matrix.org"

# Uncomment the following to disable the warning that is emitted when the
# trusted_key_servers include 'matrix.org'. See above.
#
168
suppress_key_server_warning: true
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
169
170
171
172
173
174
175
176
177


## Single sign-on integration ##

# Enable OpenID Connect (OIDC) / OAuth 2.0 for registration and login.
#
# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md
# for some example configurations.
#
178
179
180
181
182
183
184
185
186
187
oidc_providers:

  # idp_id: a unique identifier for this identity provider. Used internally
  #     by Synapse; should be a single word such as 'github'.
  #
  #     Note that, if this is changed, users authenticating via that provider
  #     will no longer be recognised as the same user!
  #
  #     (Use "oidc" here if you are migrating from an old "oidc_config"
  #     configuration.)
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
188
  #
189
190
191
192
193
194
195
196
197
198
199
200
- idp_id: "oidc"

  # idp_name: A user-facing name for this identity provider, which is used to
  #     offer the user a choice of login mechanisms.
  #
  idp_name: IRB-Gitlab

  # idp_brand: An optional brand for this identity provider, allowing clients
  #     to style the login flow according to the identity provider in question.
  #     See the spec for possible options here.
  #
  idp_brand: "gitlab"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
201
202
203
204

  # the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
  # discover the provider's endpoints.
  #
205
  issuer: "https://git.cs.uni-paderborn.de"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
206
207
208
209
210

  # oauth2 client id to use.
  #
  # Required if 'enabled' is true.
  #
211
  client_id: "OICD_CLIENT_ID"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
212
213
214
215
216

  # oauth2 client secret to use.
  #
  # Required if 'enabled' is true.
  #
217
  client_secret: "OICD_CLIENT_SECRET"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
218
219
220
221
222

  # auth method to use when exchanging the token.
  # Valid values are 'client_secret_basic' (default), 'client_secret_post' and
  # 'none'.
  #
223
  client_auth_method: "client_secret_post"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
224
225
226
227

  # list of scopes to request. This should normally include the "openid" scope.
  # Defaults to ["openid"].
  #
228
  scopes: ["openid", "read_user"]
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
229
230
231
232
233
234
235

  # Whether to fetch the user profile from the userinfo endpoint. Valid
  # values are: "auto" or "userinfo_endpoint".
  #
  # Defaults to "auto", which fetches the userinfo endpoint if "openid" is included
  # in `scopes`. Uncomment the following to always fetch the userinfo endpoint.
  #
236
  user_profile_method: "userinfo_endpoint"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
237
238
239
240

  # An external module can be provided here as a custom solution to mapping
  # attributes returned from a OIDC provider onto a matrix user.
  #
241
  user_mapping_provider:
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
242
243
244
245
246
247
248
249

    # Custom configuration values for the module. This section will be passed as
    # a Python dictionary to the user mapping provider module's `parse_config`
    # method.
    #
    # The examples below are intended for the default provider: they should be
    # changed if using a custom provider.
    #
250
    config:
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
251
252
      # Jinja2 template for the localpart of the MXID.
      #
253
      localpart_template: "{{ user.nickname }}"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
254
255
256

      # Jinja2 template for the display name to set on first login.
      #
257
      display_name_template: "{{ user.name }}"
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
258

259
260
261
262
      # Jinja2 template for the email to set on first login.
      #
      email_template: "{{ user.email }}"

263
password_config:
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
  # Disable password login
  #
  enabled: false

# Additional settings to use with single-sign on systems such as OpenID Connect,
# SAML2 and CAS.
#
sso:
  # A list of client URLs which are whitelisted so that the user does not
  # have to confirm giving access to their account to the URL. Any client
  # whose URL starts with an entry in the following list will not be subject
  # to an additional confirmation step after the SSO login is completed.
  #
  # WARNING: An entry such as "https://my.client" is insecure, because it
  # will also match "https://my.client.evil.site", exposing your users to
  # phishing attacks from evil.site. To avoid this, include a slash after the
  # hostname: "https://my.client/".
  #
  # If public_baseurl is set, then the login fallback page (used by clients
  # that don't natively support the required login flows) is whitelisted in
  # addition to any URLs in this list.
  #
  client_whitelist:
287
288
289
    - https://element.die-fachschaft.de/ # RBFSMI-hosted Webclient
    - element://vector/webapp/ # Element PC client
    - element://connect # Element Android app
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
290
291
292

## Rooms ##

293
# Automatically encrypt private and trusted private chats.
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
294
295
296
297
298
#
encryption_enabled_by_default_for_room_type: invite

# Uncomment to allow non-server-admin users to create groups on this server
#
299
enable_group_creation: false
Jan-Oliver Opdenhövel's avatar
Jan-Oliver Opdenhövel committed
300
301
302
303
304
305
306
307
308
309
310
311
312
313


# User Directory configuration
#
# 'enabled' defines whether users can search the user directory. If
# false then empty responses are returned to all queries. Defaults to
# true.
#
# 'search_all_users' defines whether to search all users visible to your HS
# when searching the user directory, rather than limiting to users visible
# in public rooms.  Defaults to false.  If you set it True, you'll have to
# rebuild the user_directory search indexes, see
# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
#
314
315
user_directory:
  enabled: false
316
  search_all_users: false
317
318
319
320
321
322
323
324
325
326
327
328
329


# Configuration for sending emails from Synapse.
#
email:
  # App name in subjects.
  #
  app_name: "FSMI-Matrix"

  # SMTP server config.
  #
  smtp_host: mail.uni-paderborn.de
  smtp_port: 25
330
  require_transport_security: true
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355

  # Sender information.
  #
  notif_from: "%(app)s <noreply@die-fachschaft.de>"
  
  # Enable the option for mail notifications.
  # Users still have to activate notifications, but this setting allows it.
  #
  enable_notifs: true

  # Direct invited users to our webclient.
  #
  invite_client_location: "https://element.die-fachschaft.de"

  # Mail subjects.
  #
  subjects:
    message_from_person_in_room: "[%(app)s] Du hast eine Nachricht von %(person)s im %(room)s-Raum bekommen"
    message_from_person: "[%(app)s] Du hast eine Nachricht von %(person)s bekommen"
    messages_from_person: "[%(app)s] Du hast mehrere Nachrichten von %(person)s bekommen"
    messages_in_room: "[%(apps)s] Du hast mehrere Nachrichten im %(room)s-Raum bekommen"
    messages_in_room_and_others: "[%(app)s] Du hast mehrere Nachrichten, unter anderem im %(room)s-Raum bekommen"
    messages_from_person_and_others: "[%(app)s] Du hast mehrere Nachrichten, unter anderem von %(person)s bekommen"
    invite_from_person_to_room: "[%(app)s] %(person)s hat dich in den $(room)s-Raum eingeladen"
    invite_from_person: "[%(app)s] %(person)s hat dich zum Chatten eingeladen"
356
357
358
359
360
361
    email_validation: "[%(server_name)s] Bestätige deine E-Mail-Addresse"

# Spaces Beta
#
experimental_features:
  spaces_enabled: true