--- matrix_synapse_docker_volumes: "{{ matrix_synapse_base_docker_volumes + matrix_synapse_extra_docker_volumes }}" matrix_synapse_base_docker_volumes: - "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}" - "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}" - "{{ matrix_synapse_base_path }}/homeserver.yaml:{{ matrix_synapse_base_path }}/homeserver.yaml" - "{{ matrix_synapse_base_path }}/log.config:{{ matrix_synapse_base_path }}/log.config" - "{{ matrix_synapse_base_path }}/tls:{{ matrix_synapse_base_path }}/tls" matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}" # Worker-specific config matrix_synapse_media_worker_override: {} matrix_synapse_fed_sender_override: {} matrix_synapse_worker_fed_senders: [] matrix_synapse_worker_metrics_listener: - type: metrics port: "{{ matrix_synapse_worker_metrics_port }}" matrix_synapse_worker_config: start_pushers: "{{ not matrix_synapse_worker_push }}" notify_appservices: "{{ not matrix_synapse_worker_appservice }}" update_user_directory: "{{ not matrix_synapse_worker_user_search }}" listeners: - port: "{{ matrix_synapse_worker_replication_port }}" bind_addresses: - "{{ matrix_synapse_worker_replication_bind_ip }}" type: http resources: - names: [ replication ] # homeserver.yml matrix_synapse_base_config: server_name: "{{ matrix_server_name }}" public_baseurl: "{{ matrix_synapse_public_baseurl }}" tls_certificate_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.crt" tls_private_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.key" acme: enabled: false url: https://acme-v01.api.letsencrypt.org/directory port: 80 bind_addresses: ['::', '0.0.0.0'] reprovision_threshold: 30 no_tls: false tls_fingerprints: [] pid_file: "{{ matrix_synapse_base_path }}/synapse.pid" soft_file_limit: 0 use_presence: true listeners: - port: 8448 bind_addresses: - '::' - '0.0.0.0' type: http tls: true x_forwarded: false resources: - names: [client] compress: true - names: [federation] compress: false - port: 8008 tls: false bind_addresses: - '::' - '0.0.0.0' type: http x_forwarded: false resources: - names: [client] compress: true - names: [federation] compress: false database: name: "psycopg2" args: user: "{{ matrix_synapse_pg_user }}" password: "{{ matrix_synapse_pg_pass }}" database: "{{ matrix_synapse_pg_db }}" host: "{{ matrix_synapse_pg_host }}" cp_min: 5 cp_max: 10 redis: enabled: "{{ matrix_synapse_redis_enabled }}" host: "{{ matrix_synapse_redis_host }}" port: "{{ matrix_synapse_redis_port }}" password: "{{ matrix_synapse_redis_pass }}" log_config: "{{ matrix_synapse_base_path }}/log.config" event_cache_size: "10K" rc_messages_per_second: 0.2 rc_message_burst_count: 10.0 federation_rc_window_size: 1000 federation_rc_sleep_limit: 10 federation_rc_sleep_delay: 500 federation_rc_reject_limit: 50 federation_rc_concurrent: 3 media_store_path: "{{ matrix_synapse_base_path }}/media_store" uploads_path: "{{ matrix_synapse_base_path }}/uploads" max_upload_size: "23M" max_image_pixels: "32M" dynamic_thumbnails: false thumbnail_sizes: - width: 32 height: 32 method: crop - width: 96 height: 96 method: crop - width: 320 height: 240 method: scale - width: 640 height: 480 method: scale - width: 800 height: 600 method: scale url_preview_enabled: true url_preview_ip_range_blacklist: - '127.0.0.0/8' - '10.0.0.0/8' - '172.16.0.0/12' - '192.168.0.0/16' - '100.64.0.0/10' - '169.254.0.0/16' - '::1/128' - 'fe80::/64' - 'fc00::/7' url_preview_url_blacklist: - username: '*' - netloc: 'google.com' - netloc: '*.google.com' - netloc: 'twitter.com' - netloc: '*.twitter.com' - netloc: 't.co' - netloc: '*.t.co' max_spider_size: "10M" enable_registration: False registration_shared_secret: >- {{ registration_shared_secret_file.content | b64decode }} form_secret: "{{ form_secret_file.content | b64decode }}" bcrypt_rounds: 12 allow_guest_access: False trusted_third_party_id_servers: - matrix.org - vector.im autocreate_auto_join_rooms: true enable_metrics: "{{ matrix_synapse_metrics_enabled }}" report_stats: "{{ matrix_synapse_report_stats }}" app_service_config_files: [] track_appservice_user_ips: False macaroon_secret_key: "{{ macaroon_file.content | b64decode }}" expire_access_token: False signing_key_path: "{{ matrix_synapse_signing_key_path }}" old_signing_keys: {} key_refresh_interval: "1d" # 1 Day. # TODO: More servers should be added perspectives: servers: "matrix.org": verify_keys: "ed25519:auto": key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" password_config: enabled: true push: include_content: false enable_group_creation: true alias_creation_rules: - user_id: "*" alias: "*" action: allow matrix_synapse_docker_labels_complete: "{{ matrix_synapse_docker_labels_base | combine(matrix_synapse_docker_labels) }}" matrix_synapse_docker_labels_base: version: "{{ matrix_synapse_version if (matrix_synapse_container_tag == 'v' + matrix_synapse_version) else matrix_synapse_container_tag }}" matrix_synapse_worker_labels_base: "{{ matrix_synapse_docker_labels_base }}" # Control where which paths get routed matrix_synapse_worker_client_sync_endpoints: - "/_matrix/client/(v2_alpha|r0)/sync$" - "/_matrix/client/(api/v1|v2_alpha|r0)/events$" - "/_matrix/client/(api/v1|r0)/initialSync$" - "/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$" matrix_synapse_worker_client_api_endpoints: - "/_matrix/client/(api/v1|r0|unstable)/createRoom$" - "/_matrix/client/(api/v1|r0|unstable)/publicRooms$" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$" - "/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$" - "/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$" - "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" - "/_matrix/client/(api/v1|r0|unstable)/account/3pid$" - "/_matrix/client/(api/v1|r0|unstable)/devices$" - "/_matrix/client/(api/v1|r0|unstable)/keys/query$" - "/_matrix/client/(api/v1|r0|unstable)/keys/changes$" - "/_matrix/client/versions$" - "/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$" - "/_matrix/client/(api/v1|r0|unstable)/joined_groups$" - "/_matrix/client/(api/v1|r0|unstable)/publicised_groups$" - "/_matrix/client/(api/v1|r0|unstable)/publicised_groups/" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/" - "/_matrix/client/(api/v1|r0|unstable)/joined_rooms$" - "/_matrix/client/(api/v1|r0|unstable)/search$" matrix_synapse_worker_client_send_endpoints: - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/" - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" - "/_matrix/client/(api/v1|r0|unstable)/join/" - "/_matrix/client/(api/v1|r0|unstable)/profile/" matrix_synapse_worker_client_login_endpoints: - "/_matrix/client/(api/v1|r0|unstable)/login$" - "/_matrix/client/(r0|unstable)/register$" - "/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$" matrix_synapse_worker_federation_endpoints: - "/_matrix/federation/v1/event/" - "/_matrix/federation/v1/state/" - "/_matrix/federation/v1/state_ids/" - "/_matrix/federation/v1/backfill/" - "/_matrix/federation/v1/get_missing_events/" - "/_matrix/federation/v1/publicRooms" - "/_matrix/federation/v1/query/" - "/_matrix/federation/v1/make_join/" - "/_matrix/federation/v1/make_leave/" - "/_matrix/federation/v1/send_join/" - "/_matrix/federation/v2/send_join/" - "/_matrix/federation/v1/send_leave/" - "/_matrix/federation/v2/send_leave/" - "/_matrix/federation/v1/invite/" - "/_matrix/federation/v2/invite/" - "/_matrix/federation/v1/query_auth/" - "/_matrix/federation/v1/event_auth/" - "/_matrix/federation/v1/exchange_third_party_invite/" - "/_matrix/federation/v1/user/devices/" - "/_matrix/federation/v1/get_groups_publicised$" - "/_matrix/key/v2/query" - "/_matrix/federation/unstable/org.matrix.msc2946/spaces/" - "/_matrix/federation/unstable/org.matrix.msc2946/hierarchy/" - "/_matrix/federation/v1/send/" matrix_synapse_worker_media_endpoints: - "/_matrix/media/" - "/_synapse/admin/v1/purge_media_cache$" - "/_synapse/admin/v1/room/.*/media.*$" - "/_synapse/admin/v1/user/.*/media.*$" - "/_synapse/admin/v1/media/.*$" - "/_synapse/admin/v1/quarantine_media/.*$" matrix_synapse_worker_user_search_endpoints: - "/_matrix/client/(api/v1|r0|unstable)/user_directory/search$" matrix_synapse_worker_sso_generic_endpoints: - "/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect" - "/_synapse/client/pick_idp$" - "/_synapse/client/pick_username" - "/_synapse/client/new_user_consent$" - "/_synapse/client/sso_register$" matrix_synapse_worker_sso_oidc_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/oidc/callback$' ] }}" matrix_synapse_worker_sso_saml_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/saml2/authn_response$' ] }}" matrix_synapse_worker_sso_cas_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_matrix/client/(api/v1|r0|unstable)/login/cas/ticket$' ] }}"