--- matrix_synapse_docker_volumes: "{{ matrix_synapse_base_docker_volumes + matrix_synapse_extra_docker_volumes }}" matrix_synapse_base_docker_volumes: - "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}" - "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}" - "{{ matrix_synapse_base_path }}/homeserver.yaml:{{ matrix_synapse_base_path }}/homeserver.yaml" - "{{ matrix_synapse_base_path }}/log.config:{{ matrix_synapse_base_path }}/log.config" - "{{ matrix_synapse_base_path }}/tls:{{ matrix_synapse_base_path }}/tls" matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}" # Worker-specific config matrix_synapse_worker_fed_senders: >-2 {{ ['worker_fed_out_'] | product(range(1, matrix_synapse_workers_federation_out + 1)) | list | map('join', '') }} matrix_synapse_worker_metrics_listener: - type: metrics port: "{{ matrix_synapse_worker_metrics_port }}" matrix_synapse_worker_config_base: listeners: - port: "{{ matrix_synapse_worker_replication_port }}" bind_addresses: "{{ matrix_synapse_worker_replication_bind_addresses }}" type: http resources: - names: [ replication ] instance_map: main: host: "{{ matrix_synapse_worker_replication_host }}" port: "{{ matrix_synapse_worker_replication_port }}" matrix_synapse_worker_config_media: enable_media_repo: false media_instance_running_background_jobs: "worker_media_1" matrix_synapse_worker_config_federation_sender: federation_sender_instances: "{{ matrix_synapse_worker_fed_senders }}" matrix_synapse_worker_config_pusher: pusher_instances: ["worker_pusher"] matrix_synapse_worker_config_appservice: notify_appservices_from_worker: "worker_appservice" matrix_synapse_worker_config_user_dir: update_user_directory_from_worker: "worker_user_dir" matrix_synapse_worker_config: >-2 {{ ( [matrix_synapse_worker_config_base] + ([matrix_synapse_worker_config_media] if matrix_synapse_workers_media > 0 else []) + ([matrix_synapse_worker_config_federation_sender] if matrix_synapse_workers_federation_out > 0 else []) + ([matrix_synapse_worker_config_pusher] if matrix_synapse_worker_push else []) + ([matrix_synapse_worker_config_appservice] if matrix_synapse_worker_appservice else []) + ([matrix_synapse_worker_config_user_dir] if matrix_synapse_worker_user_search else []) ) | combine(recursive=True) }} # homeserver.yml matrix_synapse_base_config: server_name: "{{ matrix_server_name }}" public_baseurl: "{{ matrix_synapse_public_baseurl }}" tls_certificate_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.crt" tls_private_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.key" acme: enabled: false url: https://acme-v01.api.letsencrypt.org/directory port: 80 bind_addresses: ['::', '0.0.0.0'] reprovision_threshold: 30 no_tls: false tls_fingerprints: [] pid_file: "{{ matrix_synapse_base_path }}/synapse.pid" soft_file_limit: 0 use_presence: true listeners: - port: 8448 bind_addresses: - '::' - '0.0.0.0' type: http tls: true x_forwarded: false resources: - names: [client] compress: true - names: [federation] compress: false - port: 8008 tls: false bind_addresses: - '::' - '0.0.0.0' type: http x_forwarded: false resources: - names: [client] compress: true - names: [federation] compress: false database: name: "psycopg2" args: user: "{{ matrix_synapse_pg_user }}" password: "{{ matrix_synapse_pg_pass }}" database: "{{ matrix_synapse_pg_db }}" host: "{{ matrix_synapse_pg_host }}" cp_min: 5 cp_max: 10 redis: enabled: "{{ matrix_synapse_redis_enabled }}" host: "{{ matrix_synapse_redis_host }}" port: "{{ matrix_synapse_redis_port }}" password: "{{ matrix_synapse_redis_pass }}" log_config: "{{ matrix_synapse_base_path }}/log.config" event_cache_size: "10K" rc_messages_per_second: 0.2 rc_message_burst_count: 10.0 federation_rc_window_size: 1000 federation_rc_sleep_limit: 10 federation_rc_sleep_delay: 500 federation_rc_reject_limit: 50 federation_rc_concurrent: 3 media_store_path: "{{ matrix_synapse_base_path }}/media_store" uploads_path: "{{ matrix_synapse_base_path }}/uploads" max_upload_size: "23M" max_image_pixels: "32M" dynamic_thumbnails: false thumbnail_sizes: - width: 32 height: 32 method: crop - width: 96 height: 96 method: crop - width: 320 height: 240 method: scale - width: 640 height: 480 method: scale - width: 800 height: 600 method: scale url_preview_enabled: true url_preview_ip_range_blacklist: - '127.0.0.0/8' - '10.0.0.0/8' - '172.16.0.0/12' - '192.168.0.0/16' - '100.64.0.0/10' - '169.254.0.0/16' - '::1/128' - 'fe80::/64' - 'fc00::/7' url_preview_url_blacklist: - username: '*' - netloc: 'google.com' - netloc: '*.google.com' - netloc: 'twitter.com' - netloc: '*.twitter.com' - netloc: 't.co' - netloc: '*.t.co' max_spider_size: "10M" enable_registration: False registration_shared_secret: >- {{ registration_shared_secret_file.content | b64decode }} form_secret: "{{ form_secret_file.content | b64decode }}" bcrypt_rounds: 12 allow_guest_access: False trusted_third_party_id_servers: - matrix.org - vector.im autocreate_auto_join_rooms: true enable_metrics: "{{ matrix_synapse_metrics_enabled }}" report_stats: "{{ matrix_synapse_report_stats }}" app_service_config_files: [] track_appservice_user_ips: False macaroon_secret_key: "{{ macaroon_file.content | b64decode }}" expire_access_token: False signing_key_path: "{{ matrix_synapse_signing_key_path }}" old_signing_keys: {} key_refresh_interval: "1d" # 1 Day. # TODO: More servers should be added perspectives: servers: "matrix.org": verify_keys: "ed25519:auto": key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" password_config: enabled: true push: include_content: false enable_group_creation: true alias_creation_rules: - user_id: "*" alias: "*" action: allow matrix_synapse_docker_labels_complete: "{{ matrix_synapse_docker_labels_base | combine(matrix_synapse_docker_labels) }}" matrix_synapse_docker_labels_base: version: "{{ matrix_synapse_container_image_tag | default(matrix_synapse_version) }}" matrix_synapse_worker_labels_base: "{{ matrix_synapse_docker_labels_base }}" # Control where which paths get routed matrix_synapse_worker_client_sync_endpoints: - "/_matrix/client/(r0|v3)/sync$" - "/_matrix/client/(api/v1|r0|v3)/events$" - "/_matrix/client/(api/v1|r0|v3)/initialSync$" - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" matrix_synapse_worker_client_api_endpoints: - "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" - "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" - "/_matrix/client/(v1|unstable)/org.matrix.msc2946/rooms/.*/hierarchy$" - "/_matrix/client/(v1|unstable)/rooms/.*/relations/" - "/_matrix/client/v1/rooms/.*/threads$" - "/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" - "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" - "/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$" - "/_matrix/client/(r0|v3|unstable)/account/whoami$" - "/_matrix/client/(api/v1|r0|v3|unstable)/devices$" - "/_matrix/client/versions$" - "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" - "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" - "/_matrix/client/v1/rooms/.*/timestamp_to_event$" - "/_matrix/client/(api/v1|r0|v3|unstable/.*)/rooms/.*/aliases" - "/_matrix/client/(api/v1|r0|v3|unstable)/search$" - "/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$)" - "/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$" - "/_matrix/client/(r0|v3|unstable)/capabilities$" matrix_synapse_worker_client_encryption_endpoints: - "/_matrix/client/(r0|v3|unstable)/keys/query$" - "/_matrix/client/(r0|v3|unstable)/keys/changes$" - "/_matrix/client/(r0|v3|unstable)/keys/claim$" - "/_matrix/client/(r0|v3|unstable)/room_keys/" - "/_matrix/client/(r0|v3|unstable)/keys/upload/" matrix_synapse_worker_client_login_endpoints: - "/_matrix/client/(api/v1|r0|v3|unstable)/login$" - "/_matrix/client/(r0|v3|unstable)/register$" - "/_matrix/client/(r0|v3|unstable)/register/available$" - "/_matrix/client/v1/register/m.login.registration_token/validity$" - "/_matrix/client/(r0|v3|unstable)/password_policy$" matrix_synapse_worker_client_send_endpoints: - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" - "/_matrix/client/(api/v1|r0|v3|unstable)/join/" - "/_matrix/client/(api/v1|r0|v3|unstable)/knock/" - "/_matrix/client/(api/v1|r0|v3|unstable)/profile/" matrix_synapse_worker_client_device_endpoints: - "/_matrix/client/(r0|v3|unstable)/sendToDevice/" matrix_synapse_worker_client_account_data_endpoints: - "/_matrix/client/(r0|v3|unstable)/.*/tags" - "/_matrix/client/(r0|v3|unstable)/.*/account_data" matrix_synapse_worker_client_receipts_endpoints: - "/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" - "/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" matrix_synapse_worker_client_presence_endpoints: - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/" matrix_synapse_worker_federation_endpoints: - "/_matrix/federation/v1/event/" - "/_matrix/federation/v1/state/" - "/_matrix/federation/v1/state_ids/" - "/_matrix/federation/v1/backfill/" - "/_matrix/federation/v1/get_missing_events/" - "/_matrix/federation/v1/publicRooms" - "/_matrix/federation/v1/query/" - "/_matrix/federation/v1/make_join/" - "/_matrix/federation/v1/make_leave/" - "/_matrix/federation/(v1|v2)/send_join/" - "/_matrix/federation/(v1|v2)/send_leave/" - "/_matrix/federation/(v1|v2)/invite/" - "/_matrix/federation/v1/event_auth/" - "/_matrix/federation/v1/timestamp_to_event/" - "/_matrix/federation/v1/exchange_third_party_invite/" - "/_matrix/federation/v1/user/devices/" - "/_matrix/key/v2/query" - "/_matrix/federation/v1/hierarchy/" matrix_synapse_worker_inbound_federation_transaction_request_endpoint: - "/_matrix/federation/v1/send/" matrix_synapse_worker_media_endpoints: - "/_matrix/media/" - "/_synapse/admin/v1/purge_media_cache$" - "/_synapse/admin/v1/room/.*/media.*$" - "/_synapse/admin/v1/user/.*/media.*$" - "/_synapse/admin/v1/media/.*$" - "/_synapse/admin/v1/quarantine_media/.*$" - "/_synapse/admin/v1/users/.*/media$" matrix_synapse_worker_user_search_endpoints: - "/_matrix/client/(api/v1|r0|unstable)/user_directory/search$" matrix_synapse_worker_sso_generic_endpoints: - "/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect" - "/_synapse/client/pick_idp$" - "/_synapse/client/pick_username" - "/_synapse/client/new_user_consent$" - "/_synapse/client/sso_register$" matrix_synapse_worker_sso_oidc_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/oidc/callback$' ] }}" matrix_synapse_worker_sso_saml_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/saml2/authn_response$' ] }}" matrix_synapse_worker_sso_cas_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$' ] }}"