ansible-collection-famedly-matrix/roles/synapse/vars/main.yml

---
matrix_synapse_docker_volumes: "{{ matrix_synapse_base_docker_volumes + matrix_synapse_extra_docker_volumes }}"
matrix_synapse_base_docker_volumes:
  - "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}"
  - "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}"
  - "{{ matrix_synapse_base_path }}/homeserver.yaml:{{ matrix_synapse_base_path }}/homeserver.yaml"
  - "{{ matrix_synapse_base_path }}/log.config:{{ matrix_synapse_base_path }}/log.config"
  - "{{ matrix_synapse_base_path }}/tls:{{ matrix_synapse_base_path }}/tls"
matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}"

# Worker-specific config
matrix_synapse_media_worker_override: {}
matrix_synapse_fed_sender_override: {}
matrix_synapse_worker_fed_senders: []
matrix_synapse_worker_metrics_listener:
  - type: metrics
    port: "{{ matrix_synapse_worker_metrics_port }}"
matrix_synapse_worker_config:
  start_pushers: "{{ not matrix_synapse_worker_push }}"
  notify_appservices: "{{ not matrix_synapse_worker_appservice }}"
  update_user_directory: "{{ not matrix_synapse_worker_user_search }}"
  listeners:
    - port: "{{ matrix_synapse_worker_replication_port }}"
      bind_addresses:
      - "{{ matrix_synapse_worker_replication_bind_ip }}"
      type: http
      resources:
        - names: [ replication ]

# homeserver.yml
matrix_synapse_base_config:
  server_name: "{{ matrix_server_name }}"
  tls_certificate_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.crt"
  tls_private_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.key"
  acme:
    enabled: false 
    url: https://acme-v01.api.letsencrypt.org/directory
    port: 80
    bind_addresses: ['::', '0.0.0.0']
    reprovision_threshold: 30
  no_tls: false
  tls_fingerprints: []
  pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
  soft_file_limit: 0
  use_presence: true
  listeners:
    - port: 8448
      bind_addresses:
        - '::'
        - '0.0.0.0'
      type: http
      tls: true
      x_forwarded: false
      resources:
        - names: [client]
          compress: true
        - names: [federation]
          compress: false
    - port: 8008
      tls: false
      bind_addresses:
        - '::'
        - '0.0.0.0'
      type: http
      x_forwarded: false
      resources:
        - names: [client]
          compress: true
        - names: [federation]
          compress: false
  database:
    name: "psycopg2"
    args:
      user: "{{ matrix_synapse_pg_user }}"
      password: "{{ matrix_synapse_pg_pass }}"
      database: "{{ matrix_synapse_pg_db }}"
      host: "{{ matrix_synapse_pg_host }}"
      cp_min: 5
      cp_max: 10
  redis:
    enabled: "{{ matrix_synapse_redis_enabled }}"
    host: "{{ matrix_synapse_redis_host }}"
    port: "{{ matrix_synapse_redis_port }}"
    password: "{{ matrix_synapse_redis_pass }}"
  log_config: "{{ matrix_synapse_base_path }}/log.config"
  event_cache_size: "10K"
  rc_messages_per_second: 0.2
  rc_message_burst_count: 10.0
  federation_rc_window_size: 1000
  federation_rc_sleep_limit: 10
  federation_rc_sleep_delay: 500
  federation_rc_reject_limit: 50
  federation_rc_concurrent: 3
  media_store_path: "{{ matrix_synapse_base_path }}/media_store"
  uploads_path: "{{ matrix_synapse_base_path }}/uploads"
  max_upload_size: "23M"
  max_image_pixels: "32M"
  dynamic_thumbnails: false
  thumbnail_sizes:
  - width: 32
    height: 32
    method: crop
  - width: 96
    height: 96
    method: crop
  - width: 320
    height: 240
    method: scale
  - width: 640
    height: 480
    method: scale
  - width: 800
    height: 600
    method: scale
  url_preview_enabled: true 
  url_preview_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '169.254.0.0/16'
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'
  url_preview_url_blacklist:
  - username: '*'
  - netloc: 'google.com'
  - netloc: '*.google.com'
  - netloc: 'twitter.com'
  - netloc: '*.twitter.com'
  - netloc: 't.co'
  - netloc: '*.t.co'
  max_spider_size: "10M"
  enable_registration: False
  registration_shared_secret: >
    "{{ registration_shared_secret_file.content | b64decode }}"    
  form_secret: "{{ form_secret_file.content | b64decode }}"
  bcrypt_rounds: 12
  allow_guest_access: False
  trusted_third_party_id_servers:
      - matrix.org
      - vector.im
  autocreate_auto_join_rooms: true
  enable_metrics: False
  report_stats: "{{ matrix_synapse_report_stats }}" 
  room_invite_state_types:
      - "m.room.join_rules"
      - "m.room.canonical_alias"
      - "m.room.avatar"
      - "m.room.name"
  app_service_config_files: []
  track_appservice_user_ips: False
  macaroon_secret_key: "{{ macaroon_file.content | b64decode }}"
  expire_access_token: False
  signing_key_path: "{{ matrix_synapse_signing_key_path }}"
  old_signing_keys: {}
  key_refresh_interval: "1d" # 1 Day.
  # TODO: More servers should be added
  perspectives:
    servers:
      "matrix.org":
        verify_keys:
          "ed25519:auto":
            key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
  password_config:
    enabled: true
  push:
    include_content: false 
  enable_group_creation: true
  alias_creation_rules:
      - user_id: "*"
        alias: "*"
        action: allow
matrix_synapse_docker_labels_complete: "{{ matrix_synapse_docker_labels_base | combine(matrix_synapse_docker_labels) }}"
matrix_synapse_docker_labels_base:
  version: "{{ matrix_synapse_version }}"


# Control where which paths get routed
matrix_synapse_worker_client_sync_endpoints:
  - "/_matrix/client/(v2_alpha|r0)/sync$"
  - "/_matrix/client/(api/v1|v2_alpha|r0)/events$"
  - "/_matrix/client/(api/v1|r0)/initialSync$"
  - "/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$"
matrix_synapse_worker_client_api_endpoints:
  - "/_matrix/client/(api/v1|r0|unstable)/publicRooms$"
  - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$"
  - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$"
  - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$"
  - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$"
  - "/_matrix/client/(api/v1|r0|unstable)/account/3pid$"
  - "/_matrix/client/(api/v1|r0|unstable)/keys/query$"
  - "/_matrix/client/(api/v1|r0|unstable)/keys/changes$"
  - "/_matrix/client/versions$"
  - "/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$"
  - "/_matrix/client/(api/v1|r0|unstable)/joined_groups$"
  - "/_matrix/client/(api/v1|r0|unstable)/publicised_groups$"
  - "/_matrix/client/(api/v1|r0|unstable)/publicised_groups/"
  - "/_synapse/client/password_reset/email/submit_token$"
matrix_synapse_worker_client_send_endpoints:
  - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send"
  - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/"
  - "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"
  - "/_matrix/client/(api/v1|r0|unstable)/join/"
  - "/_matrix/client/(api/v1|r0|unstable)/profile/"
matrix_synapse_worker_client_login_endpoints:
  - "/_matrix/client/(api/v1|r0|unstable)/login$"
  - "/_matrix/client/(r0|unstable)/register$"
  - "/_matrix/client/(r0|unstable)/auth/.*/fallback/web$"
matrix_synapse_worker_federation_endpoints:
  - "/_matrix/federation/v1/event/"
  - "/_matrix/federation/v1/state/"
  - "/_matrix/federation/v1/state_ids/"
  - "/_matrix/federation/v1/backfill/"
  - "/_matrix/federation/v1/get_missing_events/"
  - "/_matrix/federation/v1/publicRooms"
  - "/_matrix/federation/v1/query/"
  - "/_matrix/federation/v1/make_join/"
  - "/_matrix/federation/v1/make_leave/"
  - "/_matrix/federation/v1/send_join/"
  - "/_matrix/federation/v2/send_join/"
  - "/_matrix/federation/v1/send_leave/"
  - "/_matrix/federation/v2/send_leave/"
  - "/_matrix/federation/v1/invite/"
  - "/_matrix/federation/v2/invite/"
  - "/_matrix/federation/v1/query_auth/"
  - "/_matrix/federation/v1/event_auth/"
  - "/_matrix/federation/v1/exchange_third_party_invite/"
  - "/_matrix/federation/v1/user/devices/"
  - "/_matrix/federation/v1/get_groups_publicised$"
  - "/_matrix/key/v2/query"
  - "/_matrix/federation/v1/send/"
matrix_synapse_worker_media_endpoints:
  - "/_matrix/media/"
  - "/_synapse/admin/v1/purge_media_cache$"
  - "/_synapse/admin/v1/room/.*/media.*$"
  - "/_synapse/admin/v1/user/.*/media.*$"
  - "/_synapse/admin/v1/media/.*$"
  - "/_synapse/admin/v1/quarantine_media/.*$"
matrix_synapse_worker_user_search_endpoints:
  - "/_matrix/client/(api/v1|r0|unstable)/user_directory/search$"