ansible-collection-famedly-.../roles/synapse/vars/main.yml
2023-05-25 18:49:10 +02:00

276 lines
11 KiB
YAML

---
matrix_synapse_docker_volumes: "{{ matrix_synapse_base_docker_volumes + matrix_synapse_extra_docker_volumes }}"
matrix_synapse_base_docker_volumes:
- "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}"
- "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}"
- "{{ matrix_synapse_base_path }}/homeserver.yaml:{{ matrix_synapse_base_path }}/homeserver.yaml"
- "{{ matrix_synapse_base_path }}/log.config:{{ matrix_synapse_base_path }}/log.config"
- "{{ matrix_synapse_base_path }}/tls:{{ matrix_synapse_base_path }}/tls"
matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}"
# Worker-specific config
matrix_synapse_media_worker_override: {}
matrix_synapse_fed_sender_override: {}
matrix_synapse_pusher_override: {}
matrix_synapse_appservice_override: {}
matrix_synapse_user_dir_override: {}
matrix_synapse_worker_fed_senders: []
matrix_synapse_worker_metrics_listener:
- type: metrics
port: "{{ matrix_synapse_worker_metrics_port }}"
matrix_synapse_worker_config:
listeners:
- port: "{{ matrix_synapse_worker_replication_port }}"
bind_addresses:
- "{{ matrix_synapse_worker_replication_bind_ip }}"
type: http
resources:
- names: [ replication ]
# homeserver.yml
matrix_synapse_base_config:
server_name: "{{ matrix_server_name }}"
public_baseurl: "{{ matrix_synapse_public_baseurl }}"
tls_certificate_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.crt"
tls_private_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.key"
acme:
enabled: false
url: https://acme-v01.api.letsencrypt.org/directory
port: 80
bind_addresses: ['::', '0.0.0.0']
reprovision_threshold: 30
no_tls: false
tls_fingerprints: []
pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
soft_file_limit: 0
use_presence: true
listeners:
- port: 8448
bind_addresses:
- '::'
- '0.0.0.0'
type: http
tls: true
x_forwarded: false
resources:
- names: [client]
compress: true
- names: [federation]
compress: false
- port: 8008
tls: false
bind_addresses:
- '::'
- '0.0.0.0'
type: http
x_forwarded: false
resources:
- names: [client]
compress: true
- names: [federation]
compress: false
database:
name: "psycopg2"
args:
user: "{{ matrix_synapse_pg_user }}"
password: "{{ matrix_synapse_pg_pass }}"
database: "{{ matrix_synapse_pg_db }}"
host: "{{ matrix_synapse_pg_host }}"
cp_min: 5
cp_max: 10
redis:
enabled: "{{ matrix_synapse_redis_enabled }}"
host: "{{ matrix_synapse_redis_host }}"
port: "{{ matrix_synapse_redis_port }}"
password: "{{ matrix_synapse_redis_pass }}"
log_config: "{{ matrix_synapse_base_path }}/log.config"
event_cache_size: "10K"
rc_messages_per_second: 0.2
rc_message_burst_count: 10.0
federation_rc_window_size: 1000
federation_rc_sleep_limit: 10
federation_rc_sleep_delay: 500
federation_rc_reject_limit: 50
federation_rc_concurrent: 3
media_store_path: "{{ matrix_synapse_base_path }}/media_store"
uploads_path: "{{ matrix_synapse_base_path }}/uploads"
max_upload_size: "23M"
max_image_pixels: "32M"
dynamic_thumbnails: false
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: true
url_preview_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
url_preview_url_blacklist:
- username: '*'
- netloc: 'google.com'
- netloc: '*.google.com'
- netloc: 'twitter.com'
- netloc: '*.twitter.com'
- netloc: 't.co'
- netloc: '*.t.co'
max_spider_size: "10M"
enable_registration: False
registration_shared_secret: >-
{{ registration_shared_secret_file.content | b64decode }}
form_secret: "{{ form_secret_file.content | b64decode }}"
bcrypt_rounds: 12
allow_guest_access: False
trusted_third_party_id_servers:
- matrix.org
- vector.im
autocreate_auto_join_rooms: true
enable_metrics: "{{ matrix_synapse_metrics_enabled }}"
report_stats: "{{ matrix_synapse_report_stats }}"
app_service_config_files: []
track_appservice_user_ips: False
macaroon_secret_key: "{{ macaroon_file.content | b64decode }}"
expire_access_token: False
signing_key_path: "{{ matrix_synapse_signing_key_path }}"
old_signing_keys: {}
key_refresh_interval: "1d" # 1 Day.
# TODO: More servers should be added
perspectives:
servers:
"matrix.org":
verify_keys:
"ed25519:auto":
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
password_config:
enabled: true
push:
include_content: false
enable_group_creation: true
alias_creation_rules:
- user_id: "*"
alias: "*"
action: allow
matrix_synapse_docker_labels_complete: "{{ matrix_synapse_docker_labels_base | combine(matrix_synapse_docker_labels) }}"
matrix_synapse_docker_labels_base:
version: "{{ matrix_synapse_container_image_tag | default(matrix_synapse_version) }}"
matrix_synapse_worker_labels_base: "{{ matrix_synapse_docker_labels_base }}"
# Control where which paths get routed
matrix_synapse_worker_client_sync_endpoints:
- "/_matrix/client/(r0|v3)/sync$"
- "/_matrix/client/(api/v1|r0|v3)/events$"
- "/_matrix/client/(api/v1|r0|v3)/initialSync$"
- "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$"
matrix_synapse_worker_client_api_endpoints:
- "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$"
- "/_matrix/client/(v1|unstable)/org.matrix.msc2946/rooms/.*/hierarchy$"
- "/_matrix/client/(v1|unstable)/rooms/.*/relations/"
- "/_matrix/client/v1/rooms/.*/threads$"
- "/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$"
- "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$"
- "/_matrix/client/(r0|v3|unstable)/account/whoami$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/devices$"
- "/_matrix/client/versions$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/"
- "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$"
- "/_matrix/client/v1/rooms/.*/timestamp_to_event$"
- "/_matrix/client/(api/v1|r0|v3|unstable/.*)/rooms/.*/aliases"
- "/_matrix/client/(api/v1|r0|v3|unstable)/search$"
- "/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$)"
- "/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$"
- "/_matrix/client/(r0|v3|unstable)/capabilities$"
matrix_synapse_worker_client_encryption_endpoints:
- "/_matrix/client/(r0|v3|unstable)/keys/query$"
- "/_matrix/client/(r0|v3|unstable)/keys/changes$"
- "/_matrix/client/(r0|v3|unstable)/keys/claim$"
- "/_matrix/client/(r0|v3|unstable)/room_keys/"
- "/_matrix/client/(r0|v3|unstable)/keys/upload/"
matrix_synapse_worker_client_login_endpoints:
- "/_matrix/client/(api/v1|r0|v3|unstable)/login$"
- "/_matrix/client/(r0|v3|unstable)/register$"
- "/_matrix/client/(r0|v3|unstable)/register/available$"
- "/_matrix/client/v1/register/m.login.registration_token/validity$"
- "/_matrix/client/(r0|v3|unstable)/password_policy$"
matrix_synapse_worker_client_send_endpoints:
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/"
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"
- "/_matrix/client/(api/v1|r0|v3|unstable)/join/"
- "/_matrix/client/(api/v1|r0|v3|unstable)/knock/"
- "/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
matrix_synapse_worker_client_device_endpoints:
- "/_matrix/client/(r0|v3|unstable)/sendToDevice/"
matrix_synapse_worker_client_account_data_endpoints:
- "/_matrix/client/(r0|v3|unstable)/.*/tags"
- "/_matrix/client/(r0|v3|unstable)/.*/account_data"
matrix_synapse_worker_client_receipts_endpoints:
- "/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt"
- "/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers"
matrix_synapse_worker_client_presence_endpoints:
- "/_matrix/client/(api/v1|r0|v3|unstable)/presence/"
matrix_synapse_worker_federation_endpoints:
- "/_matrix/federation/v1/event/"
- "/_matrix/federation/v1/state/"
- "/_matrix/federation/v1/state_ids/"
- "/_matrix/federation/v1/backfill/"
- "/_matrix/federation/v1/get_missing_events/"
- "/_matrix/federation/v1/publicRooms"
- "/_matrix/federation/v1/query/"
- "/_matrix/federation/v1/make_join/"
- "/_matrix/federation/v1/make_leave/"
- "/_matrix/federation/(v1|v2)/send_join/"
- "/_matrix/federation/(v1|v2)/send_leave/"
- "/_matrix/federation/(v1|v2)/invite/"
- "/_matrix/federation/v1/event_auth/"
- "/_matrix/federation/v1/timestamp_to_event/"
- "/_matrix/federation/v1/exchange_third_party_invite/"
- "/_matrix/federation/v1/user/devices/"
- "/_matrix/key/v2/query"
- "/_matrix/federation/v1/hierarchy/"
matrix_synapse_worker_inbound_federation_transaction_request_endpoint:
- "/_matrix/federation/v1/send/"
matrix_synapse_worker_media_endpoints:
- "/_matrix/media/"
- "/_synapse/admin/v1/purge_media_cache$"
- "/_synapse/admin/v1/room/.*/media.*$"
- "/_synapse/admin/v1/user/.*/media.*$"
- "/_synapse/admin/v1/media/.*$"
- "/_synapse/admin/v1/quarantine_media/.*$"
- "/_synapse/admin/v1/users/.*/media$"
matrix_synapse_worker_user_search_endpoints:
- "/_matrix/client/(api/v1|r0|unstable)/user_directory/search$"
matrix_synapse_worker_sso_generic_endpoints:
- "/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect"
- "/_synapse/client/pick_idp$"
- "/_synapse/client/pick_username"
- "/_synapse/client/new_user_consent$"
- "/_synapse/client/sso_register$"
matrix_synapse_worker_sso_oidc_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/oidc/callback$' ] }}"
matrix_synapse_worker_sso_saml_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/saml2/authn_response$' ] }}"
matrix_synapse_worker_sso_cas_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$' ] }}"