|
@@ -0,0 +1,405 @@
|
|
|
+# Configuration file for Sydent.
|
|
|
+#
|
|
|
+# This is a YAML file: see [1] for a quick introduction. Note in particular
|
|
|
+# that *indentation is important*: all the elements of a list or dictionary
|
|
|
+# should have the same indentation.
|
|
|
+#
|
|
|
+# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
|
|
+
|
|
|
+
|
|
|
+## General ##
|
|
|
+
|
|
|
+# The name of the server. Required.
|
|
|
+#
|
|
|
+server_name: SERVER_NAME
|
|
|
+
|
|
|
+# Settings for configuring logging.
|
|
|
+#
|
|
|
+logging:
|
|
|
+ # The path of the file to write the logs to OR 'stderr' to
|
|
|
+ # log to stderr. Defaults to 'stderr'.
|
|
|
+ #
|
|
|
+ #log_path: sydent.log
|
|
|
+
|
|
|
+ # The log level to use. This can be set to any level used by the python
|
|
|
+ # 'logging' module. Note: it should be in all caps. Defaults to 'INFO'
|
|
|
+ #
|
|
|
+ #log_level: DEBUG
|
|
|
+
|
|
|
+# The file to save Sydent's process ID (PID) to. Required.
|
|
|
+#
|
|
|
+pid_file: sydent.pid
|
|
|
+
|
|
|
+# The file where the terms and conditions are configured for Sydent.
|
|
|
+# Defaults to empty.
|
|
|
+#
|
|
|
+#terms_file: terms_and_conditions.yaml
|
|
|
+
|
|
|
+# The maximum number of addresses that someone can query in a single
|
|
|
+# /lookup request. Defaults to 10000.
|
|
|
+#
|
|
|
+#address_lookup_limit: 100
|
|
|
+
|
|
|
+# Whether clients and homeservers can register an association using v1
|
|
|
+# API endpoints. Defaults to 'true'.
|
|
|
+#
|
|
|
+#enable_v1_associations: false
|
|
|
+
|
|
|
+# Whether to delete invite tokens after successful binding has taken
|
|
|
+# place. Defaults to 'true'.
|
|
|
+#
|
|
|
+#delete_tokens_on_bind: false
|
|
|
+
|
|
|
+# Templating options. Sending a value for 'brand' to some API endpoints
|
|
|
+# allows for different email and http templates to be used. These
|
|
|
+# templates should be stored in a file structure like this:
|
|
|
+#
|
|
|
+# root_template_dir/
|
|
|
+# brand1/
|
|
|
+# invite_template.eml
|
|
|
+# verification_template.eml
|
|
|
+# verify_response_template.html
|
|
|
+# brand2/
|
|
|
+# invite_template.eml
|
|
|
+# verification_template.eml
|
|
|
+# verify_response_template.html
|
|
|
+#
|
|
|
+templates:
|
|
|
+ # The path of the root directory where template files are kept.
|
|
|
+ # Required.
|
|
|
+ #
|
|
|
+ root_directory: TEMPLATE_DIR
|
|
|
+
|
|
|
+ # TThe brand directory to use if no brand (or an invalid brand)
|
|
|
+ # is provided by the request. Defaults to 'matrix-org'.
|
|
|
+ #
|
|
|
+ #default_brand: awesome-brand-name
|
|
|
+
|
|
|
+# Settings for the prometheus metrics client
|
|
|
+#
|
|
|
+prometheus:
|
|
|
+ # Whether or not to enable prometheus. Defaults to 'false'.
|
|
|
+ #
|
|
|
+ #enabled: true
|
|
|
+
|
|
|
+ # The local IPv4 or IPv6 address to which to bind. Empty string
|
|
|
+ # means bind to all. Defaults to empty.
|
|
|
+ #
|
|
|
+ #bind_address: 192.168.0.18
|
|
|
+
|
|
|
+ # The port number on which to listen. Defaults to 8080.
|
|
|
+ #
|
|
|
+ #port: 8079
|
|
|
+
|
|
|
+# Settings for Sentry integration
|
|
|
+#
|
|
|
+sentry:
|
|
|
+ # Whether of not to enable Sentry. Defaults to 'false'.
|
|
|
+ #
|
|
|
+ #enabled: true
|
|
|
+
|
|
|
+ # The Sentry Data Source Name (DSN) to use. Defaults to empty.
|
|
|
+ #
|
|
|
+ #dsn: https://public_key@sentry.example.com/1
|
|
|
+
|
|
|
+# Settings for filtering outgoing requests based on the destination
|
|
|
+# IP address.
|
|
|
+#
|
|
|
+ip_filtering:
|
|
|
+ # A list of CIDR IP address ranges to block outbound requests to.
|
|
|
+ # Defaults to a list of private IP ranges to prevent DNS rebinding
|
|
|
+ # attacks. This list can be found in 'sydent/util/ip_range.py'.
|
|
|
+ #
|
|
|
+ #blacklist:
|
|
|
+ # - "::1/128"
|
|
|
+ # - "fe80::/10"
|
|
|
+ # - "fc00::/7"
|
|
|
+ # - "2001:db8::/32"
|
|
|
+ # - "ff00::/8"
|
|
|
+ # - "fec0::/10"
|
|
|
+
|
|
|
+ # List of IP address CIDR ranges that should be allowed for outbound
|
|
|
+ # requests. This is useful for specifying exceptions to wide-ranging
|
|
|
+ # blacklisted target IP ranges. This list overrides the blaclist.
|
|
|
+ # Defaults to empty.
|
|
|
+ #
|
|
|
+ #whitelist:
|
|
|
+ # - 192.168.0.23
|
|
|
+ # - 202.31.555.2
|
|
|
+
|
|
|
+
|
|
|
+## Database ##
|
|
|
+
|
|
|
+# The path to the SQLite database file for Sydent to use.
|
|
|
+# It can be set to ':memory:' to use a temporary database
|
|
|
+# in RAM instead of on disk. Required.
|
|
|
+#
|
|
|
+database_path: sydent.db
|
|
|
+
|
|
|
+
|
|
|
+## Crypto ##
|
|
|
+
|
|
|
+# The key used to sign JSON sent by this server. A new key can
|
|
|
+# be generated by running the generate-key script. Required.
|
|
|
+#
|
|
|
+ed25519_signing_key:
|
|
|
+
|
|
|
+
|
|
|
+## SMS ##
|
|
|
+
|
|
|
+# Settings to do with sending SMS validation texts
|
|
|
+#
|
|
|
+sms:
|
|
|
+ # The template to use for SMS validation texts. The string '{token}'
|
|
|
+ # will get replaced with the validation code.
|
|
|
+ # Defaults to 'Your code is {token}'.
|
|
|
+ #
|
|
|
+ #SMS_template: Your validation code is {token}
|
|
|
+
|
|
|
+ # Settings to connect to the OpenMarket SMS sender at
|
|
|
+ # https://smsc.openmarket.com/sms/v4/mt
|
|
|
+ #
|
|
|
+ openmarket_SMS_API:
|
|
|
+ # Username for the service. Defaults to empty.
|
|
|
+ #
|
|
|
+ #username: myusername
|
|
|
+
|
|
|
+ # Password for the service. Defaults to empty.
|
|
|
+ #
|
|
|
+ #password: mypassword
|
|
|
+
|
|
|
+ # Settings for the SMS originators based on country code
|
|
|
+ # An originator should be of the form '<long|short|alpha>:<originator>'
|
|
|
+ # e.g 'alpha:Matrix' or 'short:012345'
|
|
|
+ #
|
|
|
+ sms_originator:
|
|
|
+ # The list of originators to use by country code of the SMS
|
|
|
+ # recipient. The originator is chosend deterministically from
|
|
|
+ # this list so if someone requests multiple codes, they come
|
|
|
+ # from a consistent number. Defaults to empty.
|
|
|
+ #
|
|
|
+ #country_code:
|
|
|
+ # - 1: # US/Canada
|
|
|
+ # - long:12125552368
|
|
|
+ # - long:12125552369
|
|
|
+ # - 44: # UK
|
|
|
+ # - short:12345
|
|
|
+
|
|
|
+ # The default originator to use if nothing has been set for
|
|
|
+ # the country code of the SMS recipient. Defaults to 'alpha:Sydent'
|
|
|
+ #
|
|
|
+ #default: alpha:Matrix
|
|
|
+
|
|
|
+ # A blacklist of SMS recipient country codes. Verification texts
|
|
|
+ # to numbers in these countries will not be sent. Default to empty.
|
|
|
+ #
|
|
|
+ #country_code_blacklist:
|
|
|
+ # - 44 # UK
|
|
|
+ # - 33 # France
|
|
|
+ # - 276 # Germany
|
|
|
+
|
|
|
+
|
|
|
+## Emails ##
|
|
|
+
|
|
|
+# Email settings
|
|
|
+#
|
|
|
+email:
|
|
|
+ # SMTP server settings
|
|
|
+ #
|
|
|
+ SMTP:
|
|
|
+ # The address of the SMTP server. Defaults to 'localhost'.
|
|
|
+ #
|
|
|
+ #server: smtp.myemailsender.com
|
|
|
+
|
|
|
+ # The port to connect to the server on. Defaults to 25.
|
|
|
+ #
|
|
|
+ #port: 587
|
|
|
+
|
|
|
+ # The username for the SMTP server. Defaults to empty.
|
|
|
+ #
|
|
|
+ #username: sydent@myemailsender.com
|
|
|
+
|
|
|
+ # The password for the SMTP server. Defaults to empty.
|
|
|
+ #
|
|
|
+ #password: mypassword
|
|
|
+
|
|
|
+ # The security mode to use. This can take one of the following
|
|
|
+ # options:
|
|
|
+ #
|
|
|
+ # - None [Default]
|
|
|
+ # - TLS
|
|
|
+ # - SSL
|
|
|
+ # - STARTTLS
|
|
|
+ #
|
|
|
+ #tls_mode: TLS
|
|
|
+
|
|
|
+ # The fully qualified domain name (FQDN) to use with HELO/EHLO
|
|
|
+ # command. Defaults to domain name configured for local host.
|
|
|
+ #
|
|
|
+ #host_name: sydent.myserver.com
|
|
|
+
|
|
|
+ # Settings that affect the contents of Sydent's emails.
|
|
|
+ #
|
|
|
+ # Some of these settings are string templates and can take advantage
|
|
|
+ # of Sydent's string substitutions. Any parameters set in the body of
|
|
|
+ # a request to `/_matrix/identity/v2/store-invite` can be used. These
|
|
|
+ # may include the following:
|
|
|
+ #
|
|
|
+ # room_name - The name of the room to which the user is
|
|
|
+ # invited.
|
|
|
+ #
|
|
|
+ # room_alias - The cannonical room alias for the room to
|
|
|
+ # which the user is invited.
|
|
|
+ #
|
|
|
+ # sender_display_name - The display name of the user ID initiating
|
|
|
+ # the invite.
|
|
|
+ #
|
|
|
+ # For more options see https://matrix.org/docs/spec/identity_service/latest
|
|
|
+ #
|
|
|
+ # For example '%(room_alias)s' in a string template will be replaced by
|
|
|
+ # the value set for room_alias
|
|
|
+ #
|
|
|
+ contents:
|
|
|
+ # The email address that should appear to have been sent from. This
|
|
|
+ # should take the form: 'Display Name Here <actual.email@example.com>'
|
|
|
+ #
|
|
|
+ # Defaults to 'Sydent <noreply@example.com>'.
|
|
|
+ #
|
|
|
+ #sender: Server Name <noreply@example.com>
|
|
|
+
|
|
|
+ # The subject line of emails that invite someone to a room. This is
|
|
|
+ # a string template.
|
|
|
+ #
|
|
|
+ # Defaults to '%(sender_display_name)s has invited you to chat'.
|
|
|
+ #
|
|
|
+ #room_invite_subject: Invitation to %(room_alias)s
|
|
|
+
|
|
|
+ # The subject line of emails that invite someone to a space. This is
|
|
|
+ # a string template.
|
|
|
+ #
|
|
|
+ # Defaults to '%(sender_display_name)s has invited you to a space'.
|
|
|
+ #
|
|
|
+ #space_invite_subject: Invitation to %(room_alias)s
|
|
|
+
|
|
|
+ # The web client location which will be used if one is not provided by
|
|
|
+ # the homeserver. This should be of the form 'scheme://base.url.com/here'
|
|
|
+ #
|
|
|
+ # A homeserver can provide a default client by sending a value for
|
|
|
+ # 'org.matrix.web_client_location' in the request to '/store-invite'.
|
|
|
+ #
|
|
|
+ # Defaults to 'https://app.element.io'.
|
|
|
+ #
|
|
|
+ #default_matrix_client: https://fluffychat.im/web
|
|
|
+
|
|
|
+ # When a user is invited to a room via their email address, that invite is
|
|
|
+ # displayed in the room list using an obfuscated version of the user's email
|
|
|
+ # address. These config options determine how much of the email address to
|
|
|
+ # obfuscate. Note that the '@' sign is always included.
|
|
|
+ #
|
|
|
+ # If the string is longer than a configured limit below, it is truncated to
|
|
|
+ # that limit with '...' added. For shorter strings, the following rules are
|
|
|
+ # used:
|
|
|
+ #
|
|
|
+ # * If the string has more than 5 characters, it is truncated to 3 characters
|
|
|
+ # + '...' (e.g. 'username' would become 'use...')
|
|
|
+ #
|
|
|
+ # * If the string has between 2 and 5 characters inclusive, it is truncated
|
|
|
+ # to 1 character + '...' (e.g. 'user' would become 'u...')
|
|
|
+ #
|
|
|
+ # * If the string is 1 character long, it is converted to just '...'
|
|
|
+ # (e.g. 'a' would become '...')
|
|
|
+ #
|
|
|
+ # This ensures that a full email address is never shown, even if it is extremely
|
|
|
+ # short.
|
|
|
+ #
|
|
|
+ obfuscation_amounts:
|
|
|
+ # The number of characters from the beginning to reveal of the email's username
|
|
|
+ # portion (left of the '@' sign). Defaults to 3.
|
|
|
+ #
|
|
|
+ #username: 5
|
|
|
+
|
|
|
+ # The number of characters from the beginning to reveal of the email's domain
|
|
|
+ # portion (right of the '@' sign). Defaults to 3.
|
|
|
+ #
|
|
|
+ #domain: 5
|
|
|
+
|
|
|
+
|
|
|
+## HTTP ##
|
|
|
+
|
|
|
+# The base url of Sydent. This should be of the form
|
|
|
+# `scheme://base.url.com/here`. Required.
|
|
|
+#
|
|
|
+server_base_url: https://SERVER_NAME
|
|
|
+
|
|
|
+# Settings for the listening points for the various APIs
|
|
|
+#
|
|
|
+http_servers:
|
|
|
+ # Settings for the client API.
|
|
|
+ #
|
|
|
+ client_api:
|
|
|
+ # The local IPv4 or IPv6 address to which to bind. Defaults to '::1'.
|
|
|
+ #
|
|
|
+ #bind_address: 120.243.0.12
|
|
|
+ # The port number on which to listen. Defaults to 8090.
|
|
|
+ #
|
|
|
+ #port: 8089
|
|
|
+
|
|
|
+ # Settings for the replication API.
|
|
|
+ #
|
|
|
+ replication_api:
|
|
|
+ # The local IPv4 or IPv6 address to which to bind.
|
|
|
+ # Defaults to '::1'.
|
|
|
+ #
|
|
|
+ #bind_address: 120.243.0.12
|
|
|
+
|
|
|
+ # The port number on which to listen. Defaults to 4434.
|
|
|
+ #
|
|
|
+ #port: 4433
|
|
|
+
|
|
|
+ # The file path to a certificate and private key.
|
|
|
+ #
|
|
|
+ # This file should contain both the public certificate and the
|
|
|
+ # private key used to generate it. Defaults to empty.
|
|
|
+ #
|
|
|
+ #cert_file: sydent_priv_key_and_cert.pem
|
|
|
+
|
|
|
+ # A file containing root CA certificate. If this is specified then
|
|
|
+ # certificates of other Sydent servers signed by this CA will be
|
|
|
+ # trusted.
|
|
|
+ #
|
|
|
+ # This is useful for testing or when it's not practical to get the
|
|
|
+ # client cert signed by a real root CA but should never be used on
|
|
|
+ # a production server. Defaults to empty.
|
|
|
+ #
|
|
|
+ #ca_cert: my_local_ca.crt
|
|
|
+
|
|
|
+ # Settings for the internal API.
|
|
|
+ #
|
|
|
+ # Enabling this allows for binding and unbinding between identifiers
|
|
|
+ # and matrix IDs without any validation. This is open to abuse, so is
|
|
|
+ # disabled by default, and when it is enabled, is available only on a
|
|
|
+ # separate socket which is bound to `localhost` by default.
|
|
|
+ #
|
|
|
+ internal_api:
|
|
|
+ # Whether or not to enable internal API. Defaults to 'false'.
|
|
|
+ #
|
|
|
+ #enabled: true
|
|
|
+
|
|
|
+ # The local IPv4 or IPv6 address to which to bind.
|
|
|
+ # Defaults to '::1'.
|
|
|
+ #
|
|
|
+ #bind_address: 192.168.0.18
|
|
|
+
|
|
|
+ # The port number on which to listen. Defaults to 9090.
|
|
|
+ #
|
|
|
+ #port: 8091
|
|
|
+
|
|
|
+# Whether or not Sydent should pay attention to X-Forwarded-For
|
|
|
+# headers. Defaults to 'true'.
|
|
|
+#
|
|
|
+#obey_x_forwarded_for: false
|
|
|
+
|
|
|
+# Whether or not Sydent should verify the TLS certificates of
|
|
|
+# homeservers it communicates with. Defaults to 'true'.
|
|
|
+#
|
|
|
+#verify_homeserver_certs: false
|