# Configuration file for Sydent. # # This is a YAML file: see [1] for a quick introduction. Note in particular # that *indentation is important*: all the elements of a list or dictionary # should have the same indentation. # # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html ## General ## # The name of the server. Required. # server_name: SERVER_NAME # Settings for configuring logging. # logging: # The path of the file to write the logs to OR 'stderr' to # log to stderr. Defaults to 'stderr'. # #log_path: sydent.log # The log level to use. This can be set to any level used by the python # 'logging' module. Note: it should be in all caps. Defaults to 'INFO' # #log_level: DEBUG # The file to save Sydent's process ID (PID) to. Required. # pid_file: sydent.pid # The file where the terms and conditions are configured for Sydent. # Defaults to empty. # #terms_file: terms_and_conditions.yaml # The maximum number of addresses that someone can query in a single # /lookup request. Defaults to 10000. # #address_lookup_limit: 100 # Whether clients and homeservers can register an association using v1 # API endpoints. Defaults to 'true'. # #enable_v1_associations: false # Whether to delete invite tokens after successful binding has taken # place. Defaults to 'true'. # #delete_tokens_on_bind: false # Templating options. Sending a value for 'brand' to some API endpoints # allows for different email and http templates to be used. These # templates should be stored in a file structure like this: # # root_template_dir/ # brand1/ # invite_template.eml # verification_template.eml # verify_response_template.html # brand2/ # invite_template.eml # verification_template.eml # verify_response_template.html # templates: # The path of the root directory where template files are kept. # Required. # root_directory: TEMPLATE_DIR # TThe brand directory to use if no brand (or an invalid brand) # is provided by the request. Defaults to 'matrix-org'. # #default_brand: awesome-brand-name # Settings for the prometheus metrics client # prometheus: # Whether or not to enable prometheus. Defaults to 'false'. # #enabled: true # The local IPv4 or IPv6 address to which to bind. Empty string # means bind to all. Defaults to empty. # #bind_address: 192.168.0.18 # The port number on which to listen. Defaults to 8080. # #port: 8079 # Settings for Sentry integration # sentry: # Whether of not to enable Sentry. Defaults to 'false'. # #enabled: true # The Sentry Data Source Name (DSN) to use. Defaults to empty. # #dsn: https://public_key@sentry.example.com/1 # Settings for filtering outgoing requests based on the destination # IP address. # ip_filtering: # A list of CIDR IP address ranges to block outbound requests to. # Defaults to a list of private IP ranges to prevent DNS rebinding # attacks. This list can be found in 'sydent/util/ip_range.py'. # #blacklist: # - "::1/128" # - "fe80::/10" # - "fc00::/7" # - "2001:db8::/32" # - "ff00::/8" # - "fec0::/10" # List of IP address CIDR ranges that should be allowed for outbound # requests. This is useful for specifying exceptions to wide-ranging # blacklisted target IP ranges. This list overrides the blaclist. # Defaults to empty. # #whitelist: # - 192.168.0.23 # - 202.31.555.2 ## Database ## # The path to the SQLite database file for Sydent to use. # It can be set to ':memory:' to use a temporary database # in RAM instead of on disk. Required. # database_path: sydent.db ## Crypto ## # The key used to sign JSON sent by this server. A new key can # be generated by running the generate-key script. Required. # ed25519_signing_key: ## SMS ## # Settings to do with sending SMS validation texts # sms: # The template to use for SMS validation texts. The string '{token}' # will get replaced with the validation code. # Defaults to 'Your code is {token}'. # #SMS_template: Your validation code is {token} # Settings to connect to the OpenMarket SMS sender at # https://smsc.openmarket.com/sms/v4/mt # openmarket_SMS_API: # Username for the service. Defaults to empty. # #username: myusername # Password for the service. Defaults to empty. # #password: mypassword # Settings for the SMS originators based on country code # An originator should be of the form ':' # e.g 'alpha:Matrix' or 'short:012345' # sms_originator: # The list of originators to use by country code of the SMS # recipient. The originator is chosend deterministically from # this list so if someone requests multiple codes, they come # from a consistent number. Defaults to empty. # #country_code: # - 1: # US/Canada # - long:12125552368 # - long:12125552369 # - 44: # UK # - short:12345 # The default originator to use if nothing has been set for # the country code of the SMS recipient. Defaults to 'alpha:Sydent' # #default: alpha:Matrix # A blacklist of SMS recipient country codes. Verification texts # to numbers in these countries will not be sent. Default to empty. # #country_code_blacklist: # - 44 # UK # - 33 # France # - 276 # Germany ## Emails ## # Email settings # email: # SMTP server settings # SMTP: # The address of the SMTP server. Defaults to 'localhost'. # #server: smtp.myemailsender.com # The port to connect to the server on. Defaults to 25. # #port: 587 # The username for the SMTP server. Defaults to empty. # #username: sydent@myemailsender.com # The password for the SMTP server. Defaults to empty. # #password: mypassword # The security mode to use. This can take one of the following # options: # # - None [Default] # - TLS # - SSL # - STARTTLS # #tls_mode: TLS # The fully qualified domain name (FQDN) to use with HELO/EHLO # command. Defaults to domain name configured for local host. # #host_name: sydent.myserver.com # Settings that affect the contents of Sydent's emails. # # Some of these settings are string templates and can take advantage # of Sydent's string substitutions. Any parameters set in the body of # a request to `/_matrix/identity/v2/store-invite` can be used. These # may include the following: # # room_name - The name of the room to which the user is # invited. # # room_alias - The cannonical room alias for the room to # which the user is invited. # # sender_display_name - The display name of the user ID initiating # the invite. # # For more options see https://matrix.org/docs/spec/identity_service/latest # # For example '%(room_alias)s' in a string template will be replaced by # the value set for room_alias # contents: # The email address that should appear to have been sent from. This # should take the form: 'Display Name Here ' # # Defaults to 'Sydent '. # #sender: Server Name # The subject line of emails that invite someone to a room. This is # a string template. # # Defaults to '%(sender_display_name)s has invited you to chat'. # #room_invite_subject: Invitation to %(room_alias)s # The subject line of emails that invite someone to a space. This is # a string template. # # Defaults to '%(sender_display_name)s has invited you to a space'. # #space_invite_subject: Invitation to %(room_alias)s # The web client location which will be used if one is not provided by # the homeserver. This should be of the form 'scheme://base.url.com/here' # # A homeserver can provide a default client by sending a value for # 'org.matrix.web_client_location' in the request to '/store-invite'. # # Defaults to 'https://app.element.io'. # #default_matrix_client: https://fluffychat.im/web # When a user is invited to a room via their email address, that invite is # displayed in the room list using an obfuscated version of the user's email # address. These config options determine how much of the email address to # obfuscate. Note that the '@' sign is always included. # # If the string is longer than a configured limit below, it is truncated to # that limit with '...' added. For shorter strings, the following rules are # used: # # * If the string has more than 5 characters, it is truncated to 3 characters # + '...' (e.g. 'username' would become 'use...') # # * If the string has between 2 and 5 characters inclusive, it is truncated # to 1 character + '...' (e.g. 'user' would become 'u...') # # * If the string is 1 character long, it is converted to just '...' # (e.g. 'a' would become '...') # # This ensures that a full email address is never shown, even if it is extremely # short. # obfuscation_amounts: # The number of characters from the beginning to reveal of the email's username # portion (left of the '@' sign). Defaults to 3. # #username: 5 # The number of characters from the beginning to reveal of the email's domain # portion (right of the '@' sign). Defaults to 3. # #domain: 5 ## HTTP ## # The base url of Sydent. This should be of the form # `scheme://base.url.com/here`. Required. # server_base_url: https://SERVER_NAME # Settings for the listening points for the various APIs # http_servers: # Settings for the client API. # client_api: # The local IPv4 or IPv6 address to which to bind. Defaults to '::1'. # #bind_address: 120.243.0.12 # The port number on which to listen. Defaults to 8090. # #port: 8089 # Settings for the replication API. # replication_api: # The local IPv4 or IPv6 address to which to bind. # Defaults to '::1'. # #bind_address: 120.243.0.12 # The port number on which to listen. Defaults to 4434. # #port: 4433 # The file path to a certificate and private key. # # This file should contain both the public certificate and the # private key used to generate it. Defaults to empty. # #cert_file: sydent_priv_key_and_cert.pem # A file containing root CA certificate. If this is specified then # certificates of other Sydent servers signed by this CA will be # trusted. # # This is useful for testing or when it's not practical to get the # client cert signed by a real root CA but should never be used on # a production server. Defaults to empty. # #ca_cert: my_local_ca.crt # Settings for the internal API. # # Enabling this allows for binding and unbinding between identifiers # and matrix IDs without any validation. This is open to abuse, so is # disabled by default, and when it is enabled, is available only on a # separate socket which is bound to `localhost` by default. # internal_api: # Whether or not to enable internal API. Defaults to 'false'. # #enabled: true # The local IPv4 or IPv6 address to which to bind. # Defaults to '::1'. # #bind_address: 192.168.0.18 # The port number on which to listen. Defaults to 9090. # #port: 8091 # Whether or not Sydent should pay attention to X-Forwarded-For # headers. Defaults to 'true'. # #obey_x_forwarded_for: false # Whether or not Sydent should verify the TLS certificates of # homeservers it communicates with. Defaults to 'true'. # #verify_homeserver_certs: false