sydent/docs/sample_config.yaml

# Configuration file for Sydent.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html


## General ##

# The name of the server. Required.
#
server_name: SERVER_NAME

# Settings for configuring logging.
#
logging:
  # The path of the file to write the logs to OR 'stderr' to
  # log to stderr. Defaults to 'stderr'.
  #
  #log_path: sydent.log

  # The log level to use. This can be set to any level used by the python
  # 'logging' module. Note: it should be in all caps. Defaults to 'INFO'
  #
  #log_level: DEBUG

# The file to save Sydent's process ID (PID) to. Required.
#
pid_file: sydent.pid

# The file where the terms and conditions are configured for Sydent.
# Defaults to empty.
#
#terms_file: terms_and_conditions.yaml

# The maximum number of addresses that someone can query in a single
# /lookup request. Defaults to 10000.
#
#address_lookup_limit: 100

# Whether clients and homeservers can register an association using v1
# API endpoints. Defaults to 'true'.
#
#enable_v1_associations: false

# Whether to delete invite tokens after successful binding has taken
# place. Defaults to 'true'.
#
#delete_tokens_on_bind: false

# Templating options. Sending a value for 'brand' to some API endpoints
# allows for different email and http templates to be used. These
# templates should be stored in a file structure like this:
#
# root_template_dir/
#     brand1/
#         invite_template.eml
#         verification_template.eml
#         verify_response_template.html
#     brand2/
#         invite_template.eml
#         verification_template.eml
#         verify_response_template.html
#
templates:
  # The path of the root directory where template files are kept.
  # Required.
  #
  root_directory: TEMPLATE_DIR

  # TThe brand directory to use if no brand (or an invalid brand)
  # is provided by the request. Defaults to 'matrix-org'.
  #
  #default_brand: awesome-brand-name

# Settings for the prometheus metrics client
#
prometheus:
  # Whether or not to enable prometheus. Defaults to 'false'.
  #
  #enabled: true

  # The local IPv4 or IPv6 address to which to bind. Empty string
  # means bind to all. Defaults to empty.
  #
  #bind_address: 192.168.0.18

  # The port number on which to listen. Defaults to 8080.
  #
  #port: 8079

# Settings for Sentry integration
#
sentry:
  # Whether of not to enable Sentry. Defaults to 'false'.
  #
  #enabled: true

  # The Sentry Data Source Name (DSN) to use. Defaults to empty.
  #
  #dsn: https://public_key@sentry.example.com/1

# Settings for filtering outgoing requests based on the destination
# IP address.
#
ip_filtering:
  # A list of CIDR IP address ranges to block outbound requests to.
  # Defaults to a list of private IP ranges to prevent DNS rebinding
  # attacks. This list can be found in 'sydent/util/ip_range.py'.
  #
  #blacklist:
  #  - "::1/128"
  #  - "fe80::/10"
  #  - "fc00::/7"
  #  - "2001:db8::/32"
  #  - "ff00::/8"
  #  - "fec0::/10"

  # List of IP address CIDR ranges that should be allowed for outbound
  # requests. This is useful for specifying exceptions to wide-ranging
  # blacklisted target IP ranges. This list overrides the blaclist.
  # Defaults to empty.
  #
  #whitelist:
  #  - 192.168.0.23
  #  - 202.31.555.2


## Database ##

# The path to the SQLite database file for Sydent to use.
# It can be set to ':memory:' to use a temporary database
# in RAM instead of on disk. Required.
#
database_path: sydent.db


## Crypto ##

# The key used to sign JSON sent by this server. A new key can
# be generated by running the generate-key script. Required.
#
ed25519_signing_key: 


## SMS ##

# Settings to do with sending SMS validation texts
#
sms:
  # The template to use for SMS validation texts. The string '{token}'
  # will get replaced with the validation code.
  # Defaults to 'Your code is {token}'.
  #
  #SMS_template: Your validation code is {token}

  # Settings to connect to the OpenMarket SMS sender at
  # https://smsc.openmarket.com/sms/v4/mt
  #
  openmarket_SMS_API:
    # Username for the service. Defaults to empty.
    #
    #username: myusername

    # Password for the service. Defaults to empty.
    #
    #password: mypassword

  # Settings for the SMS originators based on country code
  # An originator should be of the form '<long|short|alpha>:<originator>'
  # e.g 'alpha:Matrix' or 'short:012345'
  #
  sms_originator:
      # The list of originators to use by country code of the SMS
      # recipient. The originator is chosend deterministically from
      # this list so if someone requests multiple codes, they come
      # from a consistent number. Defaults to empty.
      #
      #country_code:
      #  - 1: # US/Canada
      #    - long:12125552368
      #    - long:12125552369
      #  - 44: # UK
      #    - short:12345

      # The default originator to use if nothing has been set for
      # the country code of the SMS recipient. Defaults to 'alpha:Sydent'
      #
      #default: alpha:Matrix

  # A blacklist of SMS recipient country codes. Verification texts
  # to numbers in these countries will not be sent. Default to empty.
  #
  #country_code_blacklist:
  #  - 44 # UK
  #  - 33 # France
  #  - 276 # Germany


## Emails ##

# Email settings
#
email:
  # SMTP server settings
  #
  SMTP:
    # The address of the SMTP server. Defaults to 'localhost'.
    #
    #server: smtp.myemailsender.com

    # The port to connect to the server on. Defaults to 25.
    #
    #port: 587

    # The username for the SMTP server. Defaults to empty.
    #
    #username: sydent@myemailsender.com

    # The password for the SMTP server. Defaults to empty.
    #
    #password: mypassword

    # The security mode to use. This can take one of the following
    # options:
    #
    # - None [Default]
    # - TLS
    # - SSL
    # - STARTTLS
    #
    #tls_mode: TLS

    # The fully qualified domain name (FQDN) to use with HELO/EHLO
    # command. Defaults to domain name configured for local host.
    #
    #host_name: sydent.myserver.com

  # Settings that affect the contents of Sydent's emails.
  #
  # Some of these settings are string templates and can take advantage
  # of Sydent's string substitutions. Any parameters set in the body of
  # a request to `/_matrix/identity/v2/store-invite` can be used. These
  # may include the following:
  #
  # room_name           - The name of the room to which the user is
  #                       invited.
  #
  # room_alias          - The cannonical room alias for the room to
  #                       which the user is invited.
  #
  # sender_display_name - The display name of the user ID initiating
  #                       the invite.
  #
  # For more options see https://matrix.org/docs/spec/identity_service/latest
  #
  # For example '%(room_alias)s' in a string template will be replaced by
  # the value set for room_alias
  #
  contents:
    # The email address that should appear to have been sent from. This
    # should take the form: 'Display Name Here <actual.email@example.com>'
    #
    # Defaults to 'Sydent <noreply@example.com>'.
    #
    #sender: Server Name <noreply@example.com>

    # The subject line of emails that invite someone to a room. This is
    # a string template.
    #
    # Defaults to '%(sender_display_name)s has invited you to chat'.
    #
    #room_invite_subject: Invitation to %(room_alias)s

    # The subject line of emails that invite someone to a space. This is
    # a string template.
    #
    # Defaults to '%(sender_display_name)s has invited you to a space'.
    #
    #space_invite_subject: Invitation to %(room_alias)s

    # The web client location which will be used if one is not provided by
    # the homeserver. This should be of the form 'scheme://base.url.com/here'
    #
    # A homeserver can provide a default client by sending a value for
    # 'org.matrix.web_client_location' in the request to '/store-invite'.
    #
    # Defaults to 'https://app.element.io'.
    #
    #default_matrix_client: https://fluffychat.im/web

    # When a user is invited to a room via their email address, that invite is
    # displayed in the room list using an obfuscated version of the user's email
    # address. These config options determine how much of the email address to
    # obfuscate. Note that the '@' sign is always included.
    #
    # If the string is longer than a configured limit below, it is truncated to
    # that limit with '...' added. For shorter strings, the following rules are
    # used:
    #
    # * If the string has more than 5 characters, it is truncated to 3 characters
    #   + '...' (e.g. 'username' would become 'use...')
    #
    # * If the string has between 2 and 5 characters inclusive, it is truncated
    #   to 1 character + '...' (e.g. 'user' would become 'u...')
    #
    # * If the string is 1 character long, it is converted to just '...'
    #   (e.g. 'a' would become '...')
    #
    # This ensures that a full email address is never shown, even if it is extremely
    # short.
    #
    obfuscation_amounts:
      # The number of characters from the beginning to reveal of the email's username
      # portion (left of the '@' sign). Defaults to 3.
      #
      #username: 5

      # The number of characters from the beginning to reveal of the email's domain
      # portion (right of the '@' sign). Defaults to 3.
      #
      #domain: 5


## HTTP ##

# The base url of Sydent. This should be of the form
# `scheme://base.url.com/here`. Required.
#
server_base_url: https://SERVER_NAME

# Settings for the listening points for the various APIs
#
http_servers:
  # Settings for the client API.
  #
  client_api:
    # The local IPv4 or IPv6 address to which to bind. Defaults to '::1'.
    #
    #bind_address: 120.243.0.12
    # The port number on which to listen. Defaults to 8090.
    #
    #port: 8089

  # Settings for the replication API.
  #
  replication_api:
    # The local IPv4 or IPv6 address to which to bind.
    # Defaults to '::1'.
    #
    #bind_address: 120.243.0.12

    # The port number on which to listen. Defaults to 4434.
    #
    #port: 4433

    # The file path to a certificate and private key.
    #
    # This file should contain both the public certificate and the
    # private key used to generate it. Defaults to empty.
    #
    #cert_file: sydent_priv_key_and_cert.pem

    # A file containing root CA certificate. If this is specified then
    # certificates of other Sydent servers signed by this CA will be
    # trusted.
    #
    # This is useful for testing or when it's not practical to get the
    # client cert signed by a real root CA but should never be used on
    # a production server. Defaults to empty.
    #
    #ca_cert: my_local_ca.crt

  # Settings for the internal API.
  #
  # Enabling this allows for binding and unbinding between identifiers
  # and matrix IDs without any validation. This is open to abuse, so is
  # disabled by default, and when it is enabled, is available only on a
  # separate socket which is bound to `localhost` by default.
  #
  internal_api:
    # Whether or not to enable internal API. Defaults to 'false'.
    #
    #enabled: true

    # The local IPv4 or IPv6 address to which to bind.
    # Defaults to '::1'.
    #
    #bind_address: 192.168.0.18

    # The port number on which to listen. Defaults to 9090.
    #
    #port: 8091

# Whether or not Sydent should pay attention to X-Forwarded-For
# headers. Defaults to 'true'.
#
#obey_x_forwarded_for: false

# Whether or not Sydent should verify the TLS certificates of
# homeservers it communicates with. Defaults to 'true'.
#
#verify_homeserver_certs: false