homeserver.yaml 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194
  1. # vim:ft=yaml
  2. ## TLS ##
  3. {% if not SYNAPSE_NO_TLS %}
  4. tls_certificate_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.crt"
  5. tls_private_key_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.key"
  6. {% endif %}
  7. ## Server ##
  8. server_name: "{{ SYNAPSE_SERVER_NAME }}"
  9. pid_file: /homeserver.pid
  10. web_client: False
  11. soft_file_limit: 0
  12. log_config: "{{ SYNAPSE_LOG_CONFIG }}"
  13. ## Ports ##
  14. listeners:
  15. {% if not SYNAPSE_NO_TLS %}
  16. -
  17. port: 8448
  18. bind_addresses: ['::']
  19. type: http
  20. tls: true
  21. x_forwarded: false
  22. resources:
  23. - names: [client]
  24. compress: true
  25. - names: [federation] # Federation APIs
  26. compress: false
  27. {% endif %}
  28. # Allow configuring in case we want to reverse proxy 8008
  29. # using another process in the same container
  30. {% if SYNAPSE_USE_UNIX_SOCKET %}
  31. # Unix sockets don't care about TLS or IP addresses or ports
  32. - path: '/run/main_public.sock'
  33. type: http
  34. {% else %}
  35. - port: {{ SYNAPSE_HTTP_PORT or 8008 }}
  36. tls: false
  37. bind_addresses: ['::']
  38. type: http
  39. x_forwarded: false
  40. {% endif %}
  41. resources:
  42. - names: [client]
  43. compress: true
  44. - names: [federation]
  45. compress: false
  46. ## Database ##
  47. {% if POSTGRES_PASSWORD %}
  48. database:
  49. name: "psycopg2"
  50. args:
  51. user: "{{ POSTGRES_USER or "synapse" }}"
  52. password: "{{ POSTGRES_PASSWORD }}"
  53. database: "{{ POSTGRES_DB or "synapse" }}"
  54. {% if not SYNAPSE_USE_UNIX_SOCKET %}
  55. {# Synapse will use a default unix socket for Postgres when host/port is not specified (behavior from `psycopg2`). #}
  56. host: "{{ POSTGRES_HOST or "db" }}"
  57. port: "{{ POSTGRES_PORT or "5432" }}"
  58. {% endif %}
  59. cp_min: 5
  60. cp_max: 10
  61. {% else %}
  62. database:
  63. name: "sqlite3"
  64. args:
  65. database: "/data/homeserver.db"
  66. {% endif %}
  67. ## Performance ##
  68. event_cache_size: "{{ SYNAPSE_EVENT_CACHE_SIZE or "10K" }}"
  69. ## Ratelimiting ##
  70. rc_messages_per_second: 0.2
  71. rc_message_burst_count: 10.0
  72. federation_rc_window_size: 1000
  73. federation_rc_sleep_limit: 10
  74. federation_rc_sleep_delay: 500
  75. federation_rc_reject_limit: 50
  76. federation_rc_concurrent: 3
  77. ## Files ##
  78. media_store_path: "/data/media"
  79. max_upload_size: "{{ SYNAPSE_MAX_UPLOAD_SIZE or "50M" }}"
  80. max_image_pixels: "32M"
  81. dynamic_thumbnails: false
  82. # List of thumbnail to precalculate when an image is uploaded.
  83. thumbnail_sizes:
  84. - width: 32
  85. height: 32
  86. method: crop
  87. - width: 96
  88. height: 96
  89. method: crop
  90. - width: 320
  91. height: 240
  92. method: scale
  93. - width: 640
  94. height: 480
  95. method: scale
  96. - width: 800
  97. height: 600
  98. method: scale
  99. url_preview_enabled: False
  100. max_spider_size: "10M"
  101. ## Captcha ##
  102. {% if SYNAPSE_RECAPTCHA_PUBLIC_KEY %}
  103. recaptcha_public_key: "{{ SYNAPSE_RECAPTCHA_PUBLIC_KEY }}"
  104. recaptcha_private_key: "{{ SYNAPSE_RECAPTCHA_PRIVATE_KEY }}"
  105. enable_registration_captcha: True
  106. recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
  107. {% else %}
  108. recaptcha_public_key: "YOUR_PUBLIC_KEY"
  109. recaptcha_private_key: "YOUR_PRIVATE_KEY"
  110. enable_registration_captcha: False
  111. recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
  112. {% endif %}
  113. ## Turn ##
  114. {% if SYNAPSE_TURN_URIS %}
  115. turn_uris:
  116. {% for uri in SYNAPSE_TURN_URIS.split(',') %} - "{{ uri }}"
  117. {% endfor %}
  118. turn_shared_secret: "{{ SYNAPSE_TURN_SECRET }}"
  119. turn_user_lifetime: "1h"
  120. turn_allow_guests: True
  121. {% else %}
  122. turn_uris: []
  123. turn_shared_secret: "YOUR_SHARED_SECRET"
  124. turn_user_lifetime: "1h"
  125. turn_allow_guests: True
  126. {% endif %}
  127. ## Registration ##
  128. enable_registration: {{ "True" if SYNAPSE_ENABLE_REGISTRATION else "False" }}
  129. registration_shared_secret: "{{ SYNAPSE_REGISTRATION_SHARED_SECRET }}"
  130. bcrypt_rounds: 12
  131. allow_guest_access: {{ "True" if SYNAPSE_ALLOW_GUEST else "False" }}
  132. enable_group_creation: true
  133. ## Metrics ###
  134. {% if SYNAPSE_REPORT_STATS.lower() == "yes" %}
  135. enable_metrics: True
  136. report_stats: True
  137. {% else %}
  138. enable_metrics: False
  139. report_stats: False
  140. {% endif %}
  141. ## API Configuration ##
  142. {% if SYNAPSE_APPSERVICES %}
  143. app_service_config_files:
  144. {% for appservice in SYNAPSE_APPSERVICES %} - "{{ appservice }}"
  145. {% endfor %}
  146. {% endif %}
  147. macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}"
  148. expire_access_token: False
  149. ## Signing Keys ##
  150. signing_key_path: "/data/{{ SYNAPSE_SERVER_NAME }}.signing.key"
  151. old_signing_keys: {}
  152. key_refresh_interval: "1d" # 1 Day.
  153. # The trusted servers to download signing keys from.
  154. trusted_key_servers:
  155. - server_name: matrix.org
  156. verify_keys:
  157. "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
  158. password_config:
  159. enabled: true