homeserver.yaml 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
  1. # vim:ft=yaml
  2. ## TLS ##
  3. {% if not SYNAPSE_NO_TLS %}
  4. tls_certificate_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.crt"
  5. tls_private_key_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.key"
  6. {% if SYNAPSE_ACME %}
  7. acme:
  8. enabled: true
  9. port: 8009
  10. {% endif %}
  11. {% endif %}
  12. ## Server ##
  13. server_name: "{{ SYNAPSE_SERVER_NAME }}"
  14. pid_file: /homeserver.pid
  15. web_client: False
  16. soft_file_limit: 0
  17. log_config: "{{ SYNAPSE_LOG_CONFIG }}"
  18. ## Ports ##
  19. listeners:
  20. {% if not SYNAPSE_NO_TLS %}
  21. -
  22. port: 8448
  23. bind_addresses: ['::']
  24. type: http
  25. tls: true
  26. x_forwarded: false
  27. resources:
  28. - names: [client]
  29. compress: true
  30. - names: [federation] # Federation APIs
  31. compress: false
  32. {% endif %}
  33. - port: 8008
  34. tls: false
  35. bind_addresses: ['::']
  36. type: http
  37. x_forwarded: false
  38. resources:
  39. - names: [client]
  40. compress: true
  41. - names: [federation]
  42. compress: false
  43. ## Database ##
  44. {% if POSTGRES_PASSWORD %}
  45. database:
  46. name: "psycopg2"
  47. args:
  48. user: "{{ POSTGRES_USER or "synapse" }}"
  49. password: "{{ POSTGRES_PASSWORD }}"
  50. database: "{{ POSTGRES_DB or "synapse" }}"
  51. host: "{{ POSTGRES_HOST or "db" }}"
  52. port: "{{ POSTGRES_PORT or "5432" }}"
  53. cp_min: 5
  54. cp_max: 10
  55. {% else %}
  56. database:
  57. name: "sqlite3"
  58. args:
  59. database: "/data/homeserver.db"
  60. {% endif %}
  61. ## Performance ##
  62. event_cache_size: "{{ SYNAPSE_EVENT_CACHE_SIZE or "10K" }}"
  63. ## Ratelimiting ##
  64. rc_messages_per_second: 0.2
  65. rc_message_burst_count: 10.0
  66. federation_rc_window_size: 1000
  67. federation_rc_sleep_limit: 10
  68. federation_rc_sleep_delay: 500
  69. federation_rc_reject_limit: 50
  70. federation_rc_concurrent: 3
  71. ## Files ##
  72. media_store_path: "/data/media"
  73. uploads_path: "/data/uploads"
  74. max_upload_size: "{{ SYNAPSE_MAX_UPLOAD_SIZE or "10M" }}"
  75. max_image_pixels: "32M"
  76. dynamic_thumbnails: false
  77. # List of thumbnail to precalculate when an image is uploaded.
  78. thumbnail_sizes:
  79. - width: 32
  80. height: 32
  81. method: crop
  82. - width: 96
  83. height: 96
  84. method: crop
  85. - width: 320
  86. height: 240
  87. method: scale
  88. - width: 640
  89. height: 480
  90. method: scale
  91. - width: 800
  92. height: 600
  93. method: scale
  94. url_preview_enabled: False
  95. max_spider_size: "10M"
  96. ## Captcha ##
  97. {% if SYNAPSE_RECAPTCHA_PUBLIC_KEY %}
  98. recaptcha_public_key: "{{ SYNAPSE_RECAPTCHA_PUBLIC_KEY }}"
  99. recaptcha_private_key: "{{ SYNAPSE_RECAPTCHA_PRIVATE_KEY }}"
  100. enable_registration_captcha: True
  101. recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
  102. {% else %}
  103. recaptcha_public_key: "YOUR_PUBLIC_KEY"
  104. recaptcha_private_key: "YOUR_PRIVATE_KEY"
  105. enable_registration_captcha: False
  106. recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
  107. {% endif %}
  108. ## Turn ##
  109. {% if SYNAPSE_TURN_URIS %}
  110. turn_uris:
  111. {% for uri in SYNAPSE_TURN_URIS.split(',') %} - "{{ uri }}"
  112. {% endfor %}
  113. turn_shared_secret: "{{ SYNAPSE_TURN_SECRET }}"
  114. turn_user_lifetime: "1h"
  115. turn_allow_guests: True
  116. {% else %}
  117. turn_uris: []
  118. turn_shared_secret: "YOUR_SHARED_SECRET"
  119. turn_user_lifetime: "1h"
  120. turn_allow_guests: True
  121. {% endif %}
  122. ## Registration ##
  123. enable_registration: {{ "True" if SYNAPSE_ENABLE_REGISTRATION else "False" }}
  124. registration_shared_secret: "{{ SYNAPSE_REGISTRATION_SHARED_SECRET }}"
  125. bcrypt_rounds: 12
  126. allow_guest_access: {{ "True" if SYNAPSE_ALLOW_GUEST else "False" }}
  127. enable_group_creation: true
  128. # The list of identity servers trusted to verify third party
  129. # identifiers by this server.
  130. #
  131. # Also defines the ID server which will be called when an account is
  132. # deactivated (one will be picked arbitrarily).
  133. trusted_third_party_id_servers:
  134. - matrix.org
  135. - vector.im
  136. ## Metrics ###
  137. {% if SYNAPSE_REPORT_STATS.lower() == "yes" %}
  138. enable_metrics: True
  139. report_stats: True
  140. {% else %}
  141. enable_metrics: False
  142. report_stats: False
  143. {% endif %}
  144. ## API Configuration ##
  145. room_invite_state_types:
  146. - "m.room.join_rules"
  147. - "m.room.canonical_alias"
  148. - "m.room.avatar"
  149. - "m.room.name"
  150. {% if SYNAPSE_APPSERVICES %}
  151. app_service_config_files:
  152. {% for appservice in SYNAPSE_APPSERVICES %} - "{{ appservice }}"
  153. {% endfor %}
  154. {% else %}
  155. app_service_config_files: []
  156. {% endif %}
  157. macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}"
  158. expire_access_token: False
  159. ## Signing Keys ##
  160. signing_key_path: "/data/{{ SYNAPSE_SERVER_NAME }}.signing.key"
  161. old_signing_keys: {}
  162. key_refresh_interval: "1d" # 1 Day.
  163. # The trusted servers to download signing keys from.
  164. perspectives:
  165. servers:
  166. "matrix.org":
  167. verify_keys:
  168. "ed25519:auto":
  169. key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
  170. password_config:
  171. enabled: true