147 lines
4.1 KiB
Text
147 lines
4.1 KiB
Text
|
## Server ##
|
||
|
|
||
|
# The domain name of the server, with optional explicit port.
|
||
|
# This is used by remote servers to connect to this server,
|
||
|
# e.g. matrix.org, localhost:8080, etc.
|
||
|
# This is also the last part of your UserID.
|
||
|
#
|
||
|
server_name: '${BASE_DOMAIN}'
|
||
|
|
||
|
# The public-facing base URL that clients use to access this HS
|
||
|
# (not including _matrix/...). This is the same URL a user would
|
||
|
# enter into the 'custom HS URL' field on their client. If you
|
||
|
# use synapse with a reverse proxy, this should be the URL to reach
|
||
|
# synapse via the proxy.
|
||
|
#
|
||
|
public_baseurl: https://${BASE_DOMAIN}/
|
||
|
|
||
|
# When running as a daemon, the file to store the pid in
|
||
|
#
|
||
|
pid_file: /data/homeserver.pid
|
||
|
|
||
|
# Prevent federation requests from being sent to the following
|
||
|
# blacklist IP address CIDR ranges. If this option is not specified, or
|
||
|
# specified with an empty list, no ip range blacklist will be enforced.
|
||
|
#
|
||
|
# As of Synapse v1.4.0 this option also affects any outbound requests to identity
|
||
|
# servers provided by user input.
|
||
|
#
|
||
|
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
|
||
|
# listed here, since they correspond to unroutable addresses.)
|
||
|
#
|
||
|
federation_ip_range_blacklist:
|
||
|
- '127.0.0.0/8'
|
||
|
- '10.0.0.0/8'
|
||
|
- '172.16.0.0/12'
|
||
|
- '192.168.0.0/16'
|
||
|
- '100.64.0.0/10'
|
||
|
- '169.254.0.0/16'
|
||
|
- '::1/128'
|
||
|
- 'fe80::/64'
|
||
|
- 'fc00::/7'
|
||
|
|
||
|
# List of ports that Synapse should listen on, their purpose and their
|
||
|
# configuration.
|
||
|
#
|
||
|
listeners:
|
||
|
- port: 8008
|
||
|
tls: false
|
||
|
type: http
|
||
|
x_forwarded: true
|
||
|
|
||
|
resources:
|
||
|
- names: [client, federation]
|
||
|
compress: false
|
||
|
|
||
|
## Database ##
|
||
|
|
||
|
database:
|
||
|
name: psycopg2
|
||
|
args:
|
||
|
user: matrix
|
||
|
password: ${MATRIX_PG_PWD}
|
||
|
database: matrix
|
||
|
host: pg-matrix
|
||
|
cp_min: 5
|
||
|
cp_max: 10
|
||
|
|
||
|
## Logging ##
|
||
|
|
||
|
# A yaml python logging config file as described by
|
||
|
# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
|
||
|
#
|
||
|
log_config: '/config/log.config'
|
||
|
|
||
|
## Media Store ##
|
||
|
|
||
|
# Directory where uploaded images and attachments are stored.
|
||
|
#
|
||
|
media_store_path: '/data/media_store'
|
||
|
|
||
|
# Directory where in-progress uploads are stored.
|
||
|
#
|
||
|
uploads_path: '/data/uploads'
|
||
|
|
||
|
# If set, allows registration of standard or admin accounts by anyone who
|
||
|
# has the shared secret, even if registration is otherwise disabled.
|
||
|
#
|
||
|
registration_shared_secret: '${MATRIX_REGISTRATION_SECRET}'
|
||
|
|
||
|
# a secret which is used to sign access tokens. If none is specified,
|
||
|
# the registration_shared_secret is used, if one is given; otherwise,
|
||
|
# a secret key is derived from the signing key.
|
||
|
#
|
||
|
macaroon_secret_key: '${MATRIX_MAROON_SECRET}'
|
||
|
|
||
|
# a secret which is used to calculate HMACs for form values, to stop
|
||
|
# falsification of values. Must be specified for the User Consent
|
||
|
# forms to work.
|
||
|
#
|
||
|
form_secret: '${MATRIX_FORM_SECRET}'
|
||
|
|
||
|
## Signing Keys ##
|
||
|
|
||
|
# Path to the signing key to sign messages with
|
||
|
#
|
||
|
signing_key_path: '/config/signing.key'
|
||
|
|
||
|
# The trusted servers to download signing keys from.
|
||
|
trusted_key_servers:
|
||
|
- server_name: 'matrix.org'
|
||
|
|
||
|
# Uncomment the following to disable the warning that is emitted when the
|
||
|
# trusted_key_servers include 'matrix.org'. See above.
|
||
|
#
|
||
|
suppress_key_server_warning: true
|
||
|
|
||
|
password_config:
|
||
|
# Uncomment and change to a secret random string for extra security.
|
||
|
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
|
||
|
#
|
||
|
#pepper: 'EVEN_MORE_SECRET'
|
||
|
|
||
|
# Enable sending emails for password resets, notification events or
|
||
|
# account expiry notices
|
||
|
#
|
||
|
# If your SMTP server requires authentication, the optional smtp_user &
|
||
|
# smtp_pass variables should be used
|
||
|
#
|
||
|
email:
|
||
|
enable_notifs: false
|
||
|
smtp_host: 'mail'
|
||
|
smtp_port: 25 # SSL: 465, STARTTLS: 587
|
||
|
smtp_user: '${MATRIX_MAIL_USER}@${BASE_DOMAIN}'
|
||
|
smtp_pass: '${MATRIX_MAIL_PASS}'
|
||
|
require_transport_security: false
|
||
|
notif_from: 'Your Friendly %(app)s Home Server <${MATRIX_MAIL_FROM}@${BASE_DOMAIN}>'
|
||
|
app_name: Matrix
|
||
|
|
||
|
# Configure the time that a validation email or text message code
|
||
|
# will expire after sending
|
||
|
#
|
||
|
# This is currently used for password resets
|
||
|
validation_token_lifetime: 1h
|
||
|
|
||
|
# Whether or not to report anonymized homeserver usage statistics.
|
||
|
report_stats: false
|