homeserver.yaml.j2 89.4 KB
Newer Older
2001
   pepper: "{{ vault_matrix_secrets[matrix_server_name].pepper }}"
2002

2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
   # Define and enforce a password policy. Each parameter is optional.
   # This is an implementation of MSC2000.
   #
   policy:
      # Whether to enforce the password policy.
      # Defaults to 'false'.
      #
      #enabled: true

      # Minimum accepted length for a password.
      # Defaults to 0.
      #
      #minimum_length: 15

      # Whether a password must contain at least one digit.
      # Defaults to 'false'.
      #
      #require_digit: true

      # Whether a password must contain at least one symbol.
      # A symbol is any character that's not a number or a letter.
      # Defaults to 'false'.
      #
      #require_symbol: true

      # Whether a password must contain at least one lowercase letter.
      # Defaults to 'false'.
      #
      #require_lowercase: true

      # Whether a password must contain at least one lowercase letter.
      # Defaults to 'false'.
      #
      #require_uppercase: true

2038

2039
2040
2041
2042
2043
# Configuration for sending emails from Synapse.
#
email:
  # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
  #
2044
  smtp_host: 127.0.0.1
2045
2046
2047

  # The port on the mail server for outgoing SMTP. Defaults to 25.
  #
2048
  smtp_port: 10027
2049

2050
2051
2052
  # Username/password for authentication to the SMTP server. By default, no
  # authentication is attempted.
  #
2053
2054
  #smtp_user: "exampleusername"
  #smtp_pass: "examplepassword"
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072

  # Uncomment the following to require TLS transport security for SMTP.
  # By default, Synapse will connect over plain text, and will then switch to
  # TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
  # Synapse will refuse to connect unless the server supports STARTTLS.
  #
  #require_transport_security: true

  # notif_from defines the "From" address to use when sending emails.
  # It must be set if email sending is enabled.
  #
  # The placeholder '%(app)s' will be replaced by the application name,
  # which is normally 'app_name' (below), but may be overridden by the
  # Matrix client application.
  #
  # Note that the placeholder must be written '%(app)s', including the
  # trailing 's'.
  #
2073
  notif_from: "Arch Linux %(app)s server <noreply@archlinux.org>"
2074

2075
2076
  # app_name defines the default value for '%(app)s' in notif_from and email
  # subjects. It defaults to 'Matrix'.
2077
2078
2079
  #
  #app_name: my_branded_matrix_server

2080
2081
2082
  # Uncomment the following to enable sending emails for messages that the user
  # has missed. Disabled by default.
  #
2083
  enable_notifs: true
2084

2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
  # Uncomment the following to disable automatic subscription to email
  # notifications for new users. Enabled by default.
  #
  #notif_for_new_users: false

  # Custom URL for client links within the email notifications. By default
  # links will be based on "https://matrix.to".
  #
  # (This setting used to be called riot_base_url; the old name is still
  # supported for backwards-compatibility but is now deprecated.)
  #
  #client_base_url: "http://localhost/riot"

  # Configure the time that a validation email will expire after sending.
  # Defaults to 1h.
  #
  #validation_token_lifetime: 15m

  # Directory in which Synapse will try to find the template files below.
  # If not set, default templates from within the Synapse package will be used.
  #
2106
  # Do not uncomment this setting unless you want to customise the templates.
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
  #
  # Synapse will look for the following templates in this directory:
  #
  # * The contents of email notifications of missed events: 'notif_mail.html' and
  #   'notif_mail.txt'.
  #
  # * The contents of account expiry notice emails: 'notice_expiry.html' and
  #   'notice_expiry.txt'.
  #
  # * The contents of password reset emails sent by the homeserver:
  #   'password_reset.html' and 'password_reset.txt'
  #
2119
2120
2121
2122
2123
2124
2125
  # * An HTML page that a user will see when they follow the link in the password
  #   reset email. The user will be asked to confirm the action before their
  #   password is reset: 'password_reset_confirmation.html'
  #
  # * HTML pages for success and failure that a user will see when they confirm
  #   the password reset flow using the page above: 'password_reset_success.html'
  #   and 'password_reset_failure.html'
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
  #
  # * The contents of address verification emails sent during registration:
  #   'registration.html' and 'registration.txt'
  #
  # * HTML pages for success and failure that a user will see when they follow
  #   the link in an address verification email sent during registration:
  #   'registration_success.html' and 'registration_failure.html'
  #
  # * The contents of address verification emails sent when an address is added
  #   to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
  #
  # * HTML pages for success and failure that a user will see when they follow
  #   the link in an address verification email sent when an address is added
  #   to a Matrix account: 'add_threepid_success.html' and
  #   'add_threepid_failure.html'
  #
  # You can see the default templates at:
  # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
  #
  #template_dir: "res/templates"
2146

2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
  # Subjects to use when sending emails from Synapse.
  #
  # The placeholder '%(app)s' will be replaced with the value of the 'app_name'
  # setting above, or by a value dictated by the Matrix client application.
  #
  # If a subject isn't overridden in this configuration file, the value used as
  # its example will be used.
  #
  #subjects:

    # Subjects for notification emails.
    #
    # On top of the '%(app)s' placeholder, these can use the following
    # placeholders:
    #
    #   * '%(person)s', which will be replaced by the display name of the user(s)
    #      that sent the message(s), e.g. "Alice and Bob".
    #   * '%(room)s', which will be replaced by the name of the room the
    #      message(s) have been sent to, e.g. "My super room".
    #
    # See the example provided for each setting to see which placeholder can be
    # used and how to use them.
    #
    # Subject to use to notify about one message from one or more user(s) in a
    # room which has a name.
    #message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
    #
    # Subject to use to notify about one message from one or more user(s) in a
    # room which doesn't have a name.
    #message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..."
    #
    # Subject to use to notify about multiple messages from one or more users in
    # a room which doesn't have a name.
    #messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..."
    #
    # Subject to use to notify about multiple messages in a room which has a
    # name.
    #messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..."
    #
    # Subject to use to notify about multiple messages in multiple rooms.
    #messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
    #
    # Subject to use to notify about multiple messages from multiple persons in
    # multiple rooms. This is similar to the setting above except it's used when
    # the room in which the notification was triggered has no name.
    #messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..."
    #
    # Subject to use to notify about an invite to a room which has a name.
    #invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
    #
    # Subject to use to notify about an invite to a room which doesn't have a
    # name.
    #invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..."

    # Subject for emails related to account administration.
    #
    # On top of the '%(app)s' placeholder, these one can use the
    # '%(server_name)s' placeholder, which will be replaced by the value of the
    # 'server_name' setting in your Synapse configuration.
    #
    # Subject to use when sending a password reset email.
    #password_reset: "[%(server_name)s] Password reset"
    #
    # Subject to use when sending a verification email to assert an address's
    # ownership.
    #email_validation: "[%(server_name)s] Validate your email"

2214

2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
# Password providers allow homeserver administrators to integrate
# their Synapse installation with existing authentication methods
# ex. LDAP, external tokens, etc.
#
# For more information and known implementations, please see
# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md
#
# Note: instances wishing to use SAML or CAS authentication should
# instead use the `saml2_config` or `cas_config` options,
# respectively.
#
password_providers:
#    # Example config for an LDAP auth provider
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
#    - module: "ldap_auth_provider.LdapAuthProvider"
#      config:
#        enabled: true
#        uri: "ldap://ldap.example.com:389"
#        start_tls: true
#        base: "ou=users,dc=example,dc=com"
#        attributes:
#           uid: "cn"
#           mail: "email"
#           name: "givenName"
#        #bind_dn:
#        #bind_password:
#        #filter: "(objectClass=posixAccount)"
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250



# Clients requesting push notifications can either have the body of
# the message sent in the notification poke along with other details
# like the sender, or just the event ID and room ID (`event_id_only`).
# If clients choose the former, this option controls whether the
# notification request includes the content of the event (other details
# like the sender are still included). For `event_id_only` push, it
# has no effect.
2251
#
2252
2253
2254
2255
2256
# For modern android devices the notification content will still appear
# because it is loaded by the app. iPhone, however will send a
# notification saying only that a message arrived and who it came from.
#
#push:
2257
#  include_content: true
2258
2259


2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
# Spam checkers are third-party modules that can block specific actions
# of local users, such as creating rooms and registering undesirable
# usernames, as well as remote users by redacting incoming events.
#
spam_checker:
   #- module: "my_custom_project.SuperSpamChecker"
   #  config:
   #    example_option: 'things'
   #- module: "some_other_project.BadEventStopper"
   #  config:
   #    example_stop_events_from: ['@bad:example.com']
2271
2272


2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
## Rooms ##

# Controls whether locally-created rooms should be end-to-end encrypted by
# default.
#
# Possible options are "all", "invite", and "off". They are defined as:
#
# * "all": any locally-created room
# * "invite": any room created with the "private_chat" or "trusted_private_chat"
#             room creation presets
# * "off": this option will take no effect
#
# The default value is "off".
#
# Note that this option will only affect rooms created after it is set. It
# will also not affect rooms created by other servers.
#
#encryption_enabled_by_default_for_room_type: invite


2293
2294
2295
# Uncomment to allow non-server-admin users to create groups on this server
#
#enable_group_creation: true
2296
2297
2298

# If enabled, non server admins can only create groups with local parts
# starting with this prefix
2299
2300
#
#group_creation_prefix: "unofficial/"
2301
2302
2303
2304
2305



# User Directory configuration
#
2306
2307
2308
2309
# 'enabled' defines whether users can search the user directory. If
# false then empty responses are returned to all queries. Defaults to
# true.
#
2310
2311
# 'search_all_users' defines whether to search all users visible to your HS
# when searching the user directory, rather than limiting to users visible
2312
2313
2314
# in public rooms.  Defaults to false.  If you set it True, you'll have to
# rebuild the user_directory search indexes, see
# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
2315
2316
#
#user_directory:
2317
2318
#  enabled: true
#  search_all_users: false
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354


# User Consent configuration
#
# for detailed instructions, see
# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md
#
# Parts of this section are required if enabling the 'consent' resource under
# 'listeners', in particular 'template_dir' and 'version'.
#
# 'template_dir' gives the location of the templates for the HTML forms.
# This directory should contain one subdirectory per language (eg, 'en', 'fr'),
# and each language directory should contain the policy document (named as
# '<version>.html') and a success page (success.html).
#
# 'version' specifies the 'current' version of the policy document. It defines
# the version to be served by the consent resource if there is no 'v'
# parameter.
#
# 'server_notice_content', if enabled, will send a user a "Server Notice"
# asking them to consent to the privacy policy. The 'server_notices' section
# must also be configured for this to work. Notices will *not* be sent to
# guest users unless 'send_server_notice_to_guests' is set to true.
#
# 'block_events_error', if set, will block any attempts to send events
# until the user consents to the privacy policy. The value of the setting is
# used as the text of the error.
#
# 'require_at_registration', if enabled, will add a step to the registration
# process, similar to how captcha works. Users will be required to accept the
# policy before their account is created.
#
# 'policy_name' is the display name of the policy users will see when registering
# for an account. Has no effect unless `require_at_registration` is enabled.
# Defaults to "Privacy Policy".
#
2355
2356
2357
2358
2359
2360
2361
2362
#user_consent:
#  template_dir: res/templates/privacy
#  version: 1.0
#  server_notice_content:
#    msgtype: m.text
#    body: >-
#      To continue using this homeserver you must review and agree to the
#      terms and conditions at %(consent_uri)s
2363
#  send_server_notice_to_guests: true
2364
2365
2366
#  block_events_error: >-
#    To continue using this homeserver you must review and agree to the
#    terms and conditions at %(consent_uri)s
2367
#  require_at_registration: false
2368
#  policy_name: Privacy Policy
2369
2370
2371
#


2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387

# Local statistics collection. Used in populating the room directory.
#
# 'bucket_size' controls how large each statistics timeslice is. It can
# be defined in a human readable short form -- e.g. "1d", "1y".
#
# 'retention' controls how long historical statistics will be kept for.
# It can be defined in a human readable short form -- e.g. "1d", "1y".
#
#
#stats:
#   enabled: true
#   bucket_size: 1d
#   retention: 1y


2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
# Server Notices room configuration
#
# Uncomment this section to enable a room which can be used to send notices
# from the server to users. It is a special room which cannot be left; notices
# come from a special "notices" user id.
#
# If you uncomment this section, you *must* define the system_mxid_localpart
# setting, which defines the id of the user which will be used to send the
# notices.
#
# It's also possible to override the room name, the display name of the
# "notices" user, and the avatar for the user.
#
2401
2402
2403
2404
2405
#server_notices:
#  system_mxid_localpart: notices
#  system_mxid_display_name: "Server Notices"
#  system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
#  room_name: "Server Notices"
2406
2407
2408



2409
2410
2411
2412
2413
2414
# Uncomment to disable searching the public room list. When disabled
# blocks searching local and remote room lists for local and remote
# users by always returning an empty list for all queries.
#
#enable_room_list_search: false

2415
2416
2417
2418
# The `alias_creation` option controls who's allowed to create aliases
# on this server.
#
# The format of this option is a list of rules that contain globs that
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
# match against user_id, room_id and the new alias (fully qualified with
# server name). The action in the first rule that matches is taken,
# which can currently either be "allow" or "deny".
#
# Missing user_id/room_id/alias fields default to "*".
#
# If no rules match the request is denied. An empty list means no one
# can create aliases.
#
# Options for the rules include:
#
#   user_id: Matches against the creator of the alias
#   alias: Matches against the alias being created
#   room_id: Matches against the room ID the alias is being pointed at
#   action: Whether to "allow" or "deny" the request if the rule matches
#
# The default is:
#
#alias_creation_rules:
#  - user_id: "*"
#    alias: "*"
#    room_id: "*"
#    action: allow

# The `room_list_publication_rules` option controls who can publish and
# which rooms can be published in the public room list.
#
# The format of this option is the same as that for
# `alias_creation_rules`.
#
# If the room has one or more aliases associated with it, only one of
# the aliases needs to match the alias rule. If there are no aliases
# then only rules with `alias: *` match.
#
# If no rules match the request is denied. An empty list means no one
# can publish rooms.
#
# Options for the rules include:
#
2458
#   user_id: Matches against the creator of the alias
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
#   room_id: Matches against the room ID being published
#   alias: Matches against any current local or canonical aliases
#            associated with the room
#   action: Whether to "allow" or "deny" the request if the rule matches
#
# The default is:
#
#room_list_publication_rules:
#  - user_id: "*"
#    alias: "*"
#    room_id: "*"
#    action: allow
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483


# Server admins can define a Python module that implements extra rules for
# allowing or denying incoming events. In order to work, this module needs to
# override the methods defined in synapse/events/third_party_rules.py.
#
# This feature is designed to be used in closed federations only, where each
# participating server enforces the same rules.
#
#third_party_event_rules:
#  module: "my_custom_project.SuperRulesSet"
#  config:
#    example_option: 'things'
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503


## Opentracing ##

# These settings enable opentracing, which implements distributed tracing.
# This allows you to observe the causal chains of events across servers
# including requests, key lookups etc., across any server running
# synapse or any other other services which supports opentracing
# (specifically those implemented with Jaeger).
#
opentracing:
    # tracing is disabled by default. Uncomment the following line to enable it.
    #
    #enabled: true

    # The list of homeservers we wish to send and receive span contexts and span baggage.
    # See docs/opentracing.rst
    # This is a list of regexes which are matched against the server_name of the
    # homeserver.
    #
2504
    # By default, it is empty, so no servers are matched.
2505
2506
2507
    #
    #homeserver_whitelist:
    #  - ".*"
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523

    # Jaeger can be configured to sample traces at different rates.
    # All configuration options provided by Jaeger can be set here.
    # Jaeger's configuration mostly related to trace sampling which
    # is documented here:
    # https://www.jaegertracing.io/docs/1.13/sampling/.
    #
    #jaeger_config:
    #  sampler:
    #    type: const
    #    param: 1

    #  Logging whether spans were started and reported
    #
    #  logging:
    #    false
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564


## Workers ##

worker_app: synapse.app.homeserver
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093

# Disables sending of outbound federation transactions on the main process.
# Uncomment if using a federation sender worker.
#
send_federation: false
notify_appservices: false

# It is possible to run multiple federation sender workers, in which case the
# work is balanced across them.
#
# This configuration must be shared between all federation sender workers, and if
# changed all federation sender workers must be stopped at the same time and then
# started, to ensure that all instances are running with the same config (otherwise
# events may be dropped).
#
federation_sender_instances:
  - federation_sender

# When using workers this should be a map from `worker_name` to the
# HTTP replication listener of the worker, if configured.
#
#instance_map:
#  worker1:
#    host: localhost
#    port: 8034

# Experimental: When using workers you can define which workers should
# handle event persistence and typing notifications. Any worker
# specified here must also be in the `instance_map`.
#
#stream_writers:
#  events: worker1
#  typing: worker1

2565
2566
2567
2568
2569
# The worker that is used to run background tasks (e.g. cleaning up expired
# data). If not provided this defaults to the main process.
#
#run_background_tasks_on: worker1

2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587

# Configuration for Redis when using workers. This *must* be enabled when
# using workers (unless using old style direct TCP configuration).
#
redis:
  # Uncomment the below to enable Redis support.
  #
  enabled: true

  # Optional host and port to use to connect to redis. Defaults to
  # localhost and 6379
  #
  #host: localhost
  #port: 6379

  # Optional password if configured on the Redis instance
  #
  #password: <secret_password>
For faster browsing, not all history is shown. View entire blame