mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-10 20:57:41 +01:00
70487061f4
This doesn't replace all usage of `-v`, but it's a start. People sometimes troubleshoot by deleting files (especially bridge config files). Restarting Synapse with a missing registration.yaml file for a given bridge, causes the `-v /something/registration.yaml:/something/registration.yaml:ro` option to force-create `/something/registration.yaml` as a directory. When a path that's provided to the `-v` option is missing, Docker auto-creates that path as a directory. This causes more breakage and confusion later on. We'd rather fail, instead of magically creating directories. Using `--mount`, instead of `-v` is the solution to this. From Docker's documentation: > When you use --mount with type=bind, the host-path must refer to an existing path on the host. > The path will not be created for you and the service will fail with an error if the path does not exist.
281 lines
13 KiB
YAML
281 lines
13 KiB
YAML
# Synapse is a Matrix homeserver
|
|
# See: https://github.com/matrix-org/synapse
|
|
|
|
matrix_synapse_enabled: true
|
|
|
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.5.1"
|
|
|
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
|
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
|
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
|
|
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
|
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
|
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
|
|
|
# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container).
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
|
|
matrix_synapse_container_client_api_host_bind_port: ''
|
|
|
|
# Controls whether the matrix-synapse container exposes the plain (unencrypted) Server/Server (Federation) API port (tcp/8048 in the container).
|
|
#
|
|
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled).
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.
|
|
matrix_synapse_container_federation_api_plain_host_bind_port: ''
|
|
|
|
# Controls whether the matrix-synapse container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container).
|
|
#
|
|
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled)
|
|
# and TLS support is enabled (matrix_synapse_tls_federation_listener_enabled).
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose.
|
|
matrix_synapse_container_federation_api_tls_host_bind_port: ''
|
|
|
|
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100 in the container).
|
|
#
|
|
# Takes effect only if metrics are enabled (matrix_synapse_metrics_enabled).
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
|
|
matrix_synapse_container_metrics_api_host_bind_port: ''
|
|
|
|
# A list of extra arguments to pass to the container
|
|
matrix_synapse_container_extra_arguments: []
|
|
|
|
# List of systemd services that matrix-synapse.service depends on
|
|
matrix_synapse_systemd_required_services_list: ['docker.service']
|
|
|
|
# List of systemd services that matrix-synapse.service wants
|
|
matrix_synapse_systemd_wanted_services_list: []
|
|
|
|
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages"
|
|
|
|
# Specifies which template files to use when configuring Synapse.
|
|
# If you'd like to have your own different configuration, feel free to copy and paste
|
|
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
|
|
# and then change the specific host's `vars.yaml` file like this:
|
|
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
|
|
|
|
matrix_synapse_macaroon_secret_key: ""
|
|
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
|
|
# The list of identity servers to use for Synapse.
|
|
# We assume this role runs standalone without a local Identity server, so we point Synapse to public ones.
|
|
# This most likely gets overwritten later, so that a local Identity server is used.
|
|
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_public }}"
|
|
|
|
matrix_synapse_max_upload_size_mb: 10
|
|
matrix_synapse_max_log_file_size_mb: 100
|
|
matrix_synapse_max_log_files_count: 10
|
|
|
|
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
|
matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}"
|
|
|
|
# Log levels
|
|
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
|
|
# warning: setting log level to DEBUG will make synapse log sensitive information such
|
|
# as access tokens
|
|
matrix_synapse_log_level: "INFO"
|
|
matrix_synapse_storage_sql_log_level: "INFO"
|
|
matrix_synapse_root_log_level: "INFO"
|
|
|
|
# Rate limits
|
|
matrix_synapse_rc_message:
|
|
per_second: 0.2
|
|
burst_count: 10
|
|
|
|
matrix_synapse_rc_registration:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
|
|
matrix_synapse_rc_login:
|
|
address:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
account:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
failed_attempts:
|
|
per_second: 0.17
|
|
burst_count: 3
|
|
|
|
matrix_synapse_rc_federation:
|
|
window_size: 1000
|
|
sleep_limit: 10
|
|
sleep_delay: 500
|
|
reject_limit: 50
|
|
concurrent: 3
|
|
|
|
matrix_synapse_federation_rr_transactions_per_room_per_second: 50
|
|
|
|
# Controls whether the TLS federation listener is enabled (tcp/8448).
|
|
# Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`).
|
|
# Note that federation may potentially be enabled as non-TLS on tcp/8048 as well.
|
|
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
|
|
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
|
|
matrix_synapse_tls_federation_listener_enabled: true
|
|
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
|
|
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
|
|
|
|
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
|
# (things like number of users, number of messages sent, uptime, load, etc.)
|
|
matrix_synapse_report_stats: false
|
|
|
|
# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
|
|
# If users participate in large rooms with many other servers,
|
|
# disabling this will decrease server load significantly.
|
|
matrix_synapse_use_presence: true
|
|
|
|
# Controls whether people with access to the homeserver can register by themselves.
|
|
matrix_synapse_enable_registration: false
|
|
|
|
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
|
|
matrix_synapse_registrations_require_3pid: []
|
|
|
|
# Users who register on this homeserver will automatically be joined to these rooms.
|
|
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
|
|
matrix_synapse_auto_join_rooms: []
|
|
|
|
# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created
|
|
# automatically if they don't already exist.
|
|
matrix_synapse_autocreate_auto_join_rooms: true
|
|
|
|
# Controls password-peppering for Synapse. Not to be changed after initial setup.
|
|
matrix_synapse_password_config_pepper: ""
|
|
|
|
# Controls the number of events that Synapse caches in memory.
|
|
matrix_synapse_event_cache_size: "100K"
|
|
|
|
# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
|
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
|
# To learn more, see:
|
|
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
|
# - https://github.com/matrix-org/synapse/issues/3939
|
|
matrix_synapse_cache_factor: 0.5
|
|
|
|
# Controls whether Synapse will federate at all.
|
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
|
# Also see: `matrix_synapse_tls_federation_listener_enabled` if you wish to keep federation enabled,
|
|
# but want to stop the TLS listener (port 8448).
|
|
matrix_synapse_federation_enabled: true
|
|
|
|
# A list of domain names that are allowed to federate with the given Synapse server.
|
|
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
|
|
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
|
|
matrix_synapse_federation_domain_whitelist: ~
|
|
|
|
# A list of additional "volumes" to mount in the container.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
|
#
|
|
# Note: internally, this uses the `-v` flag for mounting the specified volumes.
|
|
# It's better (safer) to use the `--mount` flag for mounting volumes.
|
|
# To use `--mount`, specifiy it in `matrix_synapse_container_extra_arguments`.
|
|
# Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
|
|
matrix_synapse_container_additional_volumes: []
|
|
|
|
# A list of additional loggers to register in synapse.log.config.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
|
|
matrix_synapse_additional_loggers: []
|
|
|
|
# A list of appservice config files (in-container filesystem paths).
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.
|
|
matrix_synapse_app_service_config_files: []
|
|
|
|
# This is set dynamically during execution depending on whether
|
|
# any password providers have been enabled or not.
|
|
matrix_synapse_password_providers_enabled: false
|
|
|
|
# Whether clients can request to include message content in push notifications
|
|
# sent through third party servers. Setting this to false requires mobile clients
|
|
# to load message content directly from the homeserver.
|
|
matrix_synapse_push_include_content: true
|
|
|
|
# If url previews should be generated. This will cause a request from Synapse to
|
|
# URLs shared by users.
|
|
matrix_synapse_url_preview_enabled: true
|
|
|
|
# Enable exposure of metrics to Prometheus
|
|
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.rst
|
|
matrix_synapse_metrics_enabled: false
|
|
matrix_synapse_metrics_port: 9100
|
|
|
|
# Postgres database information
|
|
matrix_synapse_database_host: ""
|
|
matrix_synapse_database_user: ""
|
|
matrix_synapse_database_password: ""
|
|
matrix_synapse_database_database: ""
|
|
|
|
matrix_synapse_turn_uris: []
|
|
matrix_synapse_turn_shared_secret: ""
|
|
|
|
matrix_synapse_email_enabled: false
|
|
matrix_synapse_email_smtp_host: ""
|
|
matrix_synapse_email_smtp_port: 587
|
|
matrix_synapse_email_smtp_require_transport_security: false
|
|
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
|
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
|
|
|
|
|
# Enable this to activate the REST auth password provider module.
|
|
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
|
|
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.2/rest_auth_provider.py"
|
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
|
|
|
# Enable this to activate the Shared Secret Auth password provider module.
|
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
|
|
|
# Enable this to activate LDAP password provider
|
|
matrix_synapse_ext_password_provider_ldap_enabled: false
|
|
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
|
|
matrix_synapse_ext_password_provider_ldap_start_tls: true
|
|
matrix_synapse_ext_password_provider_ldap_base: ""
|
|
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
|
|
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
|
|
matrix_synapse_ext_password_provider_ldap_bind_password: ""
|
|
matrix_synapse_ext_password_provider_ldap_filter: ""
|
|
|
|
|
|
matrix_s3_media_store_enabled: false
|
|
matrix_s3_media_store_custom_endpoint_enabled: false
|
|
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
|
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
|
|
matrix_s3_media_store_bucket_name: "your-bucket-name"
|
|
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
|
|
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
|
|
matrix_s3_media_store_region: "eu-central-1"
|
|
|
|
# Controls whether the self-check feature should validate SSL certificates.
|
|
matrix_synapse_self_check_validate_certificates: true
|
|
|
|
# Controls whether searching the public room list is enabled.
|
|
matrix_synapse_enable_room_list_search: true
|
|
|
|
# Controls who's allowed to create aliases on this server.
|
|
matrix_synapse_alias_creation_rules:
|
|
- user_id: "*"
|
|
alias: "*"
|
|
room_id: "*"
|
|
action: allow
|
|
|
|
# Controls who can publish and which rooms can be published in the public room list.
|
|
matrix_synapse_room_list_publication_rules:
|
|
- user_id: "*"
|
|
alias: "*"
|
|
room_id: "*"
|
|
action: allow
|