matrix-docker-ansible-deploy/roles/custom/matrix-synapse/defaults/main.yml
Quentin Young b31731ebf8 fix s3 storage provider not ensuring data dir
This path is accessed by the s3 storage provider stuff and needs to be
ensured.

Broken by 7c5c3aedc
2022-12-04 01:16:58 -05:00

940 lines
57 KiB
YAML

---
# Synapse is a Matrix homeserver
# Project source code URL: https://github.com/matrix-org/synapse
matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false
matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git"
# matrix_synapse_container_image_customizations_enabled controls whether a customized Synapse image will be built.
#
# We toggle this variable to `true` when certain features which require a custom build are enabled.
# Feel free to toggle this to `true` yourself and specify build steps in `matrix_synapse_container_image_customizations_dockerfile_body_custom`.
#
# See:
# - `roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2`
# - `matrix_synapse_container_image_customizations_dockerfile_body_custom`
# - `matrix_synapse_docker_image_customized`
# - `matrix_synapse_docker_image_final`
matrix_synapse_container_image_customizations_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"
# Controls whether custom build steps will be added to the Dockerfile for installing s3-storage-provider.
# The version that will be installed is specified in `matrix_synapse_ext_synapse_s3_storage_provider_version`.
matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"
# matrix_synapse_container_image_customizations_dockerfile_body contains your custom Dockerfile steps
# for building your customized Synapse image based on the original (upstream) image (`matrix_synapse_docker_image`).
# A `FROM ...` clause is included automatically so you don't have to.
#
# Example:
# matrix_synapse_container_image_customizations_dockerfile_body_custom: |
# RUN echo 'This is a custom step for building the customized Docker image for Synapse.'
# RUN echo 'You can override matrix_synapse_container_image_customizations_dockerfile_body_custom to add your own steps.'
# RUN echo 'You do NOT need to include a FROM clause yourself.'
matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_version: v1.72.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
# matrix_synapse_docker_image_customized is the name of the locally built Synapse image
# which adds various customizations on top of the original (upstream) Synapse image.
# This image will be based on the upstream `matrix_synapse_docker_image` image, only if `matrix_synapse_container_image_customizations_enabled: true`.
matrix_synapse_docker_image_customized: "localhost/matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}-customized"
# matrix_synapse_docker_image_final holds the name of the Synapse image to run depending on whether or not customizations are enabled.
matrix_synapse_docker_image_final: "{{ matrix_synapse_docker_image_customized if matrix_synapse_container_image_customizations_enabled else matrix_synapse_docker_image }} "
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src"
matrix_synapse_customized_docker_src_files_path: "{{ matrix_synapse_base_path }}/customized-docker-src"
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
matrix_synapse_bin_path: "{{ matrix_synapse_base_path }}/bin"
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
matrix_synapse_ext_s3_storage_provider_base_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
matrix_synapse_ext_s3_storage_provider_bin_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/bin"
matrix_synapse_ext_s3_storage_provider_data_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data"
matrix_synapse_container_client_api_port: 8008
matrix_synapse_container_federation_api_tls_port: 8448
matrix_synapse_container_federation_api_plain_port: 8048
# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/{{ matrix_synapse_container_client_api_port }} in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
matrix_synapse_container_client_api_host_bind_port: ''
# Controls whether the matrix-synapse container exposes the plain (unencrypted) Server/Server (Federation) API port (tcp/8048 in the container).
#
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.
matrix_synapse_container_federation_api_plain_host_bind_port: ''
# Controls whether the matrix-synapse container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container).
#
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled)
# and TLS support is enabled (matrix_synapse_tls_federation_listener_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose.
matrix_synapse_container_federation_api_tls_host_bind_port: ''
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100 in the container).
#
# Takes effect only if metrics are enabled (matrix_synapse_metrics_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
matrix_synapse_container_metrics_api_host_bind_port: ''
# Controls whether the matrix-synapse container exposes the manhole port (tcp/9000 in the container).
#
# Takes effect only if the manhole is enabled (matrix_synapse_manhole_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
matrix_synapse_container_manhole_api_host_bind_port: ''
# A list of extra arguments to pass to the container
# Also see `matrix_synapse_container_arguments`
matrix_synapse_container_extra_arguments: []
# matrix_synapse_container_extra_arguments_auto is a list of extra arguments to pass to the container.
# This list is managed by the playbook. You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`.
matrix_synapse_container_extra_arguments_auto: []
# matrix_synapse_container_arguments holds the final list of extra arguments to pass to the container.
# You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`.
matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_extra_arguments_auto }}"
# List of systemd services that matrix-synapse.service depends on
matrix_synapse_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-synapse.service wants
matrix_synapse_systemd_wanted_services_list: []
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site-packages"
# Specifies which template files to use when configuring Synapse.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
# and then change the specific host's `vars.yml` file like this:
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
matrix_synapse_macaroon_secret_key: ""
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_allow_guest_access: false
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_max_upload_size_mb: 50
# Controls whether local media should be removed under certain conditions, typically for the purpose of saving space.
# should be empty to disable
matrix_synapse_media_retention_local_media_lifetime:
# Controls whether remote media cache (media that is downloaded from other homeservers)
# should be removed under certain conditions, typically for the purpose of saving space.
# should be empty to disable
matrix_synapse_media_retention_remote_media_lifetime:
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}"
# Log levels
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
# warning: setting log level to DEBUG will make synapse log sensitive information such
# as access tokens.
#
# Increasing verbosity may lead to an excessive amount of log messages being generated,
# some of which may get dropped by systemd-journald on certain distributions (like CentOS 7).
# You can work around it by adding `RateLimitInterval=0` and `RateLimitBurst=0` under `[Storage]` in
# `/etc/systemd/journald.conf` and restarting the logging service (`systemctl restart systemd-journald`).
matrix_synapse_log_level: "WARNING"
matrix_synapse_storage_sql_log_level: "WARNING"
matrix_synapse_root_log_level: "WARNING"
# Rate limits
matrix_synapse_rc_message:
per_second: 0.2
burst_count: 10
matrix_synapse_rc_registration:
per_second: 0.17
burst_count: 3
matrix_synapse_rc_login:
address:
per_second: 0.17
burst_count: 3
account:
per_second: 0.17
burst_count: 3
failed_attempts:
per_second: 0.17
burst_count: 3
matrix_synapse_rc_admin_redaction:
per_second: 1
burst_count: 50
matrix_synapse_rc_joins:
local:
per_second: 0.1
burst_count: 10
remote:
per_second: 0.01
burst_count: 10
matrix_synapse_rc_invites:
per_room:
per_second: 0.3
burst_count: 10
per_user:
per_second: 0.003
burst_count: 5
per_issuer:
per_second: 0.3
burst_count: 10
matrix_synapse_rc_federation:
window_size: 1000
sleep_limit: 10
sleep_delay: 500
reject_limit: 50
concurrent: 3
matrix_synapse_federation_rr_transactions_per_room_per_second: 50
# Controls whether the TLS federation listener is enabled (tcp/8448).
# Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`).
# Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_federation_api_plain_port` as well.
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
matrix_synapse_tls_federation_listener_enabled: true
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
# Resource names used by the unsecure HTTP listener. Here only the Client API
# is defined, see the homeserver config for a full list of valid resource
# names.
matrix_synapse_http_listener_resource_names: ["client"]
# Resources served on Synapse's federation port.
# When disabling federation, we may wish to serve the `openid` resource here,
# so that services like Dimension and ma1sd can work.
matrix_synapse_federation_listener_resource_names: "{{ ['federation'] if matrix_synapse_federation_enabled else (['openid'] if matrix_synapse_federation_port_openid_resource_required else []) }}"
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
# (things like number of users, number of messages sent, uptime, load, etc.)
matrix_synapse_report_stats: false
# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
# If users participate in large rooms with many other servers,
# disabling this will decrease server load significantly.
matrix_synapse_presence_enabled: true
# Controls whether accessing the server's public rooms directory can be done without authentication.
# For private servers, you most likely wish to require authentication,
# unless you know what list of rooms you're publishing to the world and explicitly want to do it.
matrix_synapse_allow_public_rooms_without_auth: false
# Controls whether remote servers can fetch this server's public rooms directory via federation.
# For private servers, you most likely wish to forbid it.
matrix_synapse_allow_public_rooms_over_federation: false
# Whether to require authentication to retrieve profile data (avatars,
# display names) of other users through the client API. Defaults to
# 'false'. Note that profile data is also available via the federation
# API, so this setting is of limited value if federation is enabled on
# the server.
matrix_synapse_require_auth_for_profile_requests: false
# Set to true to require a user to share a room with another user in order
# to retrieve their profile information. Only checked on Client-Server
# requests. Profile requests from other servers should be checked by the
# requesting server. Defaults to 'false'.
matrix_synapse_limit_profile_requests_to_users_who_share_rooms: false
# Set to false to prevent a user's profile data from being retrieved and
# displayed in a room until they have joined it. By default, a user's
# profile data is included in an invite event, regardless of the values
# of the above two settings, and whether or not the users share a server.
# Defaults to 'true'.
matrix_synapse_include_profile_data_on_invite: true
# Controls whether people with access to the homeserver can register by themselves.
matrix_synapse_enable_registration: false
# Controls whether people with access to the homeserver can register by themselves without verification (email/msisdn/token)
matrix_synapse_enable_registration_without_verification: false
# reCAPTCHA API for validating registration attempts
matrix_synapse_enable_registration_captcha: false
matrix_synapse_recaptcha_public_key: ''
matrix_synapse_recaptcha_private_key: ''
# Requires an MSC3231 token for registration. Note that `matrix_synapse_enable_registration` must be set to `true`.
# Tokens can be created via the API or through synapse-admin.
# Disabling this option will not delete any tokens previously generated.
matrix_synapse_registration_requires_token: false
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
matrix_synapse_registrations_require_3pid: []
# A list of patterns 3pids must match in order to permit registration, e.g.:
# - medium: email
# pattern: '.*@example\.com'
# - medium: msisdn
# pattern: '\+44'
matrix_synapse_allowed_local_3pids: []
# The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it.
# To make it work, this should be pointed to an identity server.
matrix_synapse_account_threepid_delegates_msisdn: ''
# Users who register on this homeserver will automatically be joined to these rooms.
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
matrix_synapse_auto_join_rooms: []
# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created
# automatically if they don't already exist.
matrix_synapse_autocreate_auto_join_rooms: true
# Controls password-peppering for Synapse. Not to be changed after initial setup.
matrix_synapse_password_config_pepper: ""
# Controls if Synapse allows people to authenticate against its local database.
# It may be useful to disable this if you've configured additional password providers
# and only wish authentication to happen through them.
matrix_synapse_password_config_localdb_enabled: true
# Controls the number of events that Synapse caches in memory.
matrix_synapse_event_cache_size: "100K"
# Controls cache sizes for Synapse.
# Raise this to increase cache sizes or lower it to potentially lower memory use.
# To learn more, see:
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
# - https://github.com/matrix-org/synapse/issues/3939
matrix_synapse_caches_global_factor: 0.5
# Controls whether Synapse will federate at all.
# Disable this to completely isolate your server from the rest of the Matrix network.
#
# Disabling this still keeps the federation port exposed, because it may be used for other services (`openid`).
#
# Also see:
# - `matrix_synapse_tls_federation_listener_enabled` if you wish to keep federation enabled,
# but want to stop the TLS listener (port 8448).
# - `matrix_synapse_federation_port_enabled` to avoid exposing the federation ports
matrix_synapse_federation_enabled: true
# Controls whether the federation ports are used at all.
# One may wish to disable federation (`matrix_synapse_federation_enabled: true`),
# but still run other resources (like `openid`) on the federation port
# by enabling them in `matrix_synapse_federation_listener_resource_names`.
matrix_synapse_federation_port_enabled: "{{ matrix_synapse_federation_enabled or matrix_synapse_federation_port_openid_resource_required }}"
# Controls whether an `openid` listener is to be enabled. Useful when disabling federation,
# but needing the `openid` APIs for Dimension or an identity server like ma1sd.
matrix_synapse_federation_port_openid_resource_required: false
# A list of domain names that are allowed to federate with the given Synapse server.
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
matrix_synapse_federation_domain_whitelist: ~
# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
#
# Note: internally, this uses the `-v` flag for mounting the specified volumes.
# It's better (safer) to use the `--mount` flag for mounting volumes.
# To use `--mount`, specify it in `matrix_synapse_container_extra_arguments`.
# Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
matrix_synapse_container_additional_volumes: []
# A list of additional loggers to register in synapse.log.config.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
matrix_synapse_additional_loggers: []
# A list of appservice config files (in-container filesystem paths).
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.
# Also see `matrix_synapse_app_service_config_files_final`
matrix_synapse_app_service_config_files: []
# matrix_synapse_app_service_config_files_auto is a list of appservice config files.
# This list is managed by the playbook. You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`.
matrix_synapse_app_service_config_files_auto: []
# matrix_synapse_app_service_config_files_final holds the final list of config files to pass to the container.
# You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`.
matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_config_files_auto }}"
# This is set dynamically during execution depending on whether
# any password providers have been enabled or not.
matrix_synapse_password_providers_enabled: false
# Whether clients can request to include message content in push notifications
# sent through third party servers. Setting this to false requires mobile clients
# to load message content directly from the homeserver.
matrix_synapse_push_include_content: true
# If url previews should be generated. This will cause a request from Synapse to
# URLs shared by users.
matrix_synapse_url_preview_enabled: true
# A list of values for the Accept-Language HTTP header used when downloading webpages during URL preview generation
matrix_url_preview_accept_language: ['en-US', 'en']
# Enable exposure of metrics to Prometheus
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
matrix_synapse_metrics_enabled: false
matrix_synapse_metrics_port: 9100
# matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded.
matrix_synapse_grafana_dashboard_urls:
- https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json
# Controls whether Synapse metrics should be proxied (exposed) on:
# - `matrix.DOMAIN/metrics/synapse/main-process` for the main process
# - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process
#
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_synapse_metrics_proxying_enabled: false
# Enable the Synapse manhole
# See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md
matrix_synapse_manhole_enabled: false
# Enable support for Synapse workers
matrix_synapse_workers_enabled: false
# Specifies worker configuration that should be used when workers are enabled.
#
# The posible values (as seen in `matrix_synapse_workers_presets`) are:
# - "little-federation-helper" - a very minimal worker configuration to improve federation performance
# - "one-of-each" - one worker of each supported type
#
# You can override `matrix_synapse_workers_presets` to define your own presets, which is ill-advised, because it's fragile.
# To use a more custom configuration, start with one of these presets as a base and configure `matrix_synapse_workers_*_count` variables manually, to suit your liking.
matrix_synapse_workers_preset: one-of-each
matrix_synapse_workers_presets:
little-federation-helper:
generic_workers_count: 0
pusher_workers_count: 0
federation_sender_workers_count: 1
media_repository_workers_count: 0
appservice_workers_count: 0
user_dir_workers_count: 0
background_workers_count: 0
stream_writer_events_stream_workers_count: 0
stream_writer_typing_stream_workers_count: 0
stream_writer_to_device_stream_workers_count: 0
stream_writer_account_data_stream_workers_count: 0
stream_writer_receipts_stream_workers_count: 0
stream_writer_presence_stream_workers_count: 0
one-of-each:
generic_workers_count: 1
pusher_workers_count: 1
federation_sender_workers_count: 1
media_repository_workers_count: 1
appservice_workers_count: 1
user_dir_workers_count: 1
background_workers_count: 1
stream_writer_events_stream_workers_count: 1
stream_writer_typing_stream_workers_count: 1
stream_writer_to_device_stream_workers_count: 1
stream_writer_account_data_stream_workers_count: 1
stream_writer_receipts_stream_workers_count: 1
stream_writer_presence_stream_workers_count: 1
# Controls whether the matrix-synapse container exposes the various worker ports
# (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container.
#
# Takes an "<ip>" value (e.g. "127.0.0.1", "0.0.0.0", etc), or empty string to not expose.
# It takes "*" to signify "bind on all interfaces" ("0.0.0.0" is IPv4-only).
matrix_synapse_workers_container_host_bind_address: ''
matrix_synapse_workers_generic_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['generic_workers_count'] }}"
matrix_synapse_workers_generic_workers_port_range_start: 18111
matrix_synapse_workers_generic_workers_metrics_range_start: 19111
# matrix_synapse_workers_stream_writer_events_stream_workers_count controls how many stream writers that handle the `events` stream to spawn.
# More than 1 worker is also supported of this type.
matrix_synapse_workers_stream_writer_events_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_events_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_typing_stream_workers_count controls how many stream writers that handle the `typing` stream to spawn.
# The count of these workers can only be 0 or 1.
matrix_synapse_workers_stream_writer_typing_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_typing_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_to_device_stream_workers_count controls how many stream writers that handle the `to_device` stream to spawn.
# The count of these workers can only be 0 or 1.
matrix_synapse_workers_stream_writer_to_device_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_to_device_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_account_data_stream_workers_count controls how many stream writers that handle the `account_data` stream to spawn.
# The count of these workers can only be 0 or 1.
matrix_synapse_workers_stream_writer_account_data_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_account_data_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_receipts_stream_workers_count controls how many stream writers that handle the `receipts` stream to spawn.
# The count of these workers can only be 0 or 1.
matrix_synapse_workers_stream_writer_receipts_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_receipts_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_presence_stream_workers_count controls how many stream writers that handle the `presence` stream to spawn.
# The count of these workers can only be 0 or 1.
matrix_synapse_workers_stream_writer_presence_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_presence_stream_workers_count'] }}"
# A list of stream writer workers to enable. This list is built automatically based on other variables.
# You're encouraged to enable/disable stream writer workers by setting `matrix_synapse_workers_stream_writer_*_stream_workers_count` variables, instead of adjusting this list manually.
matrix_synapse_workers_stream_writers: |
{{
[]
+
([{'stream': 'events'}] * matrix_synapse_workers_stream_writer_events_stream_workers_count | int)
+
([{'stream': 'typing'}] * matrix_synapse_workers_stream_writer_typing_stream_workers_count | int)
+
([{'stream': 'to_device'}] * matrix_synapse_workers_stream_writer_to_device_stream_workers_count | int)
+
([{'stream': 'account_data'}] * matrix_synapse_workers_stream_writer_account_data_stream_workers_count | int)
+
([{'stream': 'receipts'}] * matrix_synapse_workers_stream_writer_receipts_stream_workers_count | int)
+
([{'stream': 'presence'}] * matrix_synapse_workers_stream_writer_presence_stream_workers_count | int)
}}
# matrix_synapse_stream_writers populates the `stream_writers` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_stream_writers`.
# Adjusting this value manually is generally not necessary.
#
# It's tempting to initialize this like this:
# matrix_synapse_stream_writers:
# - typing: []
# - events: []
# - to_device: []
# - account_data: []
# - receipts: []
# - presence: []
# .. but Synapse does not like empty lists (see https://github.com/matrix-org/synapse/issues/13804)
matrix_synapse_stream_writers: {}
# `matrix_synapse_workers_stream_writer_workers_` variables control the port numbers of various stream writer workers
# defined in `matrix_synapse_workers_stream_writers`.
# It should be noted that not all of the background worker types will need to expose HTTP services, etc.
matrix_synapse_workers_stream_writer_workers_http_port_range_start: 20011
matrix_synapse_workers_stream_writer_workers_replication_port_range_start: 25011
matrix_synapse_workers_stream_writer_workers_metrics_range_start: 19211
# matrix_synapse_workers_pusher_workers_count controls the number of pusher workers (workers who push out notifications) to spawn.
# See https://matrix-org.github.io/synapse/latest/workers.html#synapseapppusher
matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['pusher_workers_count'] }}"
matrix_synapse_workers_pusher_workers_metrics_range_start: 19200
# matrix_synapse_federation_pusher_instances populates the `pusher_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_pusher_workers_count` or `matrix_synapse_workers_enabled_list`.
# Adjusting this value manually is generally not necessary.
matrix_synapse_federation_pusher_instances: []
# matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`).
# This is enabled if workers are disabled, or if they are enabled, but there are no pusher workers.
# Adjusting this value manually is generally not necessary.
matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length == 0) }}"
# matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn.
# See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender
matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}"
matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400
# matrix_synapse_federation_sender_instances populates the `federation_sender_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_federation_sender_workers_count` or `matrix_synapse_workers_enabled_list`.
# Adjusting this value manually is generally not necessary.
matrix_synapse_federation_sender_instances: []
# matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`).
# This is allowed if workers are disabled, or they are enabled, but there are no federation sender workers.
# Adjusting this value manually is generally not necessary.
matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length == 0) }}"
matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}"
matrix_synapse_workers_media_repository_workers_port_range_start: 18551
matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551
# matrix_synapse_enable_media_repo controls if the main Synapse process should serve media repository endpoints or if it should be left to media_repository workers (see `matrix_synapse_workers_media_repository_workers_count`).
# This is enabled if workers are disabled, or if they are enabled, but there are no media repository workers.
# Adjusting this value manually is generally not necessary.
matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0) }}"
# matrix_synapse_media_instance_running_background_jobs populates the `media_instance_running_background_jobs` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# `media_instance_running_background_jobs` is meant to point to a single media-repository worker, which is dedicated to running background tasks that maintain the media repository.
# Multiple `media_repository` workers may be enabled. We always pick the first one as the background tasks worker.
matrix_synapse_media_instance_running_background_jobs: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) else '' }}"
# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported.
# appservice workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types).
# Our implementation uses generic worker services and assigns them to perform appservice work using the `notify_appservices_from_worker` Synapse option.
matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}"
matrix_synapse_workers_appservice_workers_metrics_range_start: 19300
# matrix_synapse_notify_appservices_from_worker populates the `notify_appservices_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# `notify_appservices_from_worker` is meant to point to a worker, which is dedicated to sending output traffic to Application Services.
matrix_synapse_notify_appservices_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list | length > 0) else '' }}"
# matrix_synapse_workers_user_dir_workers_count can only be 0 or 1. More instances are not supported.
# user_dir workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types).
# Our implementation uses generic worker services and assigns them to perform appservice work using the `update_user_directory_from_worker` Synapse option.
matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}"
matrix_synapse_workers_user_dir_workers_port_range_start: 18661
matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661
# matrix_synapse_update_user_directory_from_worker populates the `update_user_directory_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# `update_user_directory_from_worker` is meant to point to a worker, which is dedicated to updating the user directory and servicing some user directory URL endpoints (`matrix_synapse_workers_user_dir_worker_client_server_endpoints`).
matrix_synapse_update_user_directory_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list | length > 0) else '' }}"
# matrix_synapse_workers_background_workers_count can only be 0 or 1. More instances are not supported.
# Our implementation uses a generic worker and assigns Synapse to perform background work on this worker using the `run_background_tasks_on` Synapse option.
matrix_synapse_workers_background_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['background_workers_count'] }}"
matrix_synapse_workers_background_workers_metrics_range_start: 19700
# matrix_synapse_run_background_tasks_on populates the `run_background_tasks_on` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# `run_background_tasks_on` is meant to point to a worker, which is dedicated to processing background tasks.
matrix_synapse_run_background_tasks_on: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list | length > 0) else '' }}"
# Default list of workers to spawn.
#
# Unless you populate this manually, this list is dynamically generated
# based on other variables above:
# - `matrix_synapse_workers_*_workers_count`
# - `matrix_synapse_workers_*_workers_port_range_start`
# - `matrix_synapse_workers_*_workers_port_metrics_range_start`
#
# We advise that you use those variables and let this list be populated dynamically.
# Doing that is simpler and also protects you from shooting yourself in the foot,
# as certain workers can only be spawned just once.
#
# Each worker instance in the list defines the following fields:
# - `id` - a string that uniquely identifies the worker
# - `name` - a string that will be used as the container and systemd service name
# - `type` - the type of worker (`generic_worker`, `stream_writer`, `pusher`, etc.)
# - `app` - the Synapse app (https://matrix-org.github.io/synapse/latest/workers.html#available-worker-applications) that powers this worker (`generic_worker`, `federation_sender`, etc.).
# The `app` usually matches the `type`, but not always. For example, `type = stream_writer` workers are served by the `generic_worker` type.
# - `port` - an HTTP port where the worker listens for requests (can be `0` for workers that don't do HTTP request processing)
# - `metrics_port` - an HTTP port where the worker exports Prometheus metrics
# - `replication_port` - an HTTP port where the worker serves `replication` endpoints (used by stream writers, etc.)
# - `webserving` - tells whether this type of worker serves web (client or federation) requests, so that it can be injected as a dependency to the reverse-proxy
#
# Example of what this needs to look like, if you're defining it manually:
# matrix_synapse_workers_enabled_list:
# - { 'id': 'generic-worker-0', 'name': 'matrix-synapse-worker-generic-0', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18111, 'metrics_port': 19111, 'webserving': true }
# - { 'id': 'generic-worker-1', 'name': 'matrix-synapse-worker-generic-1', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18112, 'metrics_port': 19112, 'webserving': true }
# - { 'id': 'generic-worker-2', 'name': 'matrix-synapse-worker-generic-2', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18113, 'metrics_port': 19113, 'webserving': true }
# - { 'id': 'generic-worker-3', 'name': 'matrix-synapse-worker-generic-3', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18114, 'metrics_port': 19114, 'webserving': true }
# - { 'id': 'generic-worker-4', 'name': 'matrix-synapse-worker-generic-4', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18115, 'metrics_port': 19115, 'webserving': true }
# - { 'id': 'generic-worker-5', 'name': 'matrix-synapse-worker-generic-5', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18116, 'metrics_port': 19116, 'webserving': true }
# - { 'id': 'stream-writer-0-events', 'name': 'matrix-synapse-worker-stream-writer-0-events', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'events', 'port': 0, 'replication_port': 25011, metrics_port: 19111, 'webserving': false }
# - { 'id': 'stream-writer-1-typing', 'name': 'matrix-synapse-worker-stream-writer-1-typing', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'typing', 'port': 20012, 'replication_port': 25012, metrics_port: 19112, 'webserving': true }
# - { 'id': 'pusher-0', 'name': 'matrix-synapse-worker-pusher-0', 'type': 'pusher', 'app': 'pusher', 'port': 0, 'metrics_port': 19200, 'webserving': false }
# - { 'id': 'appservice-0', 'name': 'matrix-synapse-worker-appservice-0', 'type': 'appservice', 'port': 0, 'metrics_port': 19300, 'webserving': false }
# - { 'id': 'federation-sender-0', 'name': 'matrix-synapse-worker-federation-sender-0', 'type': 'federation_sender', 'port': 0, 'metrics_port': 19400, 'webserving': false }
# - { 'id': 'media-repository-0', 'name': 'matrix-synapse-worker-media-repository-0', 'type': 'media_repository', 'port': 18551, 'metrics_port': 19551, 'webserving': true }
matrix_synapse_workers_enabled_list: []
# matrix_synapse_instance_map holds the instance map used for mapping worker names (for certain generic workers only!) to where they live (host, port which handles replication traffic).
# This is populated automatically based on `matrix_synapse_workers_enabled_list` during runtime, so you're not required to tweak it manually.
matrix_synapse_instance_map: {}
# Redis information
matrix_synapse_redis_enabled: false
matrix_synapse_redis_host: ""
matrix_synapse_redis_port: 6379
matrix_synapse_redis_password: ""
# Controls whether Synapse starts a replication listener necessary for workers.
#
# If Redis is available, we prefer to use that, instead of talking over Synapse's custom replication protocol.
#
# matrix_synapse_replication_listener_enabled: "{{ matrix_synapse_workers_enabled and not matrix_redis_enabled }}"
# We force-enable this listener for now until we debug why communication via Redis fails.
matrix_synapse_replication_listener_enabled: true
# Port used for communication between main synapse process and workers.
# Only gets used if `matrix_synapse_replication_listener_enabled: true`
matrix_synapse_replication_http_port: 9093
# Send ERROR logs to sentry.io for easier tracking
# To set this up: go to sentry.io, create a python project, and set
# matrix_synapse_sentry_dsn to the URL it gives you.
# See https://github.com/matrix-org/synapse/issues/4632 for important privacy concerns
matrix_synapse_sentry_dsn: ""
# Postgres database information
matrix_synapse_database_txn_limit: 0
matrix_synapse_database_host: ''
matrix_synapse_database_port: 5432
matrix_synapse_database_user: "synapse"
matrix_synapse_database_password: ""
matrix_synapse_database_database: "synapse"
matrix_synapse_turn_uris: []
matrix_synapse_turn_shared_secret: ""
matrix_synapse_turn_allow_guests: false
matrix_synapse_email_enabled: false
matrix_synapse_email_smtp_host: ""
matrix_synapse_email_smtp_port: 587
matrix_synapse_email_smtp_user: ""
matrix_synapse_email_smtp_pass: ""
matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"
matrix_synapse_email_invite_client_location: "https://app.element.io"
# Enable this to activate the REST auth password provider module.
# See: https://github.com/ma1uta/matrix-synapse-rest-password-provider
matrix_synapse_ext_password_provider_rest_auth_enabled: false
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/ma1uta/matrix-synapse-rest-password-provider/ed377fb70513c2e51b42055eb364195af1ccaf33/rest_auth_provider.py"
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
# Enable this to activate the Shared Secret Auth password provider module.
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py"
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true
# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605
matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false
matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml | from_yaml }}"
matrix_synapse_ext_password_provider_shared_secret_config_yaml: |
shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret | string | to_json }}
m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled | to_json }}
com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled | to_json }}
# Enable this to activate LDAP password provider
matrix_synapse_ext_password_provider_ldap_enabled: false
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
matrix_synapse_ext_password_provider_ldap_start_tls: true
matrix_synapse_ext_password_provider_ldap_base: ""
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
matrix_synapse_ext_password_provider_ldap_bind_password: ""
matrix_synapse_ext_password_provider_ldap_filter: ""
matrix_synapse_ext_password_provider_ldap_active_directory: false
matrix_synapse_ext_password_provider_ldap_default_domain: ""
# Enable this to activate the Synapse Antispam spam-checker module.
# See: https://github.com/t2bot/synapse-simple-antispam
matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false
matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam"
matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "5ab711971e3a4541a7a40310ff85e17f8262cc05"
matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: []
# Enable this to activate the Mjolnir Antispam spam-checker module.
# See: https://github.com/matrix-org/mjolnir#synapse-module
matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir"
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58"
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true
# Flag messages sent by servers/users in the ban lists as spam. Currently
# this means that spammy messages will appear as empty to users. Default
# false.
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages: false
# Remove users from the user directory search by filtering matrix IDs and
# display names by the entries in the user ban list. Default false.
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false
# The room IDs of the ban lists to honour. Unlike other parts of Mjolnir,
# this list cannot be room aliases or permalinks. This server is expected
# to already be joined to the room - Mjolnir will not automatically join
# these rooms.
# ["!roomid:example.org"]
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
# Enable this to activate the E2EE disabling Synapse module.
# See: https://github.com/digitalentity/matrix_encryption_disabler
matrix_synapse_ext_encryption_disabler_enabled: false
matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/cdc37a07441acb7c2a3288bcb29b376658d5e766/matrix_e2ee_filter.py"
# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list.
# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room.
matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"]
# A list of server domain names for which to deny encryption if the destination room id's domain matches the domain in the list.
# By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver.
# Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them.
matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"]
# Specifies whether the power levels event (setting) provided during room creation should be patched.
# This makes it impossible for anybody (locally or over federation) from enabling room encryption
# for the lifetime of rooms created while this setting is enabled (irreversible).
# Enabling this may have incompatiblity consequences with servers / clients.
# Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler
matrix_synapse_ext_encryption_disabler_patch_power_levels: false
matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml | from_yaml }}"
matrix_synapse_ext_encryption_config_yaml: |
deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of | to_json }}
deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of | to_json }}
patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels | to_json }}
# matrix_synapse_ext_synapse_s3_storage_provider_enabled controls whether to enable https://github.com/matrix-org/synapse-s3-storage-provider
# Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`).
# Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider.
matrix_synapse_ext_synapse_s3_storage_provider_enabled: false
matrix_synapse_ext_synapse_s3_storage_provider_version: 1.1.2
# Controls whether media from this (local) server is stored in s3-storage-provider
matrix_synapse_ext_synapse_s3_storage_provider_store_local: true
# Controls whether media from remote servers is stored in s3-storage-provider
matrix_synapse_ext_synapse_s3_storage_provider_store_remote: true
# Controls whether files are stored to S3 at the same time they are stored on the local filesystem.
# For slightly improved reliability, consider setting this to `true`.
# Even with asynchronous uploading to S3 (`false` value), data loss shouldn't be possible,
# because the local filesystem is a reliable data store anyway.
matrix_synapse_ext_synapse_s3_storage_provider_store_synchronous: false
matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD
matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size: 40
# matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count is a day value (number) for the `s3_media_upload update-db` command.
# It specifies how old files need to have been inactive to be eligible for migration from the local filesystem to the S3 data store.
# By default, we use `0` which says "all files are eligible for migration".
matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0
matrix_s3_media_store_enabled: false
matrix_s3_media_store_custom_endpoint_enabled: false
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}"
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
matrix_s3_media_store_bucket_name: "your-bucket-name"
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
matrix_s3_media_store_region: "eu-central-1"
matrix_s3_media_store_path: "{{ matrix_synapse_media_store_path }}"
# Controls whether the self-check feature should validate SSL certificates.
matrix_synapse_self_check_validate_certificates: true
# Controls whether searching the public room list is enabled.
matrix_synapse_enable_room_list_search: true
# Controls who's allowed to create aliases on this server.
matrix_synapse_alias_creation_rules:
- user_id: "*"
alias: "*"
room_id: "*"
action: allow
# Controls who can publish and which rooms can be published in the public room list.
matrix_synapse_room_list_publication_rules:
- user_id: "*"
alias: "*"
room_id: "*"
action: allow
matrix_synapse_default_room_version: "9"
# Controls the Synapse `spam_checker` setting.
#
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
# If not, you can also control its value manually.
matrix_synapse_spam_checker: []
# Controls the Synapse `modules` list.
# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2`
# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime.
matrix_synapse_modules: []
# matrix_synapse_media_storage_providers contains the Synapse `media_storage_providers` configuration setting.
# To add your own custom `media_storage_providers`, use `matrix_synapse_media_storage_providers_custom`.
matrix_synapse_media_storage_providers: "{{ matrix_synapse_media_storage_providers_auto + matrix_synapse_media_storage_providers_custom }}"
# matrix_synapse_media_storage_providers_auto contains a list of storage providers that are added by the playbook based on other configuration
matrix_synapse_media_storage_providers_auto: |
{{
[]
+
[
lookup('ansible.builtin.template', role_path + '/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2') | from_yaml
] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else []
}}
# matrix_synapse_media_storage_providers_custom contains your own custom list of storage providers.
# You're meant to define each custom module as valid keys and values, not as a YAML string that needs to be parsed.
#
# Example:
# matrix_synapse_media_storage_providers_custom:
# - module: module.SomeModule
# store_local: True
# # ...
matrix_synapse_media_storage_providers_custom: []
matrix_synapse_encryption_enabled_by_default_for_room_type: "off"
matrix_synapse_trusted_key_servers:
- server_name: "matrix.org"
matrix_synapse_redaction_retention_period: 7d
matrix_synapse_user_ips_max_age: 28d
matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest"
matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"
matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state"
# Default Synapse configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_synapse_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_synapse_configuration_yaml: "{{ lookup('template', 'templates/synapse/homeserver.yaml.j2') }}"
matrix_synapse_configuration_extension_yaml: |
# Your custom YAML configuration for Synapse goes here.
# This configuration extends the default starting configuration (`matrix_synapse_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_synapse_configuration_yaml`.
#
# Example configuration extension follows:
#
# server_notices:
# system_mxid_localpart: notices
# system_mxid_display_name: "Server Notices"
# system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
# room_name: "Server Notices"
matrix_synapse_configuration_extension: "{{ matrix_synapse_configuration_extension_yaml | from_yaml if matrix_synapse_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final Synapse configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_synapse_configuration_yaml`.
matrix_synapse_configuration: "{{ matrix_synapse_configuration_yaml | from_yaml | combine(matrix_synapse_configuration_extension, recursive=True) }}"