2019-05-14 16:47:22 +02:00
# Synapse is a Matrix homeserver
# See: https://github.com/matrix-org/synapse
matrix_synapse_enabled : true
2020-03-15 09:10:41 +01:00
2020-03-15 09:15:27 +01:00
matrix_synapse_container_image_self_build : false
2019-05-14 16:47:22 +02:00
2020-07-02 17:38:25 +02:00
matrix_synapse_docker_image : "matrixdotorg/synapse:v1.15.2"
2019-06-10 13:23:51 +02:00
matrix_synapse_docker_image_force_pull : "{{ matrix_synapse_docker_image.endswith(':latest') }}"
2019-01-12 16:53:00 +01:00
matrix_synapse_base_path : "{{ matrix_base_data_path }}/synapse"
2020-03-08 00:28:14 +01:00
matrix_synapse_docker_src_files_path : "{{ matrix_synapse_base_path }}/docker-src"
2019-01-12 16:53:00 +01:00
matrix_synapse_config_dir_path : "{{ matrix_synapse_base_path }}/config"
matrix_synapse_storage_path : "{{ matrix_synapse_base_path }}/storage"
matrix_synapse_media_store_path : "{{ matrix_synapse_storage_path }}/media-store"
matrix_synapse_ext_path : "{{ matrix_synapse_base_path }}/ext"
2019-05-25 00:41:04 +02:00
# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
matrix_synapse_container_client_api_host_bind_port : ''
# Controls whether the matrix-synapse container exposes the plain (unencrypted) Server/Server (Federation) API port (tcp/8048 in the container).
#
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.
matrix_synapse_container_federation_api_plain_host_bind_port : ''
# Controls whether the matrix-synapse container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container).
#
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled)
# and TLS support is enabled (matrix_synapse_tls_federation_listener_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose.
matrix_synapse_container_federation_api_tls_host_bind_port : ''
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100 in the container).
#
# Takes effect only if metrics are enabled (matrix_synapse_metrics_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
matrix_synapse_container_metrics_api_host_bind_port : ''
2019-01-30 19:31:50 +01:00
2019-12-05 07:07:15 +01:00
# Controls whether the matrix-synapse container exposes the manhole port (tcp/9000 in the container).
#
# Takes effect only if the manhole is enabled (matrix_synapse_manhole_enabled).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
matrix_synapse_container_manhole_api_host_bind_port : ''
2019-04-30 16:35:18 +02:00
# A list of extra arguments to pass to the container
matrix_synapse_container_extra_arguments : [ ]
2019-01-16 17:05:48 +01:00
# List of systemd services that matrix-synapse.service depends on
matrix_synapse_systemd_required_services_list : [ 'docker.service' ]
# List of systemd services that matrix-synapse.service wants
matrix_synapse_systemd_wanted_services_list : [ ]
2019-01-12 16:53:00 +01:00
2019-07-04 16:28:38 +02:00
matrix_synapse_in_container_python_packages_path : "/usr/local/lib/python3.7/site-packages"
2019-01-12 16:53:00 +01:00
# Specifies which template files to use when configuring Synapse.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
# and then change the specific host's `vars.yaml` file like this:
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
matrix_synapse_template_synapse_homeserver : "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
matrix_synapse_template_synapse_log : "{{ role_path }}/templates/synapse/synapse.log.config.j2"
matrix_synapse_macaroon_secret_key : ""
matrix_synapse_registration_shared_secret : "{{ matrix_synapse_macaroon_secret_key }}"
2019-08-08 11:53:07 +02:00
matrix_synapse_allow_guest_access : false
2019-01-12 16:53:00 +01:00
matrix_synapse_form_secret : "{{ matrix_synapse_macaroon_secret_key }}"
2019-08-08 17:30:54 +02:00
matrix_synapse_id_servers_public : [ 'matrix.org' , 'vector.im' ]
2019-01-16 17:05:48 +01:00
# The list of identity servers to use for Synapse.
# We assume this role runs standalone without a local Identity server, so we point Synapse to public ones.
# This most likely gets overwritten later, so that a local Identity server is used.
matrix_synapse_trusted_third_party_id_servers : "{{ matrix_synapse_id_servers_public }}"
2019-01-12 16:53:00 +01:00
matrix_synapse_max_upload_size_mb : 10
2019-01-29 17:52:02 +01:00
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
matrix_synapse_tmp_directory_size_mb : "{{ matrix_synapse_max_upload_size_mb * 50 }}"
2019-01-12 16:53:00 +01:00
# Log levels
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
# warning: setting log level to DEBUG will make synapse log sensitive information such
2019-11-10 07:35:17 +01:00
# as access tokens.
#
# Increasing verbosity may lead to an excessive amount of log messages being generated,
# some of which may get dropped by systemd-journald on certain distributions (like CentOS 7).
# You can work around it by adding `RateLimitInterval=0` and `RateLimitBurst=0` under `[Storage]` in
# `/etc/systemd/journald.conf` and restarting the logging service (`systemctl restart systemd-journald`).
2019-08-03 06:47:00 +02:00
matrix_synapse_log_level : "WARNING"
matrix_synapse_storage_sql_log_level : "WARNING"
matrix_synapse_root_log_level : "WARNING"
2019-01-12 16:53:00 +01:00
# Rate limits
2019-05-23 02:23:04 +02:00
matrix_synapse_rc_message :
per_second : 0.2
burst_count : 10
2019-01-12 16:53:00 +01:00
2019-04-01 20:40:14 +02:00
matrix_synapse_rc_registration :
per_second : 0.17
burst_count : 3
matrix_synapse_rc_login :
address :
per_second : 0.17
burst_count : 3
account :
per_second : 0.17
burst_count : 3
failed_attempts :
per_second : 0.17
burst_count : 3
2019-05-23 02:23:04 +02:00
matrix_synapse_rc_federation :
window_size : 1000
sleep_limit : 10
sleep_delay : 500
reject_limit : 50
concurrent : 3
2019-04-01 20:40:14 +02:00
matrix_synapse_federation_rr_transactions_per_room_per_second : 50
2019-02-05 10:07:08 +01:00
# Controls whether the TLS federation listener is enabled (tcp/8448).
2019-02-14 17:40:55 +01:00
# Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`).
2019-02-13 13:07:16 +01:00
# Note that federation may potentially be enabled as non-TLS on tcp/8048 as well.
2019-02-14 17:40:55 +01:00
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
matrix_synapse_tls_federation_listener_enabled : true
2019-02-28 10:51:09 +01:00
matrix_synapse_tls_certificate_path : "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
matrix_synapse_tls_private_key_path : "/data/{{ matrix_server_fqn_matrix }}.tls.key"
2019-02-05 10:07:08 +01:00
2020-04-22 19:01:56 +02:00
# Resource names used by the unsecure HTTP listener. Here only the Client API
# is defined, see the homeserver config for a full list of valid resource
# names.
matrix_synapse_http_listener_resource_names : [ "client" ]
2019-01-12 16:53:00 +01:00
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
# (things like number of users, number of messages sent, uptime, load, etc.)
matrix_synapse_report_stats : false
# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
# If users participate in large rooms with many other servers,
# disabling this will decrease server load significantly.
matrix_synapse_use_presence : true
2019-11-10 07:48:42 +01:00
# Controls whether accessing the server's public rooms directory can be done without authentication.
# For private servers, you most likely wish to require authentication,
# unless you know what list of rooms you're publishing to the world and explicitly want to do it.
matrix_synapse_allow_public_rooms_without_auth : false
# Controls whether remote servers can fetch this server's public rooms directory via federation.
# For private servers, you most likely wish to forbid it.
matrix_synapse_allow_public_rooms_over_federation : false
2019-01-12 16:53:00 +01:00
# Controls whether people with access to the homeserver can register by themselves.
matrix_synapse_enable_registration : false
2020-07-04 01:33:25 +02:00
# reCAPTCHA API for validating registration attempts
matrix_synapse_enable_registration_captcha : false
matrix_synapse_recaptcha_public_key : ''
matrix_synapse_recaptcha_private_key : ''
2020-02-18 18:02:24 +01:00
# Allows non-server-admin users to create groups on this server
matrix_synapse_enable_group_creation : false
2019-05-08 19:29:18 +02:00
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
matrix_synapse_registrations_require_3pid : [ ]
2020-04-18 01:11:30 +02:00
# A list of patterns 3pids must match in order to permit registration, e.g.:
# - medium: email
# pattern: '.*@example\.com'
# - medium: msisdn
# pattern: '\+44'
matrix_synapse_allowed_local_3pids : [ ]
2020-04-03 09:08:37 +02:00
# The server to use for email threepid validation. When empty, Synapse does it by itself.
# Otherwise, this should be pointed to an identity server.
matrix_synapse_account_threepid_delegates_email : ''
# The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it.
# To make it work, this should be pointed to an identity server.
matrix_synapse_account_threepid_delegates_msisdn : ''
2019-01-12 16:53:00 +01:00
# Users who register on this homeserver will automatically be joined to these rooms.
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
matrix_synapse_auto_join_rooms : [ ]
# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created
# automatically if they don't already exist.
matrix_synapse_autocreate_auto_join_rooms : true
2019-04-23 09:20:56 +02:00
# Controls password-peppering for Synapse. Not to be changed after initial setup.
2019-01-12 16:53:00 +01:00
matrix_synapse_password_config_pepper : ""
2019-07-04 16:11:51 +02:00
# Controls if Synapse allows people to authenticate against its local database.
# It may be useful to disable this if you've configured additional password providers
# and only wish authentication to happen through them.
2019-07-04 16:27:20 +02:00
matrix_synapse_password_config_localdb_enabled : true
2019-07-04 16:11:51 +02:00
2019-04-23 09:20:56 +02:00
# Controls the number of events that Synapse caches in memory.
2019-01-12 16:53:00 +01:00
matrix_synapse_event_cache_size : "100K"
2020-05-28 14:23:05 +02:00
# Controls cache sizes for Synapse.
2019-01-12 16:53:00 +01:00
# Raise this to increase cache sizes or lower it to potentially lower memory use.
# To learn more, see:
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
# - https://github.com/matrix-org/synapse/issues/3939
2020-05-28 14:23:05 +02:00
matrix_synapse_caches_global_factor : 0.5
2019-01-12 16:53:00 +01:00
2019-04-23 09:20:56 +02:00
# Controls whether Synapse will federate at all.
2019-01-12 16:53:00 +01:00
# Disable this to completely isolate your server from the rest of the Matrix network.
2019-02-05 10:07:08 +01:00
# Also see: `matrix_synapse_tls_federation_listener_enabled` if you wish to keep federation enabled,
# but want to stop the TLS listener (port 8448).
2019-01-12 16:53:00 +01:00
matrix_synapse_federation_enabled : true
2019-04-23 09:20:56 +02:00
# A list of domain names that are allowed to federate with the given Synapse server.
2019-01-12 16:53:00 +01:00
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
matrix_synapse_federation_domain_whitelist : ~
# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
2019-05-29 08:59:50 +02:00
#
# Note: internally, this uses the `-v` flag for mounting the specified volumes.
# It's better (safer) to use the `--mount` flag for mounting volumes.
2019-12-31 10:25:09 +01:00
# To use `--mount`, specify it in `matrix_synapse_container_extra_arguments`.
2019-05-29 08:59:50 +02:00
# Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
2019-01-12 16:53:00 +01:00
matrix_synapse_container_additional_volumes : [ ]
# A list of additional loggers to register in synapse.log.config.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
matrix_synapse_additional_loggers : [ ]
2019-05-21 04:25:32 +02:00
# A list of appservice config files (in-container filesystem paths).
2019-01-12 16:53:00 +01:00
# This list gets populated dynamically based on Synapse extensions that have been enabled.
2019-05-29 08:59:50 +02:00
# You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.
2019-01-12 16:53:00 +01:00
matrix_synapse_app_service_config_files : [ ]
# This is set dynamically during execution depending on whether
# any password providers have been enabled or not.
matrix_synapse_password_providers_enabled : false
2019-03-16 07:16:20 +01:00
# Whether clients can request to include message content in push notifications
# sent through third party servers. Setting this to false requires mobile clients
# to load message content directly from the homeserver.
matrix_synapse_push_include_content : true
2019-04-30 11:55:31 +02:00
# If url previews should be generated. This will cause a request from Synapse to
# URLs shared by users.
matrix_synapse_url_preview_enabled : true
2019-01-30 19:31:50 +01:00
# Enable exposure of metrics to Prometheus
2019-12-05 07:07:15 +01:00
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
2019-01-30 19:31:50 +01:00
matrix_synapse_metrics_enabled : false
matrix_synapse_metrics_port : 9100
2019-12-05 07:07:15 +01:00
# Enable the Synapse manhole
# See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md
matrix_synapse_manhole_enabled : false
2019-06-07 23:02:41 +02:00
# Send ERROR logs to sentry.io for easier tracking
# To set this up: go to sentry.io, create a python project, and set
# matrix_synapse_sentry_dsn to the URL it gives you.
# See https://github.com/matrix-org/synapse/issues/4632 for important privacy concerns
matrix_synapse_sentry_dsn : ""
2019-01-16 17:05:48 +01:00
# Postgres database information
matrix_synapse_database_host : ""
matrix_synapse_database_user : ""
matrix_synapse_database_password : ""
matrix_synapse_database_database : ""
matrix_synapse_turn_uris : [ ]
matrix_synapse_turn_shared_secret : ""
2019-08-08 11:53:07 +02:00
matrix_synapse_turn_allow_guests : False
2019-01-16 17:05:48 +01:00
matrix_synapse_email_enabled : false
matrix_synapse_email_smtp_host : ""
matrix_synapse_email_smtp_port : 587
matrix_synapse_email_smtp_require_transport_security : false
2019-02-28 10:51:09 +01:00
matrix_synapse_email_notif_from : "Matrix <matrix@{{ matrix_domain }}>"
2020-01-23 14:47:53 +01:00
matrix_synapse_email_client_base_url : "https://{{ matrix_server_fqn_riot }}"
2019-01-16 17:05:48 +01:00
2019-01-12 16:53:00 +01:00
# Enable this to activate the REST auth password provider module.
2020-01-25 09:23:59 +01:00
# See: https://github.com/ma1uta/matrix-synapse-rest-password-provider
2019-01-12 16:53:00 +01:00
matrix_synapse_ext_password_provider_rest_auth_enabled : false
2020-01-27 11:22:36 +01:00
matrix_synapse_ext_password_provider_rest_auth_download_url : "https://raw.githubusercontent.com/ma1uta/matrix-synapse-rest-password-provider/ed377fb70513c2e51b42055eb364195af1ccaf33/rest_auth_provider.py"
2019-01-12 16:53:00 +01:00
matrix_synapse_ext_password_provider_rest_auth_endpoint : ""
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase : false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill : true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill : false
# Enable this to activate the Shared Secret Auth password provider module.
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled : false
2020-06-08 08:27:31 +02:00
matrix_synapse_ext_password_provider_shared_secret_auth_download_url : "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
2019-01-12 16:53:00 +01:00
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret : ""
# Enable this to activate LDAP password provider
matrix_synapse_ext_password_provider_ldap_enabled : false
matrix_synapse_ext_password_provider_ldap_uri : "ldap://ldap.mydomain.tld:389"
matrix_synapse_ext_password_provider_ldap_start_tls : true
matrix_synapse_ext_password_provider_ldap_base : ""
matrix_synapse_ext_password_provider_ldap_attributes_uid : "uid"
matrix_synapse_ext_password_provider_ldap_attributes_mail : "mail"
matrix_synapse_ext_password_provider_ldap_attributes_name : "cn"
matrix_synapse_ext_password_provider_ldap_bind_dn : ""
matrix_synapse_ext_password_provider_ldap_bind_password : ""
matrix_synapse_ext_password_provider_ldap_filter : ""
2019-09-09 07:13:06 +02:00
# Enable this to activate the Synapse Antispam spam-checker module.
# See: https://github.com/t2bot/synapse-simple-antispam
matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled : false
matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url : "https://github.com/t2bot/synapse-simple-antispam"
matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version : "f058d9ce2c7d4195ae461dcdd02df11a2d06a36b"
matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers : [ ]
2019-01-12 16:53:00 +01:00
matrix_s3_media_store_enabled : false
2019-04-05 11:33:38 +02:00
matrix_s3_media_store_custom_endpoint_enabled : false
2019-01-12 16:53:00 +01:00
matrix_s3_goofys_docker_image : "ewoutp/goofys:latest"
2019-06-10 13:23:51 +02:00
matrix_s3_goofys_docker_image_force_pull : "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}"
2019-04-05 11:33:38 +02:00
matrix_s3_media_store_custom_endpoint : "your-custom-endpoint"
2019-01-12 16:53:00 +01:00
matrix_s3_media_store_bucket_name : "your-bucket-name"
matrix_s3_media_store_aws_access_key : "your-aws-access-key"
matrix_s3_media_store_aws_secret_key : "your-aws-secret-key"
matrix_s3_media_store_region : "eu-central-1"
2019-03-22 08:39:17 +01:00
# Controls whether the self-check feature should validate SSL certificates.
matrix_synapse_self_check_validate_certificates : true
2019-01-12 16:53:00 +01:00
2019-04-16 11:40:38 +02:00
# Controls whether searching the public room list is enabled.
2019-05-21 05:09:38 +02:00
matrix_synapse_enable_room_list_search : true
2019-04-16 11:40:38 +02:00
# Controls who's allowed to create aliases on this server.
2019-05-21 05:09:38 +02:00
matrix_synapse_alias_creation_rules :
2019-04-16 11:40:38 +02:00
- user_id : "*"
alias : "*"
room_id : "*"
action : allow
# Controls who can publish and which rooms can be published in the public room list.
2019-05-21 05:09:38 +02:00
matrix_synapse_room_list_publication_rules :
2019-04-16 11:40:38 +02:00
- user_id : "*"
alias : "*"
room_id : "*"
action : allow
2019-06-12 04:18:06 +02:00
2019-11-26 15:28:17 +01:00
matrix_synapse_default_room_version : "5"
2019-08-22 08:49:22 +02:00
2019-09-09 07:11:32 +02:00
# Controls the Synapse `spam_checker` setting.
#
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
# If not, you can also control its value manually.
2020-05-28 14:23:05 +02:00
matrix_synapse_spam_checker : [ ]
2019-09-09 07:11:32 +02:00
2019-10-03 04:35:44 +02:00
matrix_synapse_trusted_key_servers :
- server_name : "matrix.org"
matrix_synapse_redaction_retention_period : 7d
matrix_synapse_user_ips_max_age : 28d
2019-08-22 08:49:22 +02:00
# Default Synapse configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_synapse_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_synapse_configuration_yaml : "{{ lookup('template', 'templates/synapse/homeserver.yaml.j2') }}"
matrix_synapse_configuration_extension_yaml : |
# Your custom YAML configuration for Synapse goes here.
# This configuration extends the default starting configuration (`matrix_synapse_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_synapse_configuration_yaml`.
#
# Example configuration extension follows:
#
# server_notices:
# system_mxid_localpart: notices
# system_mxid_display_name: "Server Notices"
# system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
# room_name: "Server Notices"
matrix_synapse_configuration_extension : "{{ matrix_synapse_configuration_extension_yaml|from_yaml if matrix_synapse_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final Synapse configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_synapse_configuration_yaml`.
matrix_synapse_configuration : "{{ matrix_synapse_configuration_yaml|from_yaml|combine(matrix_synapse_configuration_extension, recursive=True) }}"