· 6 years ago · Nov 11, 2019, 09:52 AM
1# The config is maintained as an up-to-date snapshot of the default
2# homeserver.yaml configuration generated by Synapse.
3#
4# It is intended to act as a reference for the default configuration,
5# helping admins keep track of new options and other changes, and compare
6# their configs with the current default. As such, many of the actual
7# config values shown are placeholders.
8#
9# It is *not* intended to be copied and used as the basis for a real
10# homeserver.yaml. Instead, if you are starting from scratch, please generate
11# a fresh config using Synapse by following the instructions in INSTALL.md.
12
13## Server ##
14
15# The domain name of the server, with optional explicit port.
16# This is used by remote servers to connect to this server,
17# e.g. matrix.org, localhost:8080, etc.
18# This is also the last part of your UserID.
19#
20server_name: "chatcloud.net"
21
22# When running as a daemon, the file to store the pid in
23#
24pid_file: "/var/run/matrix-synapse.pid"
25
26# The path to the web client which will be served at /_matrix/client/
27# if 'webclient' is configured under the 'listeners' configuration.
28#
29#web_client_location: "/path/to/web/root"
30
31# The public-facing base URL that clients use to access this HS
32# (not including _matrix/...). This is the same URL a user would
33# enter into the 'custom HS URL' field on their client. If you
34# use synapse with a reverse proxy, this should be the URL to reach
35# synapse via the proxy.
36#
37public_baseurl: https://matrix.chatcloud.net/
38
39# Set the soft limit on the number of file descriptors synapse can use
40# Zero is used to indicate synapse should set the soft limit to the
41# hard limit.
42#
43#soft_file_limit: 0
44
45# Set to false to disable presence tracking on this homeserver.
46#
47use_presence: false
48
49# Whether to require authentication to retrieve profile data (avatars,
50# display names) of other users through the client API. Defaults to
51# 'false'. Note that profile data is also available via the federation
52# API, so this setting is of limited value if federation is enabled on
53# the server.
54#
55#require_auth_for_profile_requests: true
56
57# If set to 'false', requires authentication to access the server's public rooms
58# directory through the client API. Defaults to 'true'.
59#
60allow_public_rooms_without_auth: false
61
62# If set to 'false', forbids any other homeserver to fetch the server's public
63# rooms directory via federation. Defaults to 'true'.
64#
65#allow_public_rooms_over_federation: false
66
67# The default room version for newly created rooms.
68#
69# Known room versions are listed here:
70# https://matrix.org/docs/spec/#complete-list-of-room-versions
71#
72# For example, for room version 1, default_room_version should be set
73# to "1".
74#
75default_room_version: "5"
76
77# The GC threshold parameters to pass to `gc.set_threshold`, if defined
78#
79#gc_thresholds: [700, 10, 10]
80
81# Set the limit on the returned events in the timeline in the get
82# and sync operations. The default value is -1, means no upper limit.
83#
84#filter_timeline_limit: 5000
85
86# Whether room invites to users on this server should be blocked
87# (except those sent by local server admins). The default is False.
88#
89#block_non_admin_invites: true
90
91# Room searching
92#
93# If disabled, new messages will not be indexed for searching and users
94# will receive errors when searching for messages. Defaults to enabled.
95#
96#enable_search: false
97
98# Restrict federation to the following whitelist of domains.
99# N.B. we recommend also firewalling your federation listener to limit
100# inbound federation traffic as early as possible, rather than relying
101# purely on this application-layer restriction. If not specified, the
102# default is to whitelist everything.
103#
104federation_domain_whitelist:
105 - chatcloud.net
106# - nyc.example.com
107# - syd.example.com
108
109# Prevent federation requests from being sent to the following
110# blacklist IP address CIDR ranges. If this option is not specified, or
111# specified with an empty list, no ip range blacklist will be enforced.
112#
113# As of Synapse v1.4.0 this option also affects any outbound requests to identity
114# servers provided by user input.
115#
116# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
117# listed here, since they correspond to unroutable addresses.)
118#
119federation_ip_range_blacklist:
120 - '127.0.0.0/8'
121 - '10.0.0.0/8'
122 - '172.16.0.0/12'
123 - '192.168.0.0/16'
124 - '100.64.0.0/10'
125 - '169.254.0.0/16'
126 - '::1/128'
127 - 'fe80::/64'
128 - 'fc00::/7'
129
130# List of ports that Synapse should listen on, their purpose and their
131# configuration.
132#
133# Options for each listener include:
134#
135# port: the TCP port to bind to
136#
137# bind_addresses: a list of local addresses to listen on. The default is
138# 'all local interfaces'.
139#
140# type: the type of listener. Normally 'http', but other valid options are:
141# 'manhole' (see docs/manhole.md),
142# 'metrics' (see docs/metrics-howto.md),
143# 'replication' (see docs/workers.md).
144#
145# tls: set to true to enable TLS for this listener. Will use the TLS
146# key/cert specified in tls_private_key_path / tls_certificate_path.
147#
148# x_forwarded: Only valid for an 'http' listener. Set to true to use the
149# X-Forwarded-For header as the client IP. Useful when Synapse is
150# behind a reverse-proxy.
151#
152# resources: Only valid for an 'http' listener. A list of resources to host
153# on this port. Options for each resource are:
154#
155# names: a list of names of HTTP resources. See below for a list of
156# valid resource names.
157#
158# compress: set to true to enable HTTP comression for this resource.
159#
160# additional_resources: Only valid for an 'http' listener. A map of
161# additional endpoints which should be loaded via dynamic modules.
162#
163# Valid resource names are:
164#
165# client: the client-server API (/_matrix/client), and the synapse admin
166# API (/_synapse/admin). Also implies 'media' and 'static'.
167#
168# consent: user consent forms (/_matrix/consent). See
169# docs/consent_tracking.md.
170#
171# federation: the server-server API (/_matrix/federation). Also implies
172# 'media', 'keys', 'openid'
173#
174# keys: the key discovery API (/_matrix/keys).
175#
176# media: the media API (/_matrix/media).
177#
178# metrics: the metrics interface. See docs/metrics-howto.md.
179#
180# openid: OpenID authentication.
181#
182# replication: the HTTP replication API (/_synapse/replication). See
183# docs/workers.md.
184#
185# static: static resources under synapse/static (/_matrix/static). (Mostly
186# useful for 'fallback authentication'.)
187#
188# webclient: A web client. Requires web_client_location to be set.
189#
190listeners:
191 # TLS-enabled listener: for when matrix traffic is sent directly to synapse.
192 #
193 # Disabled by default. To enable it, uncomment the following. (Note that you
194 # will also need to give Synapse a TLS key and certificate: see the TLS section
195 # below.)
196 #
197 #- port: 8448
198 # type: http
199 # tls: true
200 # resources:
201 # - names: [client, federation]
202
203 # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
204 # that unwraps TLS.
205 #
206 # If you plan to use a reverse proxy, please see
207 # https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md.
208 #
209 - port: 8008
210 tls: false
211 type: http
212 x_forwarded: true
213 bind_addresses: ['::1', '127.0.0.1']
214
215 resources:
216 - names: [client, federation]
217 compress: false
218
219 # example additional_resources:
220 #
221 #additional_resources:
222 # "/_matrix/my/custom/endpoint":
223 # module: my_module.CustomRequestHandler
224 # config: {}
225
226 # Turn on the twisted ssh manhole service on localhost on the given
227 # port.
228 #
229 #- port: 9000
230 # bind_addresses: ['::1', '127.0.0.1']
231 # type: manhole
232
233
234## Homeserver blocking ##
235
236# How to reach the server admin, used in ResourceLimitError
237#
238admin_contact: 'mailto:ceo@chatcloud.net'
239
240# Global blocking
241#
242#hs_disabled: false
243#hs_disabled_message: 'Human readable reason for why the HS is blocked'
244
245# Monthly Active User Blocking
246#
247# Used in cases where the admin or server owner wants to limit to the
248# number of monthly active users.
249#
250# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
251# anabled and a limit is reached the server returns a 'ResourceLimitError'
252# with error type Codes.RESOURCE_LIMIT_EXCEEDED
253#
254# 'max_mau_value' is the hard limit of monthly active users above which
255# the server will start blocking user actions.
256#
257# 'mau_trial_days' is a means to add a grace period for active users. It
258# means that users must be active for this number of days before they
259# can be considered active and guards against the case where lots of users
260# sign up in a short space of time never to return after their initial
261# session.
262#
263# 'mau_limit_alerting' is a means of limiting client side alerting
264# should the mau limit be reached. This is useful for small instances
265# where the admin has 5 mau seats (say) for 5 specific people and no
266# interest increasing the mau limit further. Defaults to True, which
267# means that alerting is enabled
268#
269#limit_usage_by_mau: false
270#max_mau_value: 50
271#mau_trial_days: 2
272#mau_limit_alerting: false
273
274# If enabled, the metrics for the number of monthly active users will
275# be populated, however no one will be limited. If limit_usage_by_mau
276# is true, this is implied to be true.
277#
278#mau_stats_only: false
279
280# Sometimes the server admin will want to ensure certain accounts are
281# never blocked by mau checking. These accounts are specified here.
282#
283#mau_limit_reserved_threepids:
284# - medium: 'email'
285# address: 'reserved_user@example.com'
286
287# Used by phonehome stats to group together related servers.
288#server_context: context
289
290# Resource-constrained Homeserver Settings
291#
292# If limit_remote_rooms.enabled is True, the room complexity will be
293# checked before a user joins a new remote room. If it is above
294# limit_remote_rooms.complexity, it will disallow joining or
295# instantly leave.
296#
297# limit_remote_rooms.complexity_error can be set to customise the text
298# displayed to the user when a room above the complexity threshold has
299# its join cancelled.
300#
301# Uncomment the below lines to enable:
302#limit_remote_rooms:
303# enabled: true
304# complexity: 1.0
305# complexity_error: "This room is too complex."
306
307# Whether to require a user to be in the room to add an alias to it.
308# Defaults to 'true'.
309#
310#require_membership_for_aliases: false
311
312# Whether to allow per-room membership profiles through the send of membership
313# events with profile information that differ from the target's global profile.
314# Defaults to 'true'.
315#
316allow_per_room_profiles: false
317
318# How long to keep redacted events in unredacted form in the database. After
319# this period redacted events get replaced with their redacted form in the DB.
320#
321# Defaults to `7d`. Set to `null` to disable.
322#
323#redaction_retention_period: 28d
324
325# How long to track users' last seen time and IPs in the database.
326#
327# Defaults to `28d`. Set to `null` to disable clearing out of old rows.
328#
329#user_ips_max_age: 14d
330
331
332## TLS ##
333
334# PEM-encoded X509 certificate for TLS.
335# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
336# certificate, signed by a recognised Certificate Authority.
337#
338# See 'ACME support' below to enable auto-provisioning this certificate via
339# Let's Encrypt.
340#
341# If supplying your own, be sure to use a `.pem` file that includes the
342# full certificate chain including any intermediate certificates (for
343# instance, if using certbot, use `fullchain.pem` as your certificate,
344# not `cert.pem`).
345#
346#tls_certificate_path: "CONFDIR/SERVERNAME.tls.crt"
347
348# PEM-encoded private key for TLS
349#
350#tls_private_key_path: "CONFDIR/SERVERNAME.tls.key"
351
352# Whether to verify TLS server certificates for outbound federation requests.
353#
354# Defaults to `true`. To disable certificate verification, uncomment the
355# following line.
356#
357#federation_verify_certificates: false
358
359# The minimum TLS version that will be used for outbound federation requests.
360#
361# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
362# that setting this value higher than `1.2` will prevent federation to most
363# of the public Matrix network: only configure it to `1.3` if you have an
364# entirely private federation setup and you can ensure TLS 1.3 support.
365#
366#federation_client_minimum_tls_version: 1.2
367
368# Skip federation certificate verification on the following whitelist
369# of domains.
370#
371# This setting should only be used in very specific cases, such as
372# federation over Tor hidden services and similar. For private networks
373# of homeservers, you likely want to use a private CA instead.
374#
375# Only effective if federation_verify_certicates is `true`.
376#
377#federation_certificate_verification_whitelist:
378# - lon.example.com
379# - *.domain.com
380# - *.onion
381
382# List of custom certificate authorities for federation traffic.
383#
384# This setting should only normally be used within a private network of
385# homeservers.
386#
387# Note that this list will replace those that are provided by your
388# operating environment. Certificates must be in PEM format.
389#
390#federation_custom_ca_list:
391# - myCA1.pem
392# - myCA2.pem
393# - myCA3.pem
394
395# ACME support: This will configure Synapse to request a valid TLS certificate
396# for your configured `server_name` via Let's Encrypt.
397#
398# Note that provisioning a certificate in this way requires port 80 to be
399# routed to Synapse so that it can complete the http-01 ACME challenge.
400# By default, if you enable ACME support, Synapse will attempt to listen on
401# port 80 for incoming http-01 challenges - however, this will likely fail
402# with 'Permission denied' or a similar error.
403#
404# There are a couple of potential solutions to this:
405#
406# * If you already have an Apache, Nginx, or similar listening on port 80,
407# you can configure Synapse to use an alternate port, and have your web
408# server forward the requests. For example, assuming you set 'port: 8009'
409# below, on Apache, you would write:
410#
411# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
412#
413# * Alternatively, you can use something like `authbind` to give Synapse
414# permission to listen on port 80.
415#
416acme:
417 # ACME support is disabled by default. Set this to `true` and uncomment
418 # tls_certificate_path and tls_private_key_path above to enable it.
419 #
420 enabled: false
421
422 # Endpoint to use to request certificates. If you only want to test,
423 # use Let's Encrypt's staging url:
424 # https://acme-staging.api.letsencrypt.org/directory
425 #
426 #url: https://acme-v01.api.letsencrypt.org/directory
427
428 # Port number to listen on for the HTTP-01 challenge. Change this if
429 # you are forwarding connections through Apache/Nginx/etc.
430 #
431 port: 80
432
433 # Local addresses to listen on for incoming connections.
434 # Again, you may want to change this if you are forwarding connections
435 # through Apache/Nginx/etc.
436 #
437 bind_addresses: ['::', '0.0.0.0']
438
439 # How many days remaining on a certificate before it is renewed.
440 #
441 reprovision_threshold: 30
442
443 # The domain that the certificate should be for. Normally this
444 # should be the same as your Matrix domain (i.e., 'server_name'), but,
445 # by putting a file at 'https://<server_name>/.well-known/matrix/server',
446 # you can delegate incoming traffic to another server. If you do that,
447 # you should give the target of the delegation here.
448 #
449 # For example: if your 'server_name' is 'example.com', but
450 # 'https://example.com/.well-known/matrix/server' delegates to
451 # 'matrix.example.com', you should put 'matrix.example.com' here.
452 #
453 # If not set, defaults to your 'server_name'.
454 #
455 domain: matrix.chatcloud.net
456
457 # file to use for the account key. This will be generated if it doesn't
458 # exist.
459 #
460 # If unspecified, we will use CONFDIR/client.key.
461 #
462 account_key_file: /var/lib/matrix-synapse/acme_account.key
463
464# List of allowed TLS fingerprints for this server to publish along
465# with the signing keys for this server. Other matrix servers that
466# make HTTPS requests to this server will check that the TLS
467# certificates returned by this server match one of the fingerprints.
468#
469# Synapse automatically adds the fingerprint of its own certificate
470# to the list. So if federation traffic is handled directly by synapse
471# then no modification to the list is required.
472#
473# If synapse is run behind a load balancer that handles the TLS then it
474# will be necessary to add the fingerprints of the certificates used by
475# the loadbalancers to this list if they are different to the one
476# synapse is using.
477#
478# Homeservers are permitted to cache the list of TLS fingerprints
479# returned in the key responses up to the "valid_until_ts" returned in
480# key. It may be necessary to publish the fingerprints of a new
481# certificate and wait until the "valid_until_ts" of the previous key
482# responses have passed before deploying it.
483#
484# You can calculate a fingerprint from a given TLS listener via:
485# openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
486# openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
487# or by checking matrix.org/federationtester/api/report?server_name=$host
488#
489#tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
490
491
492
493## Database ##
494
495database:
496 # The database engine name
497 name: psycopg2
498 # Arguments to pass to the engine
499 args:
500 dbname: matrix
501 user: matrix-synapse
502 host: /run/postgresql
503 application_name: synapse
504
505# Number of events to cache in memory.
506#
507#event_cache_size: 10K
508
509
510## Logging ##
511
512# A yaml python logging config file as described by
513# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
514#
515log_config: "/etc/matrix-synapse/log.yaml"
516
517
518## Ratelimiting ##
519
520# Ratelimiting settings for client actions (registration, login, messaging).
521#
522# Each ratelimiting configuration is made of two parameters:
523# - per_second: number of requests a client can send per second.
524# - burst_count: number of requests a client can send before being throttled.
525#
526# Synapse currently uses the following configurations:
527# - one for messages that ratelimits sending based on the account the client
528# is using
529# - one for registration that ratelimits registration requests based on the
530# client's IP address.
531# - one for login that ratelimits login requests based on the client's IP
532# address.
533# - one for login that ratelimits login requests based on the account the
534# client is attempting to log into.
535# - one for login that ratelimits login requests based on the account the
536# client is attempting to log into, based on the amount of failed login
537# attempts for this account.
538# - one for ratelimiting redactions by room admins. If this is not explicitly
539# set then it uses the same ratelimiting as per rc_message. This is useful
540# to allow room admins to deal with abuse quickly.
541#
542# The defaults are as shown below.
543#
544#rc_message:
545# per_second: 0.2
546# burst_count: 10
547#
548#rc_registration:
549# per_second: 0.17
550# burst_count: 3
551#
552#rc_login:
553# address:
554# per_second: 0.17
555# burst_count: 3
556# account:
557# per_second: 0.17
558# burst_count: 3
559# failed_attempts:
560# per_second: 0.17
561# burst_count: 3
562#
563#rc_admin_redaction:
564# per_second: 1
565# burst_count: 50
566
567
568# Ratelimiting settings for incoming federation
569#
570# The rc_federation configuration is made up of the following settings:
571# - window_size: window size in milliseconds
572# - sleep_limit: number of federation requests from a single server in
573# a window before the server will delay processing the request.
574# - sleep_delay: duration in milliseconds to delay processing events
575# from remote servers by if they go over the sleep limit.
576# - reject_limit: maximum number of concurrent federation requests
577# allowed from a single server
578# - concurrent: number of federation requests to concurrently process
579# from a single server
580#
581# The defaults are as shown below.
582#
583#rc_federation:
584# window_size: 1000
585# sleep_limit: 10
586# sleep_delay: 500
587# reject_limit: 50
588# concurrent: 3
589
590# Target outgoing federation transaction frequency for sending read-receipts,
591# per-room.
592#
593# If we end up trying to send out more read-receipts, they will get buffered up
594# into fewer transactions.
595#
596#federation_rr_transactions_per_room_per_second: 50
597
598
599
600## Media Store ##
601
602# Enable the media store service in the Synapse master. Uncomment the
603# following if you are using a separate media store worker.
604#
605#enable_media_repo: false
606
607# Directory where uploaded images and attachments are stored.
608#
609media_store_path: "/var/lib/matrix-synapse/media"
610
611# Media storage providers allow media to be stored in different
612# locations.
613#
614#media_storage_providers:
615# - module: file_system
616# # Whether to write new local files.
617# store_local: false
618# # Whether to write new remote media
619# store_remote: false
620# # Whether to block upload requests waiting for write to this
621# # provider to complete
622# store_synchronous: false
623# config:
624# directory: /mnt/some/other/directory
625
626# Directory where in-progress uploads are stored.
627#
628uploads_path: "/var/lib/matrix-synapse/uploads"
629
630# The largest allowed upload size in bytes
631#
632max_upload_size: 2M
633
634# Maximum number of pixels that will be thumbnailed
635#
636max_image_pixels: 12M
637
638# Whether to generate new thumbnails on the fly to precisely match
639# the resolution requested by the client. If true then whenever
640# a new resolution is requested by the client the server will
641# generate a new thumbnail. If false the server will pick a thumbnail
642# from a precalculated list.
643#
644#dynamic_thumbnails: false
645
646# List of thumbnails to precalculate when an image is uploaded.
647#
648#thumbnail_sizes:
649# - width: 32
650# height: 32
651# method: crop
652# - width: 96
653# height: 96
654# method: crop
655# - width: 320
656# height: 240
657# method: scale
658# - width: 640
659# height: 480
660# method: scale
661# - width: 800
662# height: 600
663# method: scale
664
665# Is the preview URL API enabled?
666#
667# 'false' by default: uncomment the following to enable it (and specify a
668# url_preview_ip_range_blacklist blacklist).
669#
670url_preview_enabled: true
671
672# List of IP address CIDR ranges that the URL preview spider is denied
673# from accessing. There are no defaults: you must explicitly
674# specify a list for URL previewing to work. You should specify any
675# internal services in your network that you do not want synapse to try
676# to connect to, otherwise anyone in any Matrix room could cause your
677# synapse to issue arbitrary GET requests to your internal services,
678# causing serious security issues.
679#
680# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
681# listed here, since they correspond to unroutable addresses.)
682#
683# This must be specified if url_preview_enabled is set. It is recommended that
684# you uncomment the following list as a starting point.
685#
686url_preview_ip_range_blacklist:
687 - '127.0.0.0/8'
688 - '10.0.0.0/8'
689 - '172.16.0.0/12'
690 - '192.168.0.0/16'
691 - '100.64.0.0/10'
692 - '169.254.0.0/16'
693 - '::1/128'
694 - 'fe80::/64'
695 - 'fc00::/7'
696
697# List of IP address CIDR ranges that the URL preview spider is allowed
698# to access even if they are specified in url_preview_ip_range_blacklist.
699# This is useful for specifying exceptions to wide-ranging blacklisted
700# target IP ranges - e.g. for enabling URL previews for a specific private
701# website only visible in your network.
702#
703#url_preview_ip_range_whitelist:
704# - '192.168.1.1'
705
706# Optional list of URL matches that the URL preview spider is
707# denied from accessing. You should use url_preview_ip_range_blacklist
708# in preference to this, otherwise someone could define a public DNS
709# entry that points to a private IP address and circumvent the blacklist.
710# This is more useful if you know there is an entire shape of URL that
711# you know that will never want synapse to try to spider.
712#
713# Each list entry is a dictionary of url component attributes as returned
714# by urlparse.urlsplit as applied to the absolute form of the URL. See
715# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
716# The values of the dictionary are treated as an filename match pattern
717# applied to that component of URLs, unless they start with a ^ in which
718# case they are treated as a regular expression match. If all the
719# specified component matches for a given list item succeed, the URL is
720# blacklisted.
721#
722url_preview_url_blacklist:
723# # blacklist any URL with a username in its URI
724 - username: '*'
725#
726# # blacklist all *.google.com URLs
727# - netloc: 'google.com'
728# - netloc: '*.google.com'
729#
730# # blacklist all plain HTTP URLs
731# - scheme: 'http'
732#
733# # blacklist http(s)://www.acme.com/foo
734# - netloc: 'www.acme.com'
735# path: '/foo'
736#
737# # blacklist any URL with a literal IPv4 address
738 - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
739
740# The largest allowed URL preview spidering size in bytes
741#
742max_spider_size: 3M
743
744
745## Captcha ##
746# See docs/CAPTCHA_SETUP for full details of configuring this.
747
748# This Home Server's ReCAPTCHA public key.
749#
750recaptcha_public_key: "wefwefwefwefwef"
751
752# This Home Server's ReCAPTCHA private key.
753#
754recaptcha_private_key: "wefwefwefwef"
755
756# Enables ReCaptcha checks when registering, preventing signup
757# unless a captcha is answered. Requires a valid ReCaptcha
758# public/private key.
759#
760enable_registration_captcha: true
761
762# A secret key used to bypass the captcha test entirely.
763#
764#captcha_bypass_secret: "YOUR_SECRET_HERE"
765
766# The API endpoint to use for verifying m.login.recaptcha responses.
767#
768#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
769
770
771## TURN ##
772
773# The public URIs of the TURN server to give to clients
774#
775#turn_uris: []
776
777# The shared secret used to compute passwords for the TURN server
778#
779#turn_shared_secret: "YOUR_SHARED_SECRET"
780
781# The Username and password if the TURN server needs them and
782# does not use a token
783#
784#turn_username: "TURNSERVER_USERNAME"
785#turn_password: "TURNSERVER_PASSWORD"
786
787# How long generated TURN credentials last
788#
789#turn_user_lifetime: 1h
790
791# Whether guests should be allowed to use the TURN server.
792# This defaults to True, otherwise VoIP will be unreliable for guests.
793# However, it does introduce a slight security risk as it allows users to
794# connect to arbitrary endpoints without having first signed up for a
795# valid account (e.g. by passing a CAPTCHA).
796#
797#turn_allow_guests: true
798
799
800## Registration ##
801#
802# Registration can be rate-limited using the parameters in the "Ratelimiting"
803# section of this file.
804
805# Enable registration for new users.
806#
807enable_registration: true
808
809# Optional account validity configuration. This allows for accounts to be denied
810# any request after a given period.
811#
812# ``enabled`` defines whether the account validity feature is enabled. Defaults
813# to False.
814#
815# ``period`` allows setting the period after which an account is valid
816# after its registration. When renewing the account, its validity period
817# will be extended by this amount of time. This parameter is required when using
818# the account validity feature.
819#
820# ``renew_at`` is the amount of time before an account's expiry date at which
821# Synapse will send an email to the account's email address with a renewal link.
822# This needs the ``email`` and ``public_baseurl`` configuration sections to be
823# filled.
824#
825# ``renew_email_subject`` is the subject of the email sent out with the renewal
826# link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter
827# from the ``email`` section.
828#
829# Once this feature is enabled, Synapse will look for registered users without an
830# expiration date at startup and will add one to every account it found using the
831# current settings at that time.
832# This means that, if a validity period is set, and Synapse is restarted (it will
833# then derive an expiration date from the current validity period), and some time
834# after that the validity period changes and Synapse is restarted, the users'
835# expiration dates won't be updated unless their account is manually renewed. This
836# date will be randomly selected within a range [now + period - d ; now + period],
837# where d is equal to 10% of the validity period.
838#
839#account_validity:
840# enabled: true
841# period: 6w
842# renew_at: 1w
843# renew_email_subject: "Renew your %(app)s account"
844# # Directory in which Synapse will try to find the HTML files to serve to the
845# # user when trying to renew an account. Optional, defaults to
846# # synapse/res/templates.
847# template_dir: "res/templates"
848# # HTML to be displayed to the user after they successfully renewed their
849# # account. Optional.
850# account_renewed_html_path: "account_renewed.html"
851# # HTML to be displayed when the user tries to renew an account with an invalid
852# # renewal token. Optional.
853# invalid_token_html_path: "invalid_token.html"
854
855# Time that a user's session remains valid for, after they log in.
856#
857# Note that this is not currently compatible with guest logins.
858#
859# Note also that this is calculated at login time: changes are not applied
860# retrospectively to users who have already logged in.
861#
862# By default, this is infinite.
863#
864#session_lifetime: 24h
865
866# The user must provide all of the below types of 3PID when registering.
867#
868registrations_require_3pid:
869 - email
870# - msisdn
871
872# Explicitly disable asking for MSISDNs from the registration
873# flow (overrides registrations_require_3pid if MSISDNs are set as required)
874#
875#disable_msisdn_registration: true
876
877# Mandate that users are only allowed to associate certain formats of
878# 3PIDs with accounts on this server.
879#
880#allowed_local_3pids:
881# - medium: email
882# pattern: '.*@matrix\.org'
883# - medium: email
884# pattern: '.*@vector\.im'
885# - medium: msisdn
886# pattern: '\+44'
887
888# Enable 3PIDs lookup requests to identity servers from this server.
889#
890#enable_3pid_lookup: true
891
892# If set, allows registration of standard or admin accounts by anyone who
893# has the shared secret, even if registration is otherwise disabled.
894#
895registration_shared_secret: xxxxxxxxxxxxxxxxxx
896
897# Set the number of bcrypt rounds used to generate password hash.
898# Larger numbers increase the work factor needed to generate the hash.
899# The default number is 12 (which equates to 2^12 rounds).
900# N.B. that increasing this will exponentially increase the time required
901# to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
902#
903#bcrypt_rounds: 12
904
905# Allows users to register as guests without a password/email/etc, and
906# participate in rooms hosted on this server which have been made
907# accessible to anonymous users.
908#
909#allow_guest_access: false
910
911# The identity server which we suggest that clients should use when users log
912# in on this server.
913#
914# (By default, no suggestion is made, so it is left up to the client.
915# This setting is ignored unless public_baseurl is also set.)
916#
917#default_identity_server: https://matrix.org
918
919# The list of identity servers trusted to verify third party
920# identifiers by this server.
921#
922# Also defines the ID server which will be called when an account is
923# deactivated (one will be picked arbitrarily).
924#
925# Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity
926# server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a
927# background migration script, informing itself that the identity server all of its
928# 3PIDs have been bound to is likely one of the below.
929#
930# As of Synapse v1.4.0, all other functionality of this option has been deprecated, and
931# it is now solely used for the purposes of the background migration script, and can be
932# removed once it has run.
933#trusted_third_party_id_servers:
934# - matrix.org
935# - vector.im
936
937# Handle threepid (email/phone etc) registration and password resets through a set of
938# *trusted* identity servers. Note that this allows the configured identity server to
939# reset passwords for accounts!
940#
941# Be aware that if `email` is not set, and SMTP options have not been
942# configured in the email config block, registration and user password resets via
943# email will be globally disabled.
944#
945# Additionally, if `msisdn` is not set, registration and password resets via msisdn
946# will be disabled regardless. This is due to Synapse currently not supporting any
947# method of sending SMS messages on its own.
948#
949# To enable using an identity server for operations regarding a particular third-party
950# identifier type, set the value to the URL of that identity server as shown in the
951# examples below.
952#
953# Servers handling the these requests must answer the `/requestToken` endpoints defined
954# by the Matrix Identity Service API specification:
955# https://matrix.org/docs/spec/identity_service/latest
956#
957# If a delegate is specified, the config option public_baseurl must also be filled out.
958#
959account_threepid_delegates:
960 #email: https://example.com # Delegate email sending to example.org
961 #msisdn: http://localhost:8090 # Delegate SMS sending to this local process
962
963# Users who register on this homeserver will automatically be joined
964# to these rooms
965#
966auto_join_rooms:
967 - "#lobby:chatcloud.net"
968
969# Where auto_join_rooms are specified, setting this flag ensures that the
970# the rooms exist by creating them when the first user on the
971# homeserver registers.
972# Setting to false means that if the rooms are not manually created,
973# users cannot be auto-joined since they do not exist.
974#
975autocreate_auto_join_rooms: true
976
977
978## Metrics ###
979
980# Enable collection and rendering of performance metrics
981#
982#enable_metrics: false
983
984# Enable sentry integration
985# NOTE: While attempts are made to ensure that the logs don't contain
986# any sensitive information, this cannot be guaranteed. By enabling
987# this option the sentry server may therefore receive sensitive
988# information, and it in turn may then diseminate sensitive information
989# through insecure notification channels if so configured.
990#
991#sentry:
992# dsn: "..."
993
994# Flags to enable Prometheus metrics which are not suitable to be
995# enabled by default, either for performance reasons or limited use.
996#
997metrics_flags:
998 # Publish synapse_federation_known_servers, a g auge of the number of
999 # servers this homeserver knows about, including itself. May cause
1000 # performance problems on large homeservers.
1001 #
1002 #known_servers: true
1003
1004# Whether or not to report anonymized homeserver usage statistics.
1005# report_stats: true|false
1006
1007# The endpoint to report the anonymized homeserver usage statistics to.
1008# Defaults to https://matrix.org/report-usage-stats/push
1009#
1010#report_stats_endpoint: https://example.com/report-usage-stats/push
1011
1012
1013## API Configuration ##
1014
1015# A list of event types that will be included in the room_invite_state
1016#
1017#room_invite_state_types:
1018# - "m.room.join_rules"
1019# - "m.room.canonical_alias"
1020# - "m.room.avatar"
1021# - "m.room.encryption"
1022# - "m.room.name"
1023
1024
1025# A list of application service config files to use
1026#
1027#app_service_config_files:
1028# - app_service_1.yaml
1029# - app_service_2.yaml
1030
1031# Uncomment to enable tracking of application service IP addresses. Implicitly
1032# enables MAU tracking for application service users.
1033#
1034#track_appservice_user_ips: true
1035
1036
1037# a secret which is used to sign access tokens. If none is specified,
1038# the registration_shared_secret is used, if one is given; otherwise,
1039# a secret key is derived from the signing key.
1040#
1041macaroon_secret_key: wefwefwefwefwef
1042
1043# a secret which is used to calculate HMACs for form values, to stop
1044# falsification of values. Must be specified for the User Consent
1045# forms to work.
1046#
1047# form_secret: <PRIVATE STRING>
1048
1049## Signing Keys ##
1050
1051# Path to the signing key to sign messages with
1052#
1053signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
1054
1055# The keys that the server used to sign messages with but won't use
1056# to sign new messages. E.g. it has lost its private key
1057#
1058#old_signing_keys:
1059# "ed25519:auto":
1060# # Base64 encoded public key
1061# key: "The public part of your old signing key."
1062# # Millisecond POSIX timestamp when the key expired.
1063# expired_ts: 123456789123
1064
1065# How long key response published by this server is valid for.
1066# Used to set the valid_until_ts in /key/v2 APIs.
1067# Determines how quickly servers will query to check which keys
1068# are still valid.
1069#
1070#key_refresh_interval: 1d
1071
1072# The trusted servers to download signing keys from.
1073#
1074# When we need to fetch a signing key, each server is tried in parallel.
1075#
1076# Normally, the connection to the key server is validated via TLS certificates.
1077# Additional security can be provided by configuring a `verify key`, which
1078# will make synapse check that the response is signed by that key.
1079#
1080# This setting supercedes an older setting named `perspectives`. The old format
1081# is still supported for backwards-compatibility, but it is deprecated.
1082#
1083# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
1084# warning on start-up. To suppress this warning, set
1085# 'suppress_key_server_warning' to true.
1086#
1087# Options for each entry in the list include:
1088#
1089# server_name: the name of the server. required.
1090#
1091# verify_keys: an optional map from key id to base64-encoded public key.
1092# If specified, we will check that the response is signed by at least
1093# one of the given keys.
1094#
1095# accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
1096# and federation_verify_certificates is not `true`, synapse will refuse
1097# to start, because this would allow anyone who can spoof DNS responses
1098# to masquerade as the trusted key server. If you know what you are doing
1099# and are sure that your network environment provides a secure connection
1100# to the key server, you can set this to `true` to override this
1101# behaviour.
1102#
1103# An example configuration might look like:
1104#
1105#trusted_key_servers:
1106# - server_name: "my_trusted_server.example.com"
1107# verify_keys:
1108# "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
1109# - server_name: "my_other_trusted_server.example.com"
1110#
1111trusted_key_servers:
1112 - server_name: "matrix.org"
1113
1114# Uncomment the following to disable the warning that is emitted when the
1115# trusted_key_servers include 'matrix.org'. See above.
1116#
1117#suppress_key_server_warning: true
1118
1119# The signing keys to use when acting as a trusted key server. If not specified
1120# defaults to the server signing key.
1121#
1122# Can contain multiple keys, one per line.
1123#
1124#key_server_signing_keys_path: "key_server_signing_keys.key"
1125
1126
1127# Enable SAML2 for registration and login. Uses pysaml2.
1128#
1129# At least one of `sp_config` or `config_path` must be set in this section to
1130# enable SAML login.
1131#
1132# (You will probably also want to set the following options to `false` to
1133# disable the regular login/registration flows:
1134# * enable_registration
1135# * password_config.enabled
1136#
1137# Once SAML support is enabled, a metadata file will be exposed at
1138# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
1139# use to configure your SAML IdP with. Alternatively, you can manually configure
1140# the IdP to use an ACS location of
1141# https://<server>:<port>/_matrix/saml2/authn_response.
1142#
1143saml2_config:
1144 # `sp_config` is the configuration for the pysaml2 Service Provider.
1145 # See pysaml2 docs for format of config.
1146 #
1147 # Default values will be used for the 'entityid' and 'service' settings,
1148 # so it is not normally necessary to specify them unless you need to
1149 # override them.
1150 #
1151 #sp_config:
1152 # # point this to the IdP's metadata. You can use either a local file or
1153 # # (preferably) a URL.
1154 # metadata:
1155 # #local: ["saml2/idp.xml"]
1156 # remote:
1157 # - url: https://our_idp/metadata.xml
1158 #
1159 # # By default, the user has to go to our login page first. If you'd like
1160 # # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
1161 # # 'service.sp' section:
1162 # #
1163 # #service:
1164 # # sp:
1165 # # allow_unsolicited: true
1166 #
1167 # # The examples below are just used to generate our metadata xml, and you
1168 # # may well not need them, depending on your setup. Alternatively you
1169 # # may need a whole lot more detail - see the pysaml2 docs!
1170 #
1171 # description: ["My awesome SP", "en"]
1172 # name: ["Test SP", "en"]
1173 #
1174 # organization:
1175 # name: Example com
1176 # display_name:
1177 # - ["Example co", "en"]
1178 # url: "http://example.com"
1179 #
1180 # contact_person:
1181 # - given_name: Bob
1182 # sur_name: "the Sysadmin"
1183 # email_address": ["admin@example.com"]
1184 # contact_type": technical
1185
1186 # Instead of putting the config inline as above, you can specify a
1187 # separate pysaml2 configuration file:
1188 #
1189 #config_path: "CONFDIR/sp_conf.py"
1190
1191 # the lifetime of a SAML session. This defines how long a user has to
1192 # complete the authentication process, if allow_unsolicited is unset.
1193 # The default is 5 minutes.
1194 #
1195 #saml_session_lifetime: 5m
1196
1197 # The SAML attribute (after mapping via the attribute maps) to use to derive
1198 # the Matrix ID from. 'uid' by default.
1199 #
1200 #mxid_source_attribute: displayName
1201
1202 # The mapping system to use for mapping the saml attribute onto a matrix ID.
1203 # Options include:
1204 # * 'hexencode' (which maps unpermitted characters to '=xx')
1205 # * 'dotreplace' (which replaces unpermitted characters with '.').
1206 # The default is 'hexencode'.
1207 #
1208 #mxid_mapping: dotreplace
1209
1210 # In previous versions of synapse, the mapping from SAML attribute to MXID was
1211 # always calculated dynamically rather than stored in a table. For backwards-
1212 # compatibility, we will look for user_ids matching such a pattern before
1213 # creating a new account.
1214 #
1215 # This setting controls the SAML attribute which will be used for this
1216 # backwards-compatibility lookup. Typically it should be 'uid', but if the
1217 # attribute maps are changed, it may be necessary to change it.
1218 #
1219 # The default is 'uid'.
1220 #
1221 #grandfathered_mxid_source_attribute: upn
1222
1223
1224
1225# Enable CAS for registration and login.
1226#
1227#cas_config:
1228# enabled: true
1229# server_url: "https://cas-server.com"
1230# service_url: "https://homeserver.domain.com:8448"
1231# #displayname_attribute: name
1232# #required_attributes:
1233# # name: value
1234
1235
1236# The JWT needs to contain a globally unique "sub" (subject) claim.
1237#
1238#jwt_config:
1239# enabled: true
1240# secret: "a secret"
1241# algorithm: "HS256"
1242
1243
1244password_config:
1245 # Uncomment to disable password login
1246 #
1247 #enabled: false
1248
1249 # Uncomment to disable authentication against the local password
1250 # database. This is ignored if `enabled` is false, and is only useful
1251 # if you have other password_providers.
1252 #
1253 #localdb_enabled: false
1254
1255 # Uncomment and change to a secret random string for extra security.
1256 # DO NOT CHANGE THIS AFTER INITIAL SETUP!
1257 #
1258 #pepper: "EVEN_MORE_SECRET"
1259
1260
1261
1262# Enable sending emails for password resets, notification events or
1263# account expiry notices
1264#
1265# If your SMTP server requires authentication, the optional smtp_user &
1266# smtp_pass variables should be used
1267#
1268email:
1269 enable_notifs: true
1270 smtp_host: "smtp.easyname.com"
1271 smtp_port: 465 # SSL: 465, STARTTLS: 587
1272 smtp_user: "39828mail2"
1273 smtp_pass: "xxxxxxxxxxxx"
1274 require_transport_security: true
1275 notif_from: "Chatcloud.net <noreply@chatcloud.net>"
1276 app_name: Matrix
1277#
1278# # Enable email notifications by default
1279# #
1280 notif_for_new_users: true
1281#
1282# # Defining a custom URL for Riot is only needed if email notifications
1283# # should contain links to a self-hosted installation of Riot; when set
1284# # the "app_name" setting is ignored
1285# #
1286 riot_base_url: "https://talk.chatcloud.net"
1287#
1288# # Configure the time that a validation email or text message code
1289# # will expire after sending
1290# #
1291# # This is currently used for password resets
1292# #
1293 validation_token_lifetime: 24h
1294#
1295# # Template directory. All template files should be stored within this
1296# # directory. If not set, default templates from within the Synapse
1297# # package will be used
1298# #
1299# # For the list of default templates, please see
1300# # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
1301# #
1302 template_dir: /var/lib/matrix-synapse/res/templates
1303#
1304# # Templates for email notifications
1305# #
1306 notif_template_html: notif_mail.html
1307 notif_template_text: notif_mail.txt
1308#
1309# # Templates for account expiry notices
1310# #
1311 expiry_template_html: notice_expiry.html
1312 expiry_template_text: notice_expiry.txt
1313#
1314# # Templates for password reset emails sent by the homeserver
1315# #
1316 password_reset_template_html: password_reset.html
1317 password_reset_template_text: password_reset.txt
1318#
1319# # Templates for registration emails sent by the homeserver
1320# #
1321 registration_template_html: registration.html
1322 registration_template_text: registration.txt
1323#
1324# # Templates for validation emails sent by the homeserver when adding an email to
1325# # your user account
1326# #
1327 add_threepid_template_html: add_threepid.html
1328 add_threepid_template_text: add_threepid.txt
1329#
1330# # Templates for password reset success and failure pages that a user
1331# # will see after attempting to reset their password
1332# #
1333 password_reset_template_success_html: password_reset_success.html
1334 password_reset_template_failure_html: password_reset_failure.html
1335#
1336# # Templates for registration success and failure pages that a user
1337# # will see after attempting to register using an email or phone
1338# #
1339 registration_template_success_html: registration_success.html
1340 registration_template_failure_html: registration_failure.html
1341#
1342# # Templates for success and failure pages that a user will see after attempting
1343# # to add an email or phone to their account
1344# #
1345 add_threepid_success_html: add_threepid_success.html
1346 add_threepid_failure_html: add_threepid_failure.html
1347
1348
1349#password_providers:
1350# - module: "ldap_auth_provider.LdapAuthProvider"
1351# config:
1352# enabled: true
1353# uri: "ldap://ldap.example.com:389"
1354# start_tls: true
1355# base: "ou=users,dc=example,dc=com"
1356# attributes:
1357# uid: "cn"
1358# mail: "email"
1359# name: "givenName"
1360# #bind_dn:
1361# #bind_password:
1362# #filter: "(objectClass=posixAccount)"
1363
1364
1365
1366# Clients requesting push notifications can either have the body of
1367# the message sent in the notification poke along with other details
1368# like the sender, or just the event ID and room ID (`event_id_only`).
1369# If clients choose the former, this option controls whether the
1370# notification request includes the content of the event (other details
1371# like the sender are still included). For `event_id_only` push, it
1372# has no effect.
1373#
1374# For modern android devices the notification content will still appear
1375# because it is loaded by the app. iPhone, however will send a
1376# notification saying only that a message arrived and who it came from.
1377#
1378#push:
1379# include_content: true
1380
1381
1382#spam_checker:
1383# module: "my_custom_project.SuperSpamChecker"
1384# config:
1385# example_option: 'things'
1386
1387
1388# Uncomment to allow non-server-admin users to create groups on this server
1389#
1390#enable_group_creation: true
1391
1392# If enabled, non server admins can only create groups with local parts
1393# starting with this prefix
1394#
1395#group_creation_prefix: "unofficial/"
1396
1397
1398
1399# User Directory configuration
1400#
1401# 'enabled' defines whether users can search the user directory. If
1402# false then empty responses are returned to all queries. Defaults to
1403# true.
1404#
1405# 'search_all_users' defines whether to search all users visible to your HS
1406# when searching the user directory, rather than limiting to users visible
1407# in public rooms. Defaults to false. If you set it True, you'll have to
1408# rebuild the user_directory search indexes, see
1409# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
1410#
1411user_directory:
1412 enabled: true
1413 search_all_users: false
1414
1415
1416# User Consent configuration
1417#
1418# for detailed instructions, see
1419# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md
1420#
1421# Parts of this section are required if enabling the 'consent' resource under
1422# 'listeners', in particular 'template_dir' and 'version'.
1423#
1424# 'template_dir' gives the location of the templates for the HTML forms.
1425# This directory should contain one subdirectory per language (eg, 'en', 'fr'),
1426# and each language directory should contain the policy document (named as
1427# '<version>.html') and a success page (success.html).
1428#
1429# 'version' specifies the 'current' version of the policy document. It defines
1430# the version to be served by the consent resource if there is no 'v'
1431# parameter.
1432#
1433# 'server_notice_content', if enabled, will send a user a "Server Notice"
1434# asking them to consent to the privacy policy. The 'server_notices' section
1435# must also be configured for this to work. Notices will *not* be sent to
1436# guest users unless 'send_server_notice_to_guests' is set to true.
1437#
1438# 'block_events_error', if set, will block any attempts to send events
1439# until the user consents to the privacy policy. The value of the setting is
1440# used as the text of the error.
1441#
1442# 'require_at_registration', if enabled, will add a step to the registration
1443# process, similar to how captcha works. Users will be required to accept the
1444# policy before their account is created.
1445#
1446# 'policy_name' is the display name of the policy users will see when registering
1447# for an account. Has no effect unless `require_at_registration` is enabled.
1448# Defaults to "Privacy Policy".
1449#
1450#user_consent:
1451# template_dir: res/templates/privacy
1452# version: 1.0
1453# server_notice_content:
1454# msgtype: m.text
1455# body: >-
1456# To continue using this homeserver you must review and agree to the
1457# terms and conditions at %(consent_uri)s
1458# send_server_notice_to_guests: true
1459# block_events_error: >-
1460# To continue using this homeserver you must review and agree to the
1461# terms and conditions at %(consent_uri)s
1462# require_at_registration: false
1463# policy_name: Privacy Policy
1464#
1465
1466
1467
1468# Local statistics collection. Used in populating the room directory.
1469#
1470# 'bucket_size' controls how large each statistics timeslice is. It can
1471# be defined in a human readable short form -- e.g. "1d", "1y".
1472#
1473# 'retention' controls how long historical statistics will be kept for.
1474# It can be defined in a human readable short form -- e.g. "1d", "1y".
1475#
1476#
1477#stats:
1478# enabled: true
1479# bucket_size: 1d
1480# retention: 1y
1481
1482
1483# Server Notices room configuration
1484#
1485# Uncomment this section to enable a room which can be used to send notices
1486# from the server to users. It is a special room which cannot be left; notices
1487# come from a special "notices" user id.
1488#
1489# If you uncomment this section, you *must* define the system_mxid_localpart
1490# setting, which defines the id of the user which will be used to send the
1491# notices.
1492#
1493# It's also possible to override the room name, the display name of the
1494# "notices" user, and the avatar for the user.
1495#
1496#server_notices:
1497# system_mxid_localpart: notices
1498# system_mxid_display_name: "Server Notices"
1499# system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
1500# room_name: "Server Notices"
1501
1502
1503
1504# Uncomment to disable searching the public room list. When disabled
1505# blocks searching local and remote room lists for local and remote
1506# users by always returning an empty list for all queries.
1507#
1508#enable_room_list_search: false
1509
1510# The `alias_creation` option controls who's allowed to create aliases
1511# on this server.
1512#
1513# The format of this option is a list of rules that contain globs that
1514# match against user_id, room_id and the new alias (fully qualified with
1515# server name). The action in the first rule that matches is taken,
1516# which can currently either be "allow" or "deny".
1517#
1518# Missing user_id/room_id/alias fields default to "*".
1519#
1520# If no rules match the request is denied. An empty list means no one
1521# can create aliases.
1522#
1523# Options for the rules include:
1524#
1525# user_id: Matches against the creator of the alias
1526# alias: Matches against the alias being created
1527# room_id: Matches against the room ID the alias is being pointed at
1528# action: Whether to "allow" or "deny" the request if the rule matches
1529#
1530# The default is:
1531#
1532alias_creation_rules:
1533 - user_id: "agrundner"
1534 alias: "*"
1535 room_id: "*"
1536 action: allow
1537
1538# The `room_list_publication_rules` option controls who can publish and
1539# which rooms can be published in the public room list.
1540#
1541# The format of this option is the same as that for
1542# `alias_creation_rules`.
1543#
1544# If the room has one or more aliases associated with it, only one of
1545# the aliases needs to match the alias rule. If there are no aliases
1546# then only rules with `alias: *` match.
1547#
1548# If no rules match the request is denied. An empty list means no one
1549# can publish rooms.
1550#
1551# Options for the rules include:
1552#
1553# user_id: Matches agaisnt the creator of the alias
1554# room_id: Matches against the room ID being published
1555# alias: Matches against any current local or canonical aliases
1556# associated with the room
1557# action: Whether to "allow" or "deny" the request if the rule matches
1558#
1559# The default is:
1560#
1561room_list_publication_rules:
1562 - user_id: "agrundner"
1563 alias: "*"
1564 room_id: "*"
1565 action: allow
1566
1567
1568# Server admins can define a Python module that implements extra rules for
1569# allowing or denying incoming events. In order to work, this module needs to
1570# override the methods defined in synapse/events/third_party_rules.py.
1571#
1572# This feature is designed to be used in closed federations only, where each
1573# participating server enforces the same rules.
1574#
1575#third_party_event_rules:
1576# module: "my_custom_project.SuperRulesSet"
1577# config:
1578# example_option: 'things'
1579
1580
1581## Opentracing ##
1582
1583# These settings enable opentracing, which implements distributed tracing.
1584# This allows you to observe the causal chains of events across servers
1585# including requests, key lookups etc., across any server running
1586# synapse or any other other services which supports opentracing
1587# (specifically those implemented with Jaeger).
1588#
1589opentracing:
1590 # tracing is disabled by default. Uncomment the following line to enable it.
1591 #
1592 #enabled: true
1593
1594 # The list of homeservers we wish to send and receive span contexts and span baggage.
1595 # See docs/opentracing.rst
1596 # This is a list of regexes which are matched against the server_name of the
1597 # homeserver.
1598 #
1599 # By defult, it is empty, so no servers are matched.
1600 #
1601 #homeserver_whitelist:
1602 # - ".*"
1603
1604 # Jaeger can be configured to sample traces at different rates.
1605 # All configuration options provided by Jaeger can be set here.
1606 # Jaeger's configuration mostly related to trace sampling which
1607 # is documented here:
1608 # https://www.jaegertracing.io/docs/1.13/sampling/.
1609 #
1610 #jaeger_config:
1611 # sampler:
1612 # type: const
1613 # param: 1
1614
1615 # Logging whether spans were started and reported
1616 #
1617 # logging:
1618 # false