· 5 years ago · Feb 27, 2021, 11:58 AM
1# vim:ft=yaml
2# PEM encoded X509 certificate for TLS.
3# You can replace the self-signed certificate that synapse
4# autogenerates on launch with your own SSL certificate + key pair
5# if you like. Any required intermediary certificates can be
6# appended after the primary certificate in hierarchical order.
7#tls_certificate_path: "/etc/letsencrypt/live/matrix.bosselnet.ch/fullchain.pem"
8
9# PEM encoded private key for TLS
10#tls_private_key_path: "/etc/letsencrypt/live/matrix.bosselnet.ch/privkey.pem"
11
12# PEM dh parameters for ephemeral keys
13#tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
14
15# Don't bind to the https port
16#no_tls: False
17
18# List of allowed TLS fingerprints for this server to publish along
19# with the signing keys for this server. Other matrix servers that
20# make HTTPS requests to this server will check that the TLS
21# certificates returned by this server match one of the fingerprints.
22#
23# Synapse automatically adds the fingerprint of its own certificate
24# to the list. So if federation traffic is handled directly by synapse
25# then no modification to the list is required.
26#
27# If synapse is run behind a load balancer that handles the TLS then it
28# will be necessary to add the fingerprints of the certificates used by
29# the loadbalancers to this list if they are different to the one
30# synapse is using.
31#
32# Homeservers are permitted to cache the list of TLS fingerprints
33# returned in the key responses up to the "valid_until_ts" returned in
34# key. It may be necessary to publish the fingerprints of a new
35# certificate and wait until the "valid_until_ts" of the previous key
36# responses have passed before deploying it.
37#
38# You can calculate a fingerprint from a given TLS listener via:
39# openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
40# openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
41# or by checking matrix.org/federationtester/api/report?server_name=$host
42#
43tls_fingerprints: []
44# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
45
46
47## Server ##
48
49# When running as a daemon, the file to store the pid in
50pid_file: "/var/run/matrix-synapse.pid"
51
52# CPU affinity mask. Setting this restricts the CPUs on which the
53# process will be scheduled. It is represented as a bitmask, with the
54# lowest order bit corresponding to the first logical CPU and the
55# highest order bit corresponding to the last logical CPU. Not all CPUs
56# may exist on a given system but a mask may specify more CPUs than are
57# present.
58#
59# For example:
60# 0x00000001 is processor #0,
61# 0x00000003 is processors #0 and #1,
62# 0xFFFFFFFF is all processors (#0 through #31).
63#
64# Pinning a Python process to a single CPU is desirable, because Python
65# is inherently single-threaded due to the GIL, and can suffer a
66# 30-40% slowdown due to cache blow-out and thread context switching
67# if the scheduler happens to schedule the underlying threads across
68# different cores. See
69# https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/.
70#
71# cpu_affinity: 0xFFFFFFFF
72
73# The path to the web client which will be served at /_matrix/client/
74# if 'webclient' is configured under the 'listeners' configuration.
75#
76# web_client_location: "/path/to/web/root"
77
78# The public-facing base URL for the client API (not including _matrix/...)
79# public_baseurl: https://example.com:8448/
80
81# Set the soft limit on the number of file descriptors synapse can use
82# Zero is used to indicate synapse should set the soft limit to the
83# hard limit.
84soft_file_limit: 0
85
86# Set to false to disable presence tracking on this homeserver.
87#
88#use_presence: false
89
90# Whether to require authentication to retrieve profile data (avatars,
91# display names) of other users through the client API. Defaults to
92# 'false'. Note that profile data is also available via the federation
93# API, so this setting is of limited value if federation is enabled on
94# the server.
95#
96#require_auth_for_profile_requests: true
97
98# Uncomment to require a user to share a room with another user in order
99# to retrieve their profile information. Only checked on Client-Server
100# requests. Profile requests from other servers should be checked by the
101# requesting server. Defaults to 'false'.
102#
103#limit_profile_requests_to_users_who_share_rooms: true
104
105# If set to 'true', removes the need for authentication to access the server's
106# public rooms directory through the client API, meaning that anyone can
107# query the room directory. Defaults to 'false'.
108#
109#allow_public_rooms_without_auth: true
110
111# If set to 'true', allows any other homeserver to fetch the server's public
112# rooms directory via federation. Defaults to 'false'.
113#
114#allow_public_rooms_over_federation: true
115
116# The default room version for newly created rooms.
117#
118# Known room versions are listed here:
119# https://matrix.org/docs/spec/#complete-list-of-room-versions
120#
121# For example, for room version 1, default_room_version should be set
122# to "1".
123#
124#default_room_version: "5"
125
126# The GC threshold parameters to pass to `gc.set_threshold`, if defined
127# gc_thresholds: [700, 10, 10]
128
129# Set the limit on the returned events in the timeline in the get
130# and sync operations. The default value is -1, means no upper limit.
131# filter_timeline_limit: 5000
132
133# Whether room invites to users on this server should be blocked
134# (except those sent by local server admins). The default is False.
135# block_non_admin_invites: True
136
137# Restrict federation to the following whitelist of domains.
138# N.B. we recommend also firewalling your federation listener to limit
139# inbound federation traffic as early as possible, rather than relying
140# purely on this application-layer restriction. If not specified, the
141# default is to whitelist everything.
142#
143# federation_domain_whitelist:
144# - lon.example.com
145# - nyc.example.com
146# - syd.example.com
147
148# Prevent federation requests from being sent to the following
149# blacklist IP address CIDR ranges. If this option is not specified, or
150# specified with an empty list, no ip range blacklist will be enforced.
151#
152# As of Synapse v1.4.0 this option also affects any outbound requests to identity
153# servers provided by user input.
154#
155# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
156# listed here, since they correspond to unroutable addresses.)
157#
158federation_ip_range_blacklist:
159 - '127.0.0.0/8'
160 - '10.0.0.0/8'
161 - '172.16.0.0/12'
162 - '192.168.0.0/16'
163 - '100.64.0.0/10'
164 - '169.254.0.0/16'
165 - '::1/128'
166 - 'fe80::/64'
167 - 'fc00::/7'
168
169# List of ports that Synapse should listen on, their purpose and their
170# configuration.
171listeners:
172 # Main HTTPS listener
173 # For when matrix traffic is sent directly to synapse.
174 -
175 # The port to listen for HTTPS requests on.
176 #port: 8448
177
178 # Local addresses to listen on.
179 # On Linux and Mac OS, `::` will listen on all IPv4 and IPv6
180 # addresses by default. For most other OSes, this will only listen
181 # on IPv6.
182 bind_addresses:
183 # - '::1'
184 # - '127.0.0.1'
185 # - '::'
186 # - '0.0.0.0'
187
188 # This is a 'http' listener, allows us to specify 'resources'.
189 #type: http
190
191 #tls: true
192
193 # Use the X-Forwarded-For (XFF) header as the client IP and not the
194 # actual client IP.
195 #x_forwarded: false
196
197 # List of HTTP resources to serve on this listener.
198 resources:
199 -
200 # List of resources to host on this listener.
201 names:
202 - client # The client-server APIs, both v1 and v2
203
204 # Should synapse compress HTTP responses to clients that support it?
205 # This should be disabled if running synapse behind a load balancer
206 # that can do automatic compression.
207 #compress: true
208
209 - names: [federation] # Federation APIs
210 #compress: false
211
212 # optional list of additional endpoints which can be loaded via
213 # dynamic modules
214 # additional_resources:
215 # "/_matrix/my/custom/endpoint":
216 # module: my_module.CustomRequestHandler
217 # config: {}
218
219 # Unsecure HTTP listener,
220 # For when matrix traffic passes through loadbalancer that unwraps TLS.
221 - port: 8008
222 tls: false
223 bind_addresses:
224 - '::1'
225 - '127.0.0.1'
226 # - '::'
227 # - '0.0.0.0'
228 type: http
229
230 x_forwarded: true
231
232 resources:
233 - names: [client]
234 compress: true
235 - names: [federation]
236 compress: false
237
238 # Turn on the twisted ssh manhole service on localhost on the given
239 # port.
240 # - port: 9000
241 # bind_addresses:
242 # - '::1'
243 # - '127.0.0.1'
244 # type: manhole
245
246
247# Database configuration
248database:
249 # The database engine name
250 name: "sqlite3"
251 # Arguments to pass to the engine
252 args:
253 # Path to the database
254 database: "/var/lib/matrix-synapse/homeserver.db"
255
256# Number of events to cache in memory.
257event_cache_size: "10K"
258
259
260# A yaml python logging config file
261log_config: "/etc/matrix-synapse/log.yaml"
262
263
264
265## Ratelimiting ##
266
267# Number of messages a client can send per second
268rc_messages_per_second: 0.2
269
270# Number of message a client can send before being throttled
271rc_message_burst_count: 10.0
272
273# The federation window size in milliseconds
274federation_rc_window_size: 1000
275
276# The number of federation requests from a single server in a window
277# before the server will delay processing the request.
278federation_rc_sleep_limit: 10
279
280# The duration in milliseconds to delay processing events from
281# remote servers by if they go over the sleep limit.
282federation_rc_sleep_delay: 500
283
284# The maximum number of concurrent federation requests allowed
285# from a single server
286federation_rc_reject_limit: 50
287
288# The number of federation requests to concurrently process from a
289# single server
290federation_rc_concurrent: 3
291
292
293
294# Directory where uploaded images and attachments are stored.
295media_store_path: "/var/lib/matrix-synapse/media"
296
297# Media storage providers allow media to be stored in different
298# locations.
299# media_storage_providers:
300# - module: file_system
301# # Whether to write new local files.
302# store_local: false
303# # Whether to write new remote media
304# store_remote: false
305# # Whether to block upload requests waiting for write to this
306# # provider to complete
307# store_synchronous: false
308# config:
309# directory: /mnt/some/other/directory
310
311# Directory where in-progress uploads are stored.
312uploads_path: "/var/lib/matrix-synapse/uploads"
313
314# The largest allowed upload size in bytes
315max_upload_size: "10M"
316
317# Maximum number of pixels that will be thumbnailed
318max_image_pixels: "32M"
319
320# Whether to generate new thumbnails on the fly to precisely match
321# the resolution requested by the client. If true then whenever
322# a new resolution is requested by the client the server will
323# generate a new thumbnail. If false the server will pick a thumbnail
324# from a precalculated list.
325dynamic_thumbnails: false
326
327# List of thumbnail to precalculate when an image is uploaded.
328thumbnail_sizes:
329- width: 32
330 height: 32
331 method: crop
332- width: 96
333 height: 96
334 method: crop
335- width: 320
336 height: 240
337 method: scale
338- width: 640
339 height: 480
340 method: scale
341- width: 800
342 height: 600
343 method: scale
344
345# Is the preview URL API enabled? If enabled, you *must* specify
346# an explicit url_preview_ip_range_blacklist of IPs that the spider is
347# denied from accessing.
348url_preview_enabled: False
349
350# List of IP address CIDR ranges that the URL preview spider is denied
351# from accessing. There are no defaults: you must explicitly
352# specify a list for URL previewing to work. You should specify any
353# internal services in your network that you do not want synapse to try
354# to connect to, otherwise anyone in any Matrix room could cause your
355# synapse to issue arbitrary GET requests to your internal services,
356# causing serious security issues.
357#
358# url_preview_ip_range_blacklist:
359 - '127.0.0.0/8'
360 - '10.0.0.0/8'
361 - '172.16.0.0/12'
362 - '192.168.0.0/16'
363 - '100.64.0.0/10'
364 - '169.254.0.0/16'
365#
366# List of IP address CIDR ranges that the URL preview spider is allowed
367# to access even if they are specified in url_preview_ip_range_blacklist.
368# This is useful for specifying exceptions to wide-ranging blacklisted
369# target IP ranges - e.g. for enabling URL previews for a specific private
370# website only visible in your network.
371#
372# url_preview_ip_range_whitelist:
373# - '192.168.1.1'
374
375# Optional list of URL matches that the URL preview spider is
376# denied from accessing. You should use url_preview_ip_range_blacklist
377# in preference to this, otherwise someone could define a public DNS
378# entry that points to a private IP address and circumvent the blacklist.
379# This is more useful if you know there is an entire shape of URL that
380# you know that will never want synapse to try to spider.
381#
382# Each list entry is a dictionary of url component attributes as returned
383# by urlparse.urlsplit as applied to the absolute form of the URL. See
384# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
385# The values of the dictionary are treated as an filename match pattern
386# applied to that component of URLs, unless they start with a ^ in which
387# case they are treated as a regular expression match. If all the
388# specified component matches for a given list item succeed, the URL is
389# blacklisted.
390#
391# url_preview_url_blacklist:
392# # blacklist any URL with a username in its URI
393# - username: '*'
394#
395# # blacklist all *.google.com URLs
396# - netloc: 'google.com'
397# - netloc: '*.google.com'
398#
399# # blacklist all plain HTTP URLs
400# - scheme: 'http'
401#
402# # blacklist http(s)://www.acme.com/foo
403# - netloc: 'www.acme.com'
404# path: '/foo'
405#
406# # blacklist any URL with a literal IPv4 address
407# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
408
409# The largest allowed URL preview spidering size in bytes
410max_spider_size: "10M"
411
412
413
414
415## Captcha ##
416# See docs/CAPTCHA_SETUP for full details of configuring this.
417
418# This Home Server's ReCAPTCHA public key.
419#recaptcha_public_key: "YOUR_PUBLIC_KEY"
420
421# This Home Server's ReCAPTCHA private key.
422#recaptcha_private_key: "YOUR_PRIVATE_KEY"
423
424# Enables ReCaptcha checks when registering, preventing signup
425# unless a captcha is answered. Requires a valid ReCaptcha
426# public/private key.
427enable_registration_captcha: False
428
429# A secret key used to bypass the captcha test entirely.
430#captcha_bypass_secret: "YOUR_SECRET_HERE"
431
432# The API endpoint to use for verifying m.login.recaptcha responses.
433recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
434
435
436## Turn ##
437
438# The public URIs of the TURN server to give to clients
439#turn_uris: []
440
441# The shared secret used to compute passwords for the TURN server
442#turn_shared_secret: "YOUR_SHARED_SECRET"
443
444# The Username and password if the TURN server needs them and
445# does not use a token
446#turn_username: "TURNSERVER_USERNAME"
447#turn_password: "TURNSERVER_PASSWORD"
448
449# How long generated TURN credentials last
450#turn_user_lifetime: "1h"
451
452# Whether guests should be allowed to use the TURN server.
453# This defaults to True, otherwise VoIP will be unreliable for guests.
454# However, it does introduce a slight security risk as it allows users to
455# connect to arbitrary endpoints without having first signed up for a
456# valid account (e.g. by passing a CAPTCHA).
457#turn_allow_guests: False
458
459
460## Registration ##
461
462# Enable registration for new users.
463enable_registration: False
464
465# The user must provide all of the below types of 3PID when registering.
466#
467# registrations_require_3pid:
468# - email
469# - msisdn
470
471# Mandate that users are only allowed to associate certain formats of
472# 3PIDs with accounts on this server.
473#
474# allowed_local_3pids:
475# - medium: email
476# pattern: ".*@matrix\.org"
477# - medium: email
478# pattern: ".*@vector\.im"
479# - medium: msisdn
480# pattern: "\+44"
481
482# If set, allows registration by anyone who also has the shared
483# secret, even if registration is otherwise disabled.
484registration_shared_secret: "j5OSiVpUpSWuA94pCKufnTqvOqpr8qz5"
485
486# Set the number of bcrypt rounds used to generate password hash.
487# Larger numbers increase the work factor needed to generate the hash.
488# The default number is 12 (which equates to 2^12 rounds).
489# N.B. that increasing this will exponentially increase the time required
490# to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
491bcrypt_rounds: 12
492
493# Allows users to register as guests without a password/email/etc, and
494# participate in rooms hosted on this server which have been made
495# accessible to anonymous users.
496allow_guest_access: False
497
498# The list of identity servers trusted to verify third party
499# identifiers by this server.
500#
501# Also defines the ID server which will be called when an account is
502# deactivated (one will be picked arbitrarily).
503#
504# Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity
505# server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a
506# background migration script, informing itself that the identity server all of its
507# 3PIDs have been bound to is likely one of the below.
508#
509# As of Synapse v1.4.0, all other functionality of this option has been deprecated, and
510# it is now solely used for the purposes of the background migration script, and can be
511# removed once it has run.
512trusted_third_party_id_servers:
513 - matrix.org
514 - vector.im
515 - riot.im
516
517# Users who register on this homeserver will automatically be joined
518# to these rooms
519#auto_join_rooms:
520# - "#example:example.com"
521
522
523## Metrics ###
524
525# Enable collection and rendering of performance metrics
526enable_metrics: False
527
528## API Configuration ##
529
530# A list of event types that will be included in the room_invite_state
531room_invite_state_types:
532 - "m.room.join_rules"
533 - "m.room.canonical_alias"
534 - "m.room.avatar"
535 - "m.room.name"
536
537
538# A list of application service config file to use
539app_service_config_files: []
540
541
542# macaroon_secret_key: <PRIVATE STRING>
543
544# Used to enable access token expiration.
545expire_access_token: False
546
547## Signing Keys ##
548
549# Path to the signing key to sign messages with
550signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
551
552# The keys that the server used to sign messages with but won't use
553# to sign new messages. E.g. it has lost its private key
554old_signing_keys: {}
555# "ed25519:auto":
556# # Base64 encoded public key
557# key: "The public part of your old signing key."
558# # Millisecond POSIX timestamp when the key expired.
559# expired_ts: 123456789123
560
561# How long key response published by this server is valid for.
562# Used to set the valid_until_ts in /key/v2 APIs.
563# Determines how quickly servers will query to check which keys
564# are still valid.
565key_refresh_interval: "1d" # 1 Day.
566
567# The trusted servers to download signing keys from.
568#
569# When we need to fetch a signing key, each server is tried in parallel.
570#
571# Normally, the connection to the key server is validated via TLS certificates.
572# Additional security can be provided by configuring a `verify key`, which
573# will make synapse check that the response is signed by that key.
574#
575# This setting supercedes an older setting named `perspectives`. The old format
576# is still supported for backwards-compatibility, but it is deprecated.
577#
578# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
579# warning on start-up. To suppress this warning, set
580# 'suppress_key_server_warning' to true.
581#
582# Options for each entry in the list include:
583#
584# server_name: the name of the server. required.
585#
586# verify_keys: an optional map from key id to base64-encoded public key.
587# If specified, we will check that the response is signed by at least
588# one of the given keys.
589#
590# accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
591# and federation_verify_certificates is not `true`, synapse will refuse
592# to start, because this would allow anyone who can spoof DNS responses
593# to masquerade as the trusted key server. If you know what you are doing
594# and are sure that your network environment provides a secure connection
595# to the key server, you can set this to `true` to override this
596# behaviour.
597#
598# An example configuration might look like:
599#
600#trusted_key_servers:
601# - server_name: "my_trusted_server.example.com"
602# verify_keys:
603# "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
604# - server_name: "my_other_trusted_server.example.com"
605#
606trusted_key_servers:
607 - server_name: "matrix.org"
608
609# Uncomment the following to disable the warning that is emitted when the
610# trusted_key_servers include 'matrix.org'. See above.
611#
612#suppress_key_server_warning: true
613
614# The signing keys to use when acting as a trusted key server. If not specified
615# defaults to the server signing key.
616#
617# Can contain multiple keys, one per line.
618#
619#key_server_signing_keys_path: "key_server_signing_keys.key"
620
621
622# Enable SAML2 for registration and login. Uses pysaml2.
623#
624# At least one of `sp_config` or `config_path` must be set in this section to
625# enable SAML login.
626#
627# (You will probably also want to set the following options to `false` to
628# disable the regular login/registration flows:
629# * enable_registration
630# * password_config.enabled
631#
632# Once SAML support is enabled, a metadata file will be exposed at
633# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
634# use to configure your SAML IdP with. Alternatively, you can manually configure
635# the IdP to use an ACS location of
636# https://<server>:<port>/_matrix/saml2/authn_response.
637#
638saml2_config:
639 # `sp_config` is the configuration for the pysaml2 Service Provider.
640 # See pysaml2 docs for format of config.
641 #
642 # Default values will be used for the 'entityid' and 'service' settings,
643 # so it is not normally necessary to specify them unless you need to
644 # override them.
645 #
646 #sp_config:
647 # # point this to the IdP's metadata. You can use either a local file or
648 # # (preferably) a URL.
649 # metadata:
650 # #local: ["saml2/idp.xml"]
651 # remote:
652 # - url: https://our_idp/metadata.xml
653 #
654 # # By default, the user has to go to our login page first. If you'd like
655 # # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
656 # # 'service.sp' section:
657 # #
658 # #service:
659 # # sp:
660 # # allow_unsolicited: true
661 #
662 # # The examples below are just used to generate our metadata xml, and you
663 # # may well not need them, depending on your setup. Alternatively you
664 # # may need a whole lot more detail - see the pysaml2 docs!
665 #
666 # description: ["My awesome SP", "en"]
667 # name: ["Test SP", "en"]
668 #
669 # organization:
670 # name: Example com
671 # display_name:
672 # - ["Example co", "en"]
673 # url: "http://example.com"
674 #
675 # contact_person:
676 # - given_name: Bob
677 # sur_name: "the Sysadmin"
678 # email_address": ["admin@example.com"]
679 # contact_type": technical
680
681 # Instead of putting the config inline as above, you can specify a
682 # separate pysaml2 configuration file:
683 #
684 #config_path: "CONFDIR/sp_conf.py"
685
686 # the lifetime of a SAML session. This defines how long a user has to
687 # complete the authentication process, if allow_unsolicited is unset.
688 # The default is 5 minutes.
689 #
690 #saml_session_lifetime: 5m
691
692 # The SAML attribute (after mapping via the attribute maps) to use to derive
693 # the Matrix ID from. 'uid' by default.
694 #
695 #mxid_source_attribute: displayName
696
697 # The mapping system to use for mapping the saml attribute onto a matrix ID.
698 # Options include:
699 # * 'hexencode' (which maps unpermitted characters to '=xx')
700 # * 'dotreplace' (which replaces unpermitted characters with '.').
701 # The default is 'hexencode'.
702 #
703 #mxid_mapping: dotreplace
704
705 # In previous versions of synapse, the mapping from SAML attribute to MXID was
706 # always calculated dynamically rather than stored in a table. For backwards-
707 # compatibility, we will look for user_ids matching such a pattern before
708 # creating a new account.
709 #
710 # This setting controls the SAML attribute which will be used for this
711 # backwards-compatibility lookup. Typically it should be 'uid', but if the
712 # attribute maps are changed, it may be necessary to change it.
713 #
714 # The default is 'uid'.
715 #
716 #grandfathered_mxid_source_attribute: upn
717
718
719
720# Enable CAS for registration and login.
721#cas_config:
722# enabled: true
723# server_url: "https://cas-server.com"
724# service_url: "https://homeserver.domain.com:8448"
725# #required_attributes:
726# # name: value
727
728
729# The JWT needs to contain a globally unique "sub" (subject) claim.
730#
731# jwt_config:
732# enabled: true
733# secret: "a secret"
734# algorithm: "HS256"
735
736
737
738# Enable password for login.
739password_config:
740 enabled: true
741 # Uncomment and change to a secret random string for extra security.
742 # DO NOT CHANGE THIS AFTER INITIAL SETUP!
743 #pepper: ""
744
745
746
747# Enable sending emails for notification events
748# Defining a custom URL for Riot is only needed if email notifications
749# should contain links to a self-hosted installation of Riot; when set
750# the "app_name" setting is ignored.
751#
752# If your SMTP server requires authentication, the optional smtp_user &
753# smtp_pass variables should be used
754#
755#email:
756# enable_notifs: false
757# smtp_host: "localhost"
758# smtp_port: 25
759# smtp_user: "exampleusername"
760# smtp_pass: "examplepassword"
761# require_transport_security: False
762# notif_from: "Your Friendly %(app)s Home Server <noreply@example.com>"
763# app_name: Matrix
764# template_dir: res/templates
765# notif_template_html: notif_mail.html
766# notif_template_text: notif_mail.txt
767# notif_for_new_users: True
768# riot_base_url: "http://localhost/riot"
769
770
771# password_providers:
772# - module: "ldap_auth_provider.LdapAuthProvider"
773# config:
774# enabled: true
775# uri: "ldap://ldap.example.com:389"
776# start_tls: true
777# base: "ou=users,dc=example,dc=com"
778# attributes:
779# uid: "cn"
780# mail: "email"
781# name: "givenName"
782# #bind_dn:
783# #bind_password:
784# #filter: "(objectClass=posixAccount)"
785
786
787
788# Clients requesting push notifications can either have the body of
789# the message sent in the notification poke along with other details
790# like the sender, or just the event ID and room ID (`event_id_only`).
791# If clients choose the former, this option controls whether the
792# notification request includes the content of the event (other details
793# like the sender are still included). For `event_id_only` push, it
794# has no effect.
795
796# For modern android devices the notification content will still appear
797# because it is loaded by the app. iPhone, however will send a
798# notification saying only that a message arrived and who it came from.
799#
800#push:
801# include_content: true
802
803
804# spam_checker:
805# module: "my_custom_project.SuperSpamChecker"
806# config:
807# example_option: 'things'
808
809
810# Whether to allow non server admins to create groups on this server
811enable_group_creation: false
812
813# If enabled, non server admins can only create groups with local parts
814# starting with this prefix
815# group_creation_prefix: "unofficial/"
816
817
818
819# User Directory configuration
820#
821# 'search_all_users' defines whether to search all users visible to your HS
822# when searching the user directory, rather than limiting to users visible
823# in public rooms. Defaults to false. If you set it True, you'll have to run
824# UPDATE user_directory_stream_pos SET stream_id = NULL;
825# on your database to tell it to rebuild the user_directory search indexes.
826#
827#user_directory:
828# search_all_users: false
829