overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2302 Commits
14 Branches
106 MiB
 
 
Tree: a49dab76f8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a49dab76f8'
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-synapse/defaults/main.yml

487 lines
23 KiB
Raw Blame History 

  1. # Synapse is a Matrix homeserver

  2. # See: https://github.com/matrix-org/synapse

  3. 

  4. matrix_synapse_enabled: true

  5. 

  6. matrix_synapse_container_image_self_build: false

  7. matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git"

  8. 

  9. matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"

  10. matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else 'docker.io/' }}"

  11. # The if statement below may look silly at times (leading to the same version being returned),

  12. # but ARM-compatible container images are only released 1-7 hours after a release,

  13. # so we may often be on different versions for different architectures when new Synapse releases come out.

  14. matrix_synapse_docker_image_tag: "{{ 'v1.25.0' if matrix_architecture == 'amd64' else 'v1.25.0' }}"

  15. matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

  16. 

  17. matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"

  18. matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src"

  19. matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"

  20. matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"

  21. matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"

  22. matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"

  23. 

  24. # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container).

  25. #

  26. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.

  27. matrix_synapse_container_client_api_host_bind_port: ''

  28. 

  29. # Controls whether the matrix-synapse container exposes the plain (unencrypted) Server/Server (Federation) API port (tcp/8048 in the container).

  30. #

  31. # Takes effect only if federation is enabled (matrix_synapse_federation_enabled).

  32. #

  33. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.

  34. matrix_synapse_container_federation_api_plain_host_bind_port: ''

  35. 

  36. # Controls whether the matrix-synapse container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container).

  37. #

  38. # Takes effect only if federation is enabled (matrix_synapse_federation_enabled)

  39. # and TLS support is enabled (matrix_synapse_tls_federation_listener_enabled).

  40. #

  41. # Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose.

  42. matrix_synapse_container_federation_api_tls_host_bind_port: ''

  43. 

  44. # Controls whether the matrix-synapse container exposes the metrics port (tcp/9100 in the container).

  45. #

  46. # Takes effect only if metrics are enabled (matrix_synapse_metrics_enabled).

  47. #

  48. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.

  49. matrix_synapse_container_metrics_api_host_bind_port: ''

  50. 

  51. # Controls whether the matrix-synapse container exposes the manhole port (tcp/9000 in the container).

  52. #

  53. # Takes effect only if the manhole is enabled (matrix_synapse_manhole_enabled).

  54. #

  55. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.

  56. matrix_synapse_container_manhole_api_host_bind_port: ''

  57. 

  58. # A list of extra arguments to pass to the container

  59. matrix_synapse_container_extra_arguments: []

  60. 

  61. # List of systemd services that matrix-synapse.service depends on

  62. matrix_synapse_systemd_required_services_list: ['docker.service']

  63. 

  64. # List of systemd services that matrix-synapse.service wants

  65. matrix_synapse_systemd_wanted_services_list: []

  66. 

  67. matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.8/site-packages"

  68. 

  69. # Specifies which template files to use when configuring Synapse.

  70. # If you'd like to have your own different configuration, feel free to copy and paste

  71. # the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)

  72. # and then change the specific host's `vars.yaml` file like this:

  73. # matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"

  74. matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"

  75. matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"

  76. 

  77. matrix_synapse_macaroon_secret_key: ""

  78. matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"

  79. matrix_synapse_allow_guest_access: false

  80. matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"

  81. 

  82. matrix_synapse_max_upload_size_mb: 50

  83. 

  84. # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.

  85. matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}"

  86. 

  87. # Log levels

  88. # Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels

  89. # warning: setting log level to DEBUG will make synapse log sensitive information such

  90. # as access tokens.

  91. #

  92. # Increasing verbosity may lead to an excessive amount of log messages being generated,

  93. # some of which may get dropped by systemd-journald on certain distributions (like CentOS 7).

  94. # You can work around it by adding `RateLimitInterval=0` and `RateLimitBurst=0` under `[Storage]` in

  95. # `/etc/systemd/journald.conf` and restarting the logging service (`systemctl restart systemd-journald`).

  96. matrix_synapse_log_level: "WARNING"

  97. matrix_synapse_storage_sql_log_level: "WARNING"

  98. matrix_synapse_root_log_level: "WARNING"

  99. 

  100. # Rate limits

  101. matrix_synapse_rc_message:

  102.   per_second: 0.2

  103.   burst_count: 10

  104. 

  105. matrix_synapse_rc_registration:

  106.   per_second: 0.17

  107.   burst_count: 3

  108. 

  109. matrix_synapse_rc_login:

  110.   address:

  111.     per_second: 0.17

  112.     burst_count: 3

  113.   account:

  114.     per_second: 0.17

  115.     burst_count: 3

  116.   failed_attempts:

  117.     per_second: 0.17

  118.     burst_count: 3

  119. 

  120. matrix_synapse_rc_admin_redaction:

  121.   per_second: 1

  122.   burst_count: 50

  123. 

  124. matrix_synapse_rc_joins:

  125.   local:

  126.     per_second: 0.1

  127.     burst_count: 3

  128.   remote:

  129.     per_second: 0.01

  130.     burst_count: 3

  131. 

  132. matrix_synapse_rc_federation:

  133.   window_size: 1000

  134.   sleep_limit: 10

  135.   sleep_delay: 500

  136.   reject_limit: 50

  137.   concurrent: 3

  138. 

  139. matrix_synapse_federation_rr_transactions_per_room_per_second: 50

  140. 

  141. # Controls whether the TLS federation listener is enabled (tcp/8448).

  142. # Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`).

  143. # Note that federation may potentially be enabled as non-TLS on tcp/8048 as well.

  144. # If you're serving Synapse behind an HTTPS-capable reverse-proxy,

  145. # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).

  146. matrix_synapse_tls_federation_listener_enabled: true

  147. matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"

  148. matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"

  149. 

  150. # Resource names used by the unsecure HTTP listener. Here only the Client API

  151. # is defined, see the homeserver config for a full list of valid resource

  152. # names.

  153. matrix_synapse_http_listener_resource_names: ["client"]

  154. 

  155. # Resources served on Synapse's federation port.

  156. # When disabling federation, we may wish to serve the `openid` resource here,

  157. # so that services like Dimension and ma1sd can work.

  158. matrix_synapse_federation_listener_resource_names: "{{ ['federation'] if matrix_synapse_federation_enabled else (['openid'] if matrix_synapse_federation_port_openid_resource_required else []) }}"

  159. 

  160. # Enable this to allow Synapse to report utilization statistics about your server to matrix.org

  161. # (things like number of users, number of messages sent, uptime, load, etc.)

  162. matrix_synapse_report_stats: false

  163. 

  164. # Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.

  165. # If users participate in large rooms with many other servers,

  166. # disabling this will decrease server load significantly.

  167. matrix_synapse_use_presence: true

  168. 

  169. # Controls whether accessing the server's public rooms directory can be done without authentication.

  170. # For private servers, you most likely wish to require authentication,

  171. # unless you know what list of rooms you're publishing to the world and explicitly want to do it.

  172. matrix_synapse_allow_public_rooms_without_auth: false

  173. 

  174. # Controls whether remote servers can fetch this server's public rooms directory via federation.

  175. # For private servers, you most likely wish to forbid it.

  176. matrix_synapse_allow_public_rooms_over_federation: false

  177. 

  178. # Controls whether people with access to the homeserver can register by themselves.

  179. matrix_synapse_enable_registration: false

  180. 

  181. # reCAPTCHA API for validating registration attempts

  182. matrix_synapse_enable_registration_captcha: false

  183. matrix_synapse_recaptcha_public_key: ''

  184. matrix_synapse_recaptcha_private_key: ''

  185. 

  186. # Allows non-server-admin users to create groups on this server

  187. matrix_synapse_enable_group_creation: false

  188. 

  189. # A list of 3PID types which users must supply when registering (possible values: email, msisdn).

  190. matrix_synapse_registrations_require_3pid: []

  191. 

  192. # A list of patterns 3pids must match in order to permit registration, e.g.:

  193. #  - medium: email

  194. #    pattern: '.*@example\.com'

  195. #  - medium: msisdn

  196. #    pattern: '\+44'

  197. matrix_synapse_allowed_local_3pids: []

  198. 

  199. # The server to use for email threepid validation. When empty, Synapse does it by itself.

  200. # Otherwise, this should be pointed to an identity server.

  201. matrix_synapse_account_threepid_delegates_email: ''

  202. 

  203. # The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it.

  204. # To make it work, this should be pointed to an identity server.

  205. matrix_synapse_account_threepid_delegates_msisdn: ''

  206. 

  207. # Users who register on this homeserver will automatically be joined to these rooms.

  208. # Rooms are to be specified using addresses (e.g. `#address:example.com`)

  209. matrix_synapse_auto_join_rooms: []

  210. 

  211. # Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created

  212. # automatically if they don't already exist.

  213. matrix_synapse_autocreate_auto_join_rooms: true

  214. 

  215. # Controls password-peppering for Synapse. Not to be changed after initial setup.

  216. matrix_synapse_password_config_pepper: ""

  217. 

  218. # Controls if Synapse allows people to authenticate against its local database.

  219. # It may be useful to disable this if you've configured additional password providers

  220. # and only wish authentication to happen through them.

  221. matrix_synapse_password_config_localdb_enabled: true

  222. 

  223. # Controls the number of events that Synapse caches in memory.

  224. matrix_synapse_event_cache_size: "100K"

  225. 

  226. # Controls cache sizes for Synapse.

  227. # Raise this to increase cache sizes or lower it to potentially lower memory use.

  228. # To learn more, see:

  229. # - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram

  230. # - https://github.com/matrix-org/synapse/issues/3939

  231. matrix_synapse_caches_global_factor: 0.5

  232. 

  233. # Controls whether Synapse will federate at all.

  234. # Disable this to completely isolate your server from the rest of the Matrix network.

  235. #

  236. # Disabling this still keeps the federation port exposed, because it may be used for other services (`openid`).

  237. #

  238. # Also see:

  239. # - `matrix_synapse_tls_federation_listener_enabled` if you wish to keep federation enabled,

  240. # but want to stop the TLS listener (port 8448).

  241. # - `matrix_synapse_federation_port_enabled` to avoid exposing the federation ports

  242. matrix_synapse_federation_enabled: true

  243. 

  244. # Controls whether the federation ports are used at all.

  245. # One may wish to disable federation (`matrix_synapse_federation_enabled: true`),

  246. # but still run other resources (like `openid`) on the federation port

  247. # by enabling them in `matrix_synapse_federation_listener_resource_names`.

  248. matrix_synapse_federation_port_enabled: "{{ matrix_synapse_federation_enabled or matrix_synapse_federation_port_openid_resource_required }}"

  249. 

  250. # Controls whether an `openid` listener is to be enabled. Useful when disabling federation,

  251. # but needing the `openid` APIs for Dimension or an identity server like ma1sd.

  252. matrix_synapse_federation_port_openid_resource_required: false

  253. 

  254. # A list of domain names that are allowed to federate with the given Synapse server.

  255. # An empty list value (`[]`) will also effectively stop federation, but if that's the desired

  256. # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.

  257. matrix_synapse_federation_domain_whitelist: ~

  258. 

  259. # A list of additional "volumes" to mount in the container.

  260. # This list gets populated dynamically based on Synapse extensions that have been enabled.

  261. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}

  262. #

  263. # Note: internally, this uses the `-v` flag for mounting the specified volumes.

  264. # It's better (safer) to use the `--mount` flag for mounting volumes.

  265. # To use `--mount`, specify it in `matrix_synapse_container_extra_arguments`.

  266. # Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']

  267. matrix_synapse_container_additional_volumes: []

  268. 

  269. # A list of additional loggers to register in synapse.log.config.

  270. # This list gets populated dynamically based on Synapse extensions that have been enabled.

  271. # Contains definition objects like this: `{"name": "..", "level": "DEBUG"}

  272. matrix_synapse_additional_loggers: []

  273. 

  274. # A list of appservice config files (in-container filesystem paths).

  275. # This list gets populated dynamically based on Synapse extensions that have been enabled.

  276. # You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.

  277. matrix_synapse_app_service_config_files: []

  278. 

  279. # This is set dynamically during execution depending on whether

  280. # any password providers have been enabled or not.

  281. matrix_synapse_password_providers_enabled: false

  282. 

  283. # Whether clients can request to include message content in push notifications

  284. # sent through third party servers. Setting this to false requires mobile clients

  285. # to load message content directly from the homeserver.

  286. matrix_synapse_push_include_content: true

  287. 

  288. # If url previews should be generated. This will cause a request from Synapse to

  289. # URLs shared by users.

  290. matrix_synapse_url_preview_enabled: true

  291. 

  292. # Enable exposure of metrics to Prometheus

  293. # See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md

  294. matrix_synapse_metrics_enabled: false

  295. matrix_synapse_metrics_port: 9100

  296. 

  297. # Enable the Synapse manhole

  298. # See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md

  299. matrix_synapse_manhole_enabled: false

  300. 

  301. # Enable support for Synapse workers

  302. matrix_synapse_workers_enabled: false

  303. 

  304. 

  305. # Controls whether the matrix-synapse container exposes the various worker ports

  306. # (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container.

  307. #

  308. # Takes an "<ip>" value (e.g. "127.0.0.1", "0.0.0.0", etc), or empty string to not expose.

  309. # It takes "*" to signify "bind on all interfaces" ("0.0.0.0" is IPv4-only).

  310. matrix_synapse_workers_container_host_bind_address: ''

  311. 

  312. # Default list of workers to spawn (order in accord to docs)

  313. # - no endpoints / doesn't need port mapping if port ends on 0

  314. # - single-instance-only if 2nd last digit of port number is 0

  315. matrix_synapse_workers_enabled_list:

  316.   - { type: generic_worker, port: 18111, metrics_port: 19111 }

  317.   - { type: generic_worker, port: 18112, metrics_port: 19112 }

  318.   - { type: generic_worker, port: 18113, metrics_port: 19113 }

  319.   - { type: generic_worker, port: 18114, metrics_port: 19114 }

  320.   - { type: generic_worker, port: 18115, metrics_port: 19115 }

  321.   - { type: generic_worker, port: 18116, metrics_port: 19116 }

  322.   - { type: pusher, port: 00, metrics_port: 19200 }

  323.   - { type: appservice, port: 00, metrics_port: 19300 }

  324.   - { type: federation_sender, port: 0, metrics_port: 19400 }

  325.   - { type: media_repository, port: 18551, metrics_port: 19551 }

  326. # disable until https://github.com/matrix-org/synapse/issues/8787 resolved

  327. # - { type: user_dir, port: 18661, metrics_port: 19661 }

  328.   - { type: frontend_proxy, port: 18771, metrics_port: 19771 }

  329. 

  330. # Redis information

  331. matrix_synapse_redis_enabled: false

  332. matrix_synapse_redis_host: ""

  333. matrix_synapse_redis_port: 6379

  334. matrix_synapse_redis_password: ""

  335. 

  336. # Controls whether Synapse starts a replication listener necessary for workers.

  337. #

  338. # If Redis is available, we prefer to use that, instead of talking over Synapse's custom replication protocol.

  339. #

  340. # matrix_synapse_replication_listener_enabled: "{{ matrix_synapse_workers_enabled and not matrix_redis_enabled }}"

  341. # We force-enable this listener for now until we debug why communication via Redis fails.

  342. matrix_synapse_replication_listener_enabled: true

  343. 

  344. # Port used for communication between main synapse process and workers.

  345. # Only gets used if `matrix_synapse_replication_listener_enabled: true`

  346. matrix_synapse_replication_http_port: 9093

  347. 

  348. # Send ERROR logs to sentry.io for easier tracking

  349. # To set this up: go to sentry.io, create a python project, and set

  350. # matrix_synapse_sentry_dsn to the URL it gives you.

  351. # See https://github.com/matrix-org/synapse/issues/4632 for important privacy concerns

  352. matrix_synapse_sentry_dsn: ""

  353. 

  354. # Postgres database information

  355. matrix_synapse_database_host: "matrix-postgres"

  356. matrix_synapse_database_user: "synapse"

  357. matrix_synapse_database_password: ""

  358. matrix_synapse_database_database: "synapse"

  359. 

  360. matrix_synapse_turn_uris: []

  361. matrix_synapse_turn_shared_secret: ""

  362. matrix_synapse_turn_allow_guests: False

  363. 

  364. matrix_synapse_email_enabled: false

  365. matrix_synapse_email_smtp_host: ""

  366. matrix_synapse_email_smtp_port: 587

  367. matrix_synapse_email_smtp_require_transport_security: false

  368. matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"

  369. matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"

  370. 

  371. 

  372. # Enable this to activate the REST auth password provider module.

  373. # See: https://github.com/ma1uta/matrix-synapse-rest-password-provider

  374. matrix_synapse_ext_password_provider_rest_auth_enabled: false

  375. matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/ma1uta/matrix-synapse-rest-password-provider/ed377fb70513c2e51b42055eb364195af1ccaf33/rest_auth_provider.py"

  376. matrix_synapse_ext_password_provider_rest_auth_endpoint: ""

  377. matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false

  378. matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true

  379. matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false

  380. 

  381. # Enable this to activate the Shared Secret Auth password provider module.

  382. # See: https://github.com/devture/matrix-synapse-shared-secret-auth

  383. matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false

  384. matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"

  385. matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""

  386. 

  387. # Enable this to activate LDAP password provider

  388. matrix_synapse_ext_password_provider_ldap_enabled: false

  389. matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"

  390. matrix_synapse_ext_password_provider_ldap_start_tls: true

  391. matrix_synapse_ext_password_provider_ldap_base: ""

  392. matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"

  393. matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"

  394. matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"

  395. matrix_synapse_ext_password_provider_ldap_bind_dn: ""

  396. matrix_synapse_ext_password_provider_ldap_bind_password: ""

  397. matrix_synapse_ext_password_provider_ldap_filter: ""

  398. 

  399. # Enable this to activate the Synapse Antispam spam-checker module.

  400. # See: https://github.com/t2bot/synapse-simple-antispam

  401. matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false

  402. matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam"

  403. matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "f058d9ce2c7d4195ae461dcdd02df11a2d06a36b"

  404. matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: []

  405. 

  406. matrix_s3_media_store_enabled: false

  407. matrix_s3_media_store_custom_endpoint_enabled: false

  408. matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"

  409. matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}"

  410. matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"

  411. matrix_s3_media_store_bucket_name: "your-bucket-name"

  412. matrix_s3_media_store_aws_access_key: "your-aws-access-key"

  413. matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"

  414. matrix_s3_media_store_region: "eu-central-1"

  415. 

  416. # Controls whether the self-check feature should validate SSL certificates.

  417. matrix_synapse_self_check_validate_certificates: true

  418. 

  419. # Controls whether searching the public room list is enabled.

  420. matrix_synapse_enable_room_list_search: true

  421. 

  422. # Controls who's allowed to create aliases on this server.

  423. matrix_synapse_alias_creation_rules:

  424.   - user_id: "*"

  425.     alias: "*"

  426.     room_id: "*"

  427.     action: allow

  428. 

  429. # Controls who can publish and which rooms can be published in the public room list.

  430. matrix_synapse_room_list_publication_rules:

  431.   - user_id: "*"

  432.     alias: "*"

  433.     room_id: "*"

  434.     action: allow

  435. 

  436. matrix_synapse_default_room_version: "6"

  437. 

  438. # Controls the Synapse `spam_checker` setting.

  439. #

  440. # If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.

  441. # If not, you can also control its value manually.

  442. matrix_synapse_spam_checker: []

  443. 

  444. matrix_synapse_trusted_key_servers:

  445.   - server_name: "matrix.org"

  446. 

  447. matrix_synapse_redaction_retention_period: 7d

  448. 

  449. matrix_synapse_user_ips_max_age: 28d

  450. 

  451. 

  452. matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-compress-state:v0.1.0"

  453. matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"

  454. 

  455. matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"

  456. 

  457. 

  458. # Default Synapse configuration template which covers the generic use case.

  459. # You can customize it by controlling the various variables inside it.

  460. #

  461. # For a more advanced customization, you can extend the default (see `matrix_synapse_configuration_extension_yaml`)

  462. # or completely replace this variable with your own template.

  463. matrix_synapse_configuration_yaml: "{{ lookup('template', 'templates/synapse/homeserver.yaml.j2') }}"

  464. 

  465. matrix_synapse_configuration_extension_yaml: |

  466.   # Your custom YAML configuration for Synapse goes here.

  467.   # This configuration extends the default starting configuration (`matrix_synapse_configuration_yaml`).

  468.   #

  469.   # You can override individual variables from the default configuration, or introduce new ones.

  470.   #

  471.   # If you need something more special, you can take full control by

  472.   # completely redefining `matrix_synapse_configuration_yaml`.

  473.   #

  474.   # Example configuration extension follows:

  475.   #

  476.   # server_notices:

  477.   #   system_mxid_localpart: notices

  478.   #   system_mxid_display_name: "Server Notices"

  479.   #   system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"

  480.   #   room_name: "Server Notices"

  481. 

  482. matrix_synapse_configuration_extension: "{{ matrix_synapse_configuration_extension_yaml|from_yaml if matrix_synapse_configuration_extension_yaml|from_yaml is mapping else {} }}"

  483. 

  484. # Holds the final Synapse configuration (a combination of the default and its extension).

  485. # You most likely don't need to touch this variable. Instead, see `matrix_synapse_configuration_yaml`.

  486. matrix_synapse_configuration: "{{ matrix_synapse_configuration_yaml|from_yaml|combine(matrix_synapse_configuration_extension, recursive=True) }}"