overmind
/
matrix-docker-ansible-deploy
espelho de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Derivar 0
Código Questões 0 Lançamentos 0 Wiki Trabalho
Matrix Docker Ansible eploy
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
3613 Cometimentos
13 Ramos
950 MiB
 
 
Árvore: fc62537fcf
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de 'fc62537fcf'
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2

343 linhas
12 KiB
Em bruto Responsabilidade Histórico 

  1. # This is the Dendrite configuration file.

  2. #

  3. # The configuration is split up into sections - each Dendrite component has a

  4. # configuration section, in addition to the "global" section which applies to

  5. # all components.

  6. #

  7. # At a minimum, to get started, you will need to update the settings in the

  8. # "global" section for your deployment, and you will need to check that the

  9. # database "connection_string" line in each component section is correct. 

  10. #

  11. # Each component with a "database" section can accept the following formats

  12. # for "connection_string":

  13. #   SQLite:     file:filename.db

  14. #               file:///path/to/filename.db

  15. #   PostgreSQL: postgresql://user:pass@hostname/database?params=...

  16. #

  17. # SQLite is embedded into Dendrite and therefore no further prerequisites are

  18. # needed for the database when using SQLite mode. However, performance with

  19. # PostgreSQL is significantly better and recommended for multi-user deployments.

  20. # SQLite is typically around 20-30% slower than PostgreSQL when tested with a

  21. # small number of users and likely will perform worse still with a higher volume

  22. # of users.

  23. #

  24. # The "max_open_conns" and "max_idle_conns" settings configure the maximum 

  25. # number of open/idle database connections. The value 0 will use the database

  26. # engine default, and a negative value will use unlimited connections. The

  27. # "conn_max_lifetime" option controls the maximum length of time a database

  28. # connection can be idle in seconds - a negative value is unlimited.

  29. 

  30. # The version of the configuration file. 

  31. version: 1

  32. 

  33. # Global Matrix configuration. This configuration applies to all components.

  34. global:

  35.   # The domain name of this homeserver.

  36.   server_name: {{ matrix_domain }}

  37. 

  38.   # The path to the signing private key file, used to sign requests and events.

  39.   private_key: "/data/{{ matrix_server_fqn_matrix }}.signing.pem"

  40. 

  41.   # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)

  42.   # to old signing private keys that were formerly in use on this domain. These

  43.   # keys will not be used for federation request or event signing, but will be

  44.   # provided to any other homeserver that asks when trying to verify old events.

  45.   # old_private_keys:

  46.   # - private_key: old_matrix_key.pem

  47.   #   expired_at: 1601024554498

  48. 

  49.   # How long a remote server can cache our server signing key before requesting it

  50.   # again. Increasing this number will reduce the number of requests made by other

  51.   # servers for our key but increases the period that a compromised key will be

  52.   # considered valid by other homeservers.

  53.   key_validity_period: 168h0m0s

  54. 

  55.   # Lists of domains that the server will trust as identity servers to verify third

  56.   # party identifiers such as phone numbers and email addresses.

  57.   trusted_third_party_id_servers: {{ matrix_dendrite_trusted_id_servers|to_json }}

  58. 

  59.   # Configuration for Kafka/Naffka.

  60.   kafka:

  61.     # List of Kafka broker addresses to connect to. This is not needed if using

  62.     # Naffka in monolith mode.

  63.     addresses:

  64.       - kafka:9092

  65. 

  66.     # The prefix to use for Kafka topic names for this homeserver. Change this only if

  67.     # you are running more than one Dendrite homeserver on the same Kafka deployment.

  68.     topic_prefix: Dendrite

  69. 

  70.     # Whether to use Naffka instead of Kafka. This is only available in monolith

  71.     # mode, but means that you can run a single-process server without requiring

  72.     # Kafka.

  73.     use_naffka: true

  74. 

  75.     # Naffka database options. Not required when using Kafka.

  76.     naffka_database:

  77.       connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_naffka_database }}?sslmode=disable

  78.       max_open_conns: 10

  79.       max_idle_conns: 2

  80.       conn_max_lifetime: -1

  81. 

  82.   # Configuration for Prometheus metric collection.

  83.   metrics:

  84.     # Whether or not Prometheus metrics are enabled.

  85.     enabled: {{ matrix_dendrite_metrics_enabled }}

  86. 

  87.     # HTTP basic authentication to protect access to monitoring.

  88.     basic_auth:

  89.       username: {{ matrix_dendrite_metrics_username }}

  90.       password: {{ matrix_dendrite_metrics_password }}

  91. 

  92.   # DNS cache options. The DNS cache may reduce the load on DNS servers

  93.   # if there is no local caching resolver available for use.

  94.   dns_cache:

  95.     # Whether or not the DNS cache is enabled.

  96.     enabled: false

  97. 

  98.     # Maximum number of entries to hold in the DNS cache, and

  99.     # for how long those items should be considered valid in seconds.

  100.     cache_size: 256

  101.     cache_lifetime: 300

  102. 

  103. # Configuration for the Appservice API.

  104. app_service_api:

  105.   internal_api:

  106.     listen: http://0.0.0.0:7777

  107.     connect: http://appservice_api:7777

  108.   database:

  109.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_appservice_database }}?sslmode=disable

  110.     max_open_conns: 10

  111.     max_idle_conns: 2

  112.     conn_max_lifetime: -1

  113. 

  114.   # Appservice configuration files to load into this homeserver.

  115.   config_files: {{ matrix_dendrite_app_service_config_files|to_json }}

  116. 

  117. # Configuration for the Client API.

  118. client_api:

  119.   internal_api:

  120.     listen: http://0.0.0.0:7771

  121.     connect: http://client_api:7771

  122.   external_api:

  123.     listen: http://0.0.0.0:8071

  124. 

  125.   # Prevents new users from being able to register on this homeserver, except when

  126.   # using the registration shared secret below.

  127.   registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }}

  128. 

  129.   # If set, allows registration by anyone who knows the shared secret, regardless of

  130.   # whether registration is otherwise disabled.

  131.   registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }}

  132. 

  133.   # Whether to require reCAPTCHA for registration.

  134.   enable_registration_captcha: {{ matrix_dendrite_enable_registration_captcha|to_json }}

  135. 

  136.   # Settings for ReCAPTCHA. 

  137.   recaptcha_public_key: {{ matrix_dendrite_recaptcha_public_key|to_json }}

  138.   recaptcha_private_key: {{ matrix_dendrite_recaptcha_private_key|to_json }}

  139.   recaptcha_bypass_secret: ""

  140.   recaptcha_siteverify_api: ""

  141. 

  142.   # TURN server information that this homeserver should send to clients. 

  143.   turn:

  144.     turn_user_lifetime: ""

  145.     turn_uris: {{ matrix_dendrite_turn_uris|to_json }}

  146.     turn_shared_secret: {{ matrix_dendrite_turn_shared_secret|to_json }}

  147.     turn_username: ""

  148.     turn_password: ""

  149. 

  150.   # Settings for rate-limited endpoints. Rate limiting will kick in after the

  151.   # threshold number of "slots" have been taken by requests from a specific 

  152.   # host. Each "slot" will be released after the cooloff time in milliseconds.

  153.   rate_limiting:

  154.     enabled: {{ matrix_dendrite_rate_limiting_enabled|to_json }}

  155.     threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }}

  156.     cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }}

  157. 

  158. # Configuration for the EDU server.

  159. edu_server:

  160.   internal_api:

  161.     listen: http://0.0.0.0:7778

  162.     connect: http://edu_server:7778

  163. 

  164. # Configuration for the Federation API.

  165. federation_api:

  166.   internal_api:

  167.     listen: http://0.0.0.0:7772

  168.     connect: http://federation_api:7772

  169.   external_api:

  170.     listen: http://0.0.0.0:8072

  171. 

  172.   # List of paths to X.509 certificates to be used by the external federation listeners.

  173.   # These certificates will be used to calculate the TLS fingerprints and other servers

  174.   # will expect the certificate to match these fingerprints. Certificates must be in PEM

  175.   # format.

  176.   federation_certificates: []

  177. 

  178. # Configuration for the Federation Sender.

  179. federation_sender:

  180.   internal_api:

  181.     listen: http://0.0.0.0:7775

  182.     connect: http://federation_sender:7775

  183.   database:

  184.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationsender_database }}?sslmode=disable

  185.     max_open_conns: 10

  186.     max_idle_conns: 2

  187.     conn_max_lifetime: -1

  188. 

  189.   # How many times we will try to resend a failed transaction to a specific server. The

  190.   # backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc.

  191.   send_max_retries: 16

  192. 

  193.   # Disable the validation of TLS certificates of remote federated homeservers. Do not

  194.   # enable this option in production as it presents a security risk!

  195.   disable_tls_validation: {{ matrix_dendrite_disable_tls_validation }} 

  196. 

  197.   # Use the following proxy server for outbound federation traffic.

  198.   proxy_outbound:

  199.     enabled: false

  200.     protocol: http

  201.     host: localhost

  202.     port: 8080

  203. 

  204. # Configuration for the Key Server (for end-to-end encryption).

  205. key_server:

  206.   internal_api:

  207.     listen: http://0.0.0.0:7779

  208.     connect: http://key_server:7779

  209.   database:

  210.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_keyserver_database }}?sslmode=disable

  211.     max_open_conns: 10

  212.     max_idle_conns: 2

  213.     conn_max_lifetime: -1

  214. 

  215. # Configuration for the Media API.

  216. media_api:

  217.   internal_api:

  218.     listen: http://0.0.0.0:7774

  219.     connect: http://media_api:7774

  220.   external_api:

  221.     listen: http://0.0.0.0:8074

  222.   database:

  223.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_mediaapi_database }}?sslmode=disable

  224.     max_open_conns: 10

  225.     max_idle_conns: 2

  226.     conn_max_lifetime: -1

  227. 

  228.   # Storage path for uploaded media. May be relative or absolute.

  229.   base_path: "/matrix-media-store-parent/{{ matrix_dendrite_media_store_directory_name }}"

  230. 

  231.   # The maximum allowed file size (in bytes) for media uploads to this homeserver

  232.   # (0 = unlimited).

  233.   max_file_size_bytes: {{ matrix_dendrite_max_file_size_bytes }}

  234. 

  235.   # Whether to dynamically generate thumbnails if needed.

  236.   dynamic_thumbnails: false

  237. 

  238.   # The maximum number of simultaneous thumbnail generators to run.

  239.   max_thumbnail_generators: 10

  240. 

  241.   # A list of thumbnail sizes to be generated for media content.

  242.   thumbnail_sizes:

  243.   - width: 32

  244.     height: 32

  245.     method: crop

  246.   - width: 96

  247.     height: 96

  248.     method: crop

  249.   - width: 640

  250.     height: 480

  251.     method: scale

  252. 

  253. # Configuration for the Room Server.

  254. room_server:

  255.   internal_api:

  256.     listen: http://0.0.0.0:7770

  257.     connect: http://room_server:7770

  258.   database:

  259.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_room_database }}?sslmode=disable

  260.     max_open_conns: 10

  261.     max_idle_conns: 2

  262.     conn_max_lifetime: -1

  263. 

  264. # Configuration for the Server Key API (for server signing keys).

  265. signing_key_server:

  266.   internal_api:

  267.     listen: http://0.0.0.0:7780

  268.     connect: http://signing_key_server:7780

  269.   database:

  270.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_singingkeyserver_database }}?sslmode=disable

  271.     max_open_conns: 10

  272.     max_idle_conns: 2

  273.     conn_max_lifetime: -1

  274. 

  275.   # Perspective keyservers to use as a backup when direct key fetches fail. This may

  276.   # be required to satisfy key requests for servers that are no longer online when

  277.   # joining some rooms.

  278.   key_perspectives:

  279.   - server_name: matrix.org

  280.     keys:

  281.     - key_id: ed25519:auto

  282.       public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw

  283.     - key_id: ed25519:a_RXGa

  284.       public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ

  285.       

  286.   # This option will control whether Dendrite will prefer to look up keys directly

  287.   # or whether it should try perspective servers first, using direct fetches as a

  288.   # last resort.

  289.   prefer_direct_fetch: false

  290. 

  291. # Configuration for the Sync API.

  292. sync_api:

  293.   internal_api:

  294.     listen: http://0.0.0.0:7773

  295.     connect: http://sync_api:7773

  296.   external_api:

  297.       listen: http://0.0.0.0:8073

  298.   database:

  299.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable

  300.     max_open_conns: 10

  301.     max_idle_conns: 2

  302.     conn_max_lifetime: -1

  303. 

  304. # Configuration for the User API.

  305. user_api:

  306.   internal_api:

  307.     listen: http://0.0.0.0:7781

  308.     connect: http://user_api:7781

  309.   account_database:

  310.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_account_database }}?sslmode=disable

  311.     max_open_conns: 10

  312.     max_idle_conns: 2

  313.     conn_max_lifetime: -1

  314.   device_database:

  315.     connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_device_database }}?sslmode=disable

  316.     max_open_conns: 10

  317.     max_idle_conns: 2

  318.     conn_max_lifetime: -1

  319. 

  320. # Configuration for Opentracing.

  321. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on

  322. # how this works and how to set it up.

  323. tracing:

  324.   enabled: false

  325.   jaeger:

  326.     serviceName: ""

  327.     disabled: false

  328.     rpc_metrics: false

  329.     tags: []

  330.     sampler: null

  331.     reporter: null

  332.     headers: null

  333.     baggage_restrictions: null

  334.     throttler: null

  335. 

  336. # Logging configuration, in addition to the standard logging that is sent to

  337. # stdout by Dendrite.

  338. logging:

  339. - type: file

  340.   level: {{ matrix_dendrite_log_level }}

  341.   params:

  342.     path: /var/log/dendrite