homelab/lab/ansible/roles/synapse/templates/homeserver.yaml.j2

enable_registration: false

server_name: "matrix.unbl.ink"
pid_file: /usr/local/etc/matrix-synapse/homeserver.pid
web_client_location: https://matrix.unbl.ink
public_baseurl: https://matrix.unbl.ink
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ["::0", "0.0.0.0"]

    resources:
      - names: [client, federation]
        compress: true

admin_contact: "mailto:matrix@unbl.ink"

tls_certificate_path: "/usr/local/etc/matrix-synapse/matrix.unbl.ink.tls.crt"
tls_private_key_path: "/usr/local/etc/matrix-synapse/matrix.unbl.ink.tls.key"
federation_verify_certificates: true

federation_ip_range_blacklist:
  - "127.0.0.0/8"
  - "10.0.0.0/8"
  - "172.16.0.0/12"
  - "192.168.0.0/16"
  - "100.64.0.0/10"
  - "169.254.0.0/16"
  - "::1/128"
  - "fe80::/64"
  - "fc00::/7"

database:
  name: psycopg2
  args:
    user: synapse
    password: {{synapse_db_pass}}
    database: synapse
    host: db.local
    cp_min: 5
    cp_max: 10

log_config: "/usr/local/etc/matrix-synapse/matrix.unbl.ink.log.config"
media_store_path: "/usr/local/etc/matrix-synapse/media_store"

# Optional account validity configuration. This allows for accounts to be denied
# any request after a given period.
#
# Once this feature is enabled, Synapse will look for registered users without an
# expiration date at startup and will add one to every account it found using the
# current settings at that time.
# This means that, if a validity period is set, and Synapse is restarted (it will
# then derive an expiration date from the current validity period), and some time
# after that the validity period changes and Synapse is restarted, the users'
# expiration dates won't be updated unless their account is manually renewed. This
# date will be randomly selected within a range [now + period - d ; now + period],
# where d is equal to 10% of the validity period.
#
account_validity:
  # The account validity feature is disabled by default. Uncomment the
  # following line to enable it.
  #
  #enabled: true

  # The period after which an account is valid after its registration. When
  # renewing the account, its validity period will be extended by this amount
  # of time. This parameter is required when using the account validity
  # feature.
  #
  #period: 6w

  # The amount of time before an account's expiry date at which Synapse will
  # send an email to the account's email address with a renewal link. By
  # default, no such emails are sent.
  #
  # If you enable this setting, you will also need to fill out the 'email' and
  # 'public_baseurl' configuration sections.
  #
  #renew_at: 1w

  # The subject of the email sent out with the renewal link. '%(app)s' can be
  # used as a placeholder for the 'app_name' parameter from the 'email'
  # section.
  #
  # Note that the placeholder must be written '%(app)s', including the
  # trailing 's'.
  #
  # If this is not set, a default value is used.
  #
  #renew_email_subject: "Renew your %(app)s account"

  # Directory in which Synapse will try to find templates for the HTML files to
  # serve to the user when trying to renew an account. If not set, default
  # templates from within the Synapse package will be used.
  #
  #template_dir: "res/templates"

  # File within 'template_dir' giving the HTML to be displayed to the user after
  # they successfully renewed their account. If not set, default text is used.
  #
  #account_renewed_html_path: "account_renewed.html"

  # File within 'template_dir' giving the HTML to be displayed when the user
  # tries to renew an account with an invalid renewal token. If not set,
  # default text is used.
  #
  #invalid_token_html_path: "invalid_token.html"

# Time that a user's session remains valid for, after they log in.
#
# Note that this is not currently compatible with guest logins.
#
# Note also that this is calculated at login time: changes are not applied
# retrospectively to users who have already logged in.
#
# By default, this is infinite.
#
#session_lifetime: 24h

# The user must provide all of the below types of 3PID when registering.
#
#registrations_require_3pid:
#  - email
#  - msisdn

# Explicitly disable asking for MSISDNs from the registration
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
#
#disable_msisdn_registration: true

# Mandate that users are only allowed to associate certain formats of
# 3PIDs with accounts on this server.
#
#allowed_local_3pids:
#  - medium: email
#    pattern: '.*@matrix\.org'
#  - medium: email
#    pattern: '.*@vector\.im'
#  - medium: msisdn
#    pattern: '\+44'

# Enable 3PIDs lookup requests to identity servers from this server.
#
#enable_3pid_lookup: true

# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
registration_shared_secret: "{{synapse_reg_shared_secret}}"

metrics_flags:
  known_servers: true

report_stats: true
macaroon_secret_key: "jWX:,spiN2jEU7LGFjw-fl,PISj@YwIi&*d_QsqV~_Z4PkOpC6"
form_secret: "gZ:PaH&tj~2*HYa_5_-aI3uPEyEUQJ#2ZPSkzK7TCmi1ANBgPX"
signing_key_path: "/usr/local/etc/matrix-synapse/matrix.unbl.ink.signing.key"

trusted_key_servers:
  - server_name: "matrix.org"

suppress_key_server_warning: true

email:
  smtp_host: "box.unbl.ink"
  smtp_port: 587
  smtp_user: "services@unbl.ink"
  smtp_pass: "{{services_unblink_email_pass}}"
  require_transport_security: true
  notif_from: "Your Friendly %(app)s homeserver <serivces@unbl.ink>"
  enable_notifs: true
  client_base_url: "http://chat.unbl.ink/"

redis:
  enabled: true
  host: localhost
  port: 6379
# vim:ft=yaml