ansible-base/roles/synapse/templates/homeserver.yaml.j2

{% if var_synapse_database_kind == 'sqlite' %}
database:
  name: sqlite3
  args:
    database: {{var_synapse_database_sqlite_path}}
{% endif %}

{% if var_synapse_database_kind == 'postgresql' %}
database:
  name: psycopg2
  args:
    host: {{var_synapse_database_data_postgresql_host}}
    port: {{var_synapse_database_data_postgresql_port | string}}
    database: "{{var_synapse_database_data_postgresql_schema}}"
    user: "{{var_synapse_database_data_postgresql_username}}"
    password: "{{var_synapse_database_data_postgresql_password}}"
    cp_min: 5
    cp_max: 10
{% endif %}

no_tls: True

tls_fingerprints: []

pid_file: "/var/run/matrix-synapse.pid"

soft_file_limit: 0

web_client_location: {{var_synapse_element_url}}

public_baseurl: {{var_synapse_scheme}}://{{var_synapse_domain}}/

listeners:
  - port: 8008
    tls: false
    bind_addresses:
      - '::1'
      - '127.0.0.1'
    type: http
    tls: false
    x_forwarded: true
    resources:
      - names: [client]
        compress: true
{% if var_synapse_federation_enable %}
      - names: [federation]
        compress: false
{% endif %}

federation_domain_whitelist: {{var_synapse_federation_whitelist | to_yaml}}
    
serve_server_wellknown: true

event_cache_size: "10K"

log_config: "/etc/matrix-synapse/log.yaml"

media_store_path: "/var/lib/matrix-synapse/media"

uploads_path: "/var/lib/matrix-synapse/uploads"

max_upload_size: "100M"

max_image_pixels: "32M"

dynamic_thumbnails: false

thumbnail_sizes:
  - width: 32
    height: 32
    method: crop
  - width: 96
    height: 96
    method: crop
  - width: 320
    height: 240
    method: scale
  - width: 640
    height: 480
    method: scale
  - width: 800
    height: 600
    method: scale

url_preview_enabled: false

max_spider_size: "10M"

enable_registration_captcha: false
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"

{% if var_synapse_registration_shared_secret != None %}
registration_shared_secret: "{{var_synapse_registration_shared_secret}}"
{% endif %}

oidc_config:
  user_mapping_provider:
    config:
      # NOT an Ansible variable
      localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"

{% if var_synapse_authentication_kind == 'internal' %}
enable_registration: true
enable_registration_without_verification: true
{% endif %}

{% if var_synapse_authentication_kind == 'authelia' %}
enable_registration: false
enable_registration_without_verification: false

oidc_providers:
  - idp_id: "{{var_synapse_authentication_data_authelia_provider_id}}"
    idp_name: "{{var_synapse_authentication_data_authelia_provider_name}}"
    idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
    discover: true
    issuer: "{{var_synapse_authentication_data_authelia_url_base}}"
    client_id: "{{var_synapse_authentication_data_authelia_client_id}}"
    client_secret: "{{var_synapse_authentication_data_authelia_client_secret}}"
    scopes: ["openid", "profile", "email"]
    allow_existing_users: true
    user_mapping_provider:
      config:
        subject_claim: "sub"
        localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"
        display_name_template: "{{"{{"}} user.name {{"}}"}}"
        email_template: "{{"{{"}} user.email {{"}}"}}"
{% endif %}

{% if var_synapse_authentication_kind == 'mas' %}
enable_registration: false
enable_registration_without_verification: false

experimental_features:
  msc3861:
    enabled: true
    issuer: "{{var_synapse_authentication_data_mas_url_base}}"
    client_auth_method: client_secret_basic
    client_id: "{{var_synapse_authentication_data_mas_client_id}}"
    client_secret: "{{var_synapse_authentication_data_mas_client_secret}}"
    admin_token: "{{var_synapse_authentication_data_mas_admin_token}}"
    account_management_url: "{{var_synapse_authentication_data_mas_url_base}}/account"
{% endif %}

account_validity:

bcrypt_rounds: 12

allow_guest_access: false

trusted_third_party_id_servers:
  - matrix.org
  - vector.im
  - riot.im

enable_metrics: false

app_service_config_files:
  # - "/opt/mautrix-telegram/python-venv/registration.yaml"
  # - "/opt/mautrix-signal/python-venv/registration.yaml"
  # - "/opt/matrix-irc-bridge/appservice-registration-irc.yaml"

expire_access_token: false

signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"

old_signing_keys: {}

key_refresh_interval: "1d"

trusted_key_servers:
  - server_name: "matrix.org"

saml2_config:
  user_mapping_provider:
    config:

password_config:
   enabled: true
   policy:
     enabled: {{var_synapse_password_strict_policy | to_yaml}}

email:
  smtp_host: "{{var_synapse_smtp_host}}"
  smtp_port: {{var_synapse_smtp_port | to_yaml}}
  smtp_user: "{{var_synapse_smtp_username}}"
  smtp_pass: "{{var_synapse_smtp_password}}"
  require_transport_security: true
  notif_from: "%(app)s | {{var_synapse_title}} <{{var_synapse_notifications_source_address}}>"
  enable_notifs: true
  notif_for_new_users: {{var_synapse_notifications_via_email_enabled_by_default | to_yaml}}
  notif_delay_before_mail: {{var_synapse_notifications_via_email_delay}}
  subjects:
    password_reset: "[%(server_name)s] Passwort zurücksetzen"
    email_validation: "[%(server_name)s] Nutzer-Konto-Freischaltung"

spam_checker:

enable_group_creation: true

templates:
  custom_templates_directory: "/etc/matrix-synapse/templates"