#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}

## Server ##
server_name: "{{ matrix_server_url }}"
pid_file: /var/run/homeserver.pid
public_baseurl: "{{ matrix_client_url }}"

presence:
  enabled: {{ matrix_presence_enabled | bool | lower }}

require_auth_for_profile_requests: false
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
matrix_default_room_version: "{{ matrix_default_room_version }}"
filter_timeline_limit: {{ matrix_filter_timeline_limit }}
block_non_admin_invites: false
enable_search: true

listeners:
  {% if matrix_https_bind_addresses is defined and matrix_https_bind_addresses | length > 0 %}
  - type: http
    port: {{ matrix_https_bind_port }}
    bind_addresses:
      {{ matrix_https_bind_addresses | to_nice_yaml | indent(6) }}
    {% if matrix_tls_enabled %}
    tls: true
    {% endif %}
    x_forwarded: false

    resources:
      - names: [client, federation]
        compress: false
  {% endif %}
  {% if matrix_http_bind_addresses is defined and matrix_http_bind_addresses | length > 0 %}

  - type: http
    port: {{ matrix_http_bind_port }}
    tls: false
    bind_addresses:
      {{ matrix_http_bind_addresses | to_nice_yaml | indent(6) }}
    x_forwarded: true

    resources:
      - names: [client, federation]
        compress: false
    {% endif %}
{% if matrix_tls_enabled %}

## TLS ##
tls_certificate_path: "{{ matrix_tls_cert_path }}"
tls_private_key_path: "{{ matrix_tls_key_path }}"

federation_verify_certificates: true
federation_client_minimum_tls_version: 1.2
federation_certificate_verification_whitelist: []
{% endif %}

## Caching ##
event_cache_size: "{{ matrix_event_cache_size }}"
caches:
  global_factor: {{ matrix_caches_global_factor }}

## Database ##
database:
  {% if matrix_db_type == "pgsql" %}
  name: psycopg2
  txn_limit: {{ matrix_db_txn_limit }}
  args:
    user: {{ matrix_db_user }}
    password: {{ matrix_db_password }}
    dbname: {{ matrix_db_name }}
    host: {{ matrix_db_server }}
    port: {{ matrix_db_port }}
    sslmode: {{ matrix_db_ssl_mode }}
    sslrootcert: {{ matrix_db_ssl_root_cert }}
    cp_min: 5
    cp_max: 10
  {% else %}
  name: "sqlite3"
  args:
    database: "{{ matrix_data_dir }}/homeserver.db"
  {% endif %}

## Logging ##

# A yaml python logging config file
log_config: "{{ matrix_conf_dir }}/logging.config"

## Ratelimiting ##
rc_message:
  per_second: 0.2
  burst_count: 10

rc_registration:
  per_second: 0.17
  burst_count: 3

rc_login:
  address:
    per_second: {{ matrix_rc_login_address.per_second | default(0.17) }}
    burst_count: {{ matrix_rc_login_address.burst_count | default(3) }}
  account:
    per_second: {{ matrix_rc_login_account.per_second | default(0.17) }}
    burst_count: {{ matrix_rc_login_account.burst_count | default(3) }}
  failed_attempts:
    per_second: 0.17
    burst_count: 3

rc_federation:
  window_size: 1000
  sleep_limit: 10
  sleep_delay: 500
  reject_limit: 50
  concurrent: 3

## Media Store ##
media_store_path: "{{ matrix_data_dir }}/media_store"
max_upload_size: 10M
max_image_pixels: 32M
dynamic_thumbnails: false
thumbnail_sizes:
  - width: 32
    height: 32
    method: crop
  - width: 96
    height: 96
    method: crop
  - width: 320
    height: 240
    method: scale
  - width: 640
    height: 480
    method: scale
  - width: 800
    height: 600
    method: scale

url_preview_enabled: {{ 'true' if matrix_url_preview_enabled else 'false' }}

{% if matrix_url_preview_ip_blacklist is defined %}
url_preview_ip_range_blacklist:
  {{ matrix_url_preview_ip_blacklist | to_nice_yaml | indent(2) }}
{% endif %}

{% if matrix_url_preview_url_blacklist is defined %}
url_preview_url_blacklist:
  {{ matrix_url_preview_url_blacklist | to_nice_yaml | indent(2) }}
{% endif %}

max_spider_size: "{{ matrix_url_preview_max_spider_size }}"

## Captcha ##
enable_registration_captcha: false

## Registration ##
enable_registration: false
bcrypt_rounds: 12
allow_guest_access: false
default_identity_server: https://matrix.org

## Metrics ###
enable_metrics: false
report_stats: false

## API Configuration ##
macaroon_secret_key: "{{ matrix_macaroon_secret_key }}"
form_secret: "{{ matrix_form_secret }}"

## Signing Keys ##
signing_key_path: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key"
key_refresh_interval: 1d

suppress_key_server_warning: {{ matrix_suppress_key_server_warning | bool | lower }}
trusted_key_servers:
  - server_name: "matrix.org"

password_config:
  enabled: true
  {% if matrix_ldap_auth_enabled %}

password_providers:
  - module: "ldap_auth_provider.LdapAuthProvider"
    config:
      enabled: true
      uri: "{{ matrix_ldap_auth_server }}"
      start_tls: "{{ matrix_ldap_auth_use_starttls }}"
      base: "{{ matrix_ldap_auth_basedn }}"
      attributes:
        uid: "{{ matrix_ldap_auth_uid_attr }}"
        mail: "{{ matrix_ldap_auth_mail_attr }}"
        name: "{{ matrix_ldap_auth_name_attr }}"
      {% if matrix_ldap_auth_binddn is defined %}
      bind_dn: "{{ matrix_ldap_auth_binddn }}"
      {% endif %}
      {% if matrix_ldap_auth_bind_password is defined %}
      bind_password: "{{ matrix_ldap_auth_bind_password }}"
      {% endif %}
      {% if matrix_ldap_auth_filter is defined %}
      filter: "{{ matrix_ldap_auth_filter }}"
      {% endif %}
{% endif %}

## Rooms ##
enable_group_creation: false
enable_room_list_search: true

alias_creation_rules:
  - user_id: "*"
    alias: "*"
    room_id: "*"
    action: allow

room_list_publication_rules:
  - user_id: "*"
    alias: "*"
    room_id: "*"
    action: allow

## Opentracing ##

opentracing:
  enabled: false