xoxys.matrix/templates/opt/matrix/config/homeserver.yml.j2
Robert Kaussow 66e6179aae
All checks were successful
continuous-integration/drone/push Build is passing
refactor: modernize homeserver and logger config
2022-02-10 09:42:26 +01:00

224 lines
5.5 KiB
Django/Jinja

#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
## Server ##
server_name: "{{ matrix_server_url }}"
pid_file: /var/run/homeserver.pid
public_baseurl: "{{ matrix_client_url }}"
presence:
enabled: {{ matrix_presence_enabled | bool | lower }}
require_auth_for_profile_requests: false
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
matrix_default_room_version: "{{ matrix_default_room_version }}"
filter_timeline_limit: {{ matrix_filter_timeline_limit }}
block_non_admin_invites: false
enable_search: true
listeners:
{% if matrix_https_bind_addresses is defined and matrix_https_bind_addresses | length > 0 %}
- type: http
port: {{ matrix_https_bind_port }}
bind_addresses:
{{ matrix_https_bind_addresses | to_nice_yaml | indent(6) }}
{% if matrix_tls_enabled %}
tls: true
{% endif %}
x_forwarded: false
resources:
- names: [client, federation]
compress: false
{% endif %}
{% if matrix_http_bind_addresses is defined and matrix_http_bind_addresses | length > 0 %}
- type: http
port: {{ matrix_http_bind_port }}
tls: false
bind_addresses:
{{ matrix_http_bind_addresses | to_nice_yaml | indent(6) }}
x_forwarded: true
resources:
- names: [client, federation]
compress: false
{% endif %}
{% if matrix_tls_enabled %}
## TLS ##
tls_certificate_path: "{{ matrix_tls_cert_path }}"
tls_private_key_path: "{{ matrix_tls_key_path }}"
federation_verify_certificates: true
federation_client_minimum_tls_version: 1.2
federation_certificate_verification_whitelist: []
{% endif %}
## Caching ##
event_cache_size: "{{ matrix_event_cache_size }}"
caches:
global_factor: {{ matrix_caches_global_factor }}
## Database ##
database:
{% if matrix_db_type == "pgsql" %}
name: psycopg2
txn_limit: {{ matrix_db_txn_limit }}
args:
user: {{ matrix_db_user }}
password: {{ matrix_db_password }}
dbname: {{ matrix_db_name }}
host: {{ matrix_db_server }}
port: {{ matrix_db_port }}
sslmode: {{ matrix_db_ssl_mode }}
sslrootcert: {{ matrix_db_ssl_root_cert }}
cp_min: 5
cp_max: 10
{% else %}
name: "sqlite3"
args:
database: "{{ matrix_data_dir }}/homeserver.db"
{% endif %}
## Logging ##
# A yaml python logging config file
log_config: "{{ matrix_conf_dir }}/logging.config"
## Ratelimiting ##
rc_message:
per_second: 0.2
burst_count: 10
rc_registration:
per_second: 0.17
burst_count: 3
rc_login:
address:
per_second: {{ matrix_rc_login_address.per_second | default(0.17) }}
burst_count: {{ matrix_rc_login_address.burst_count | default(3) }}
account:
per_second: {{ matrix_rc_login_account.per_second | default(0.17) }}
burst_count: {{ matrix_rc_login_account.burst_count | default(3) }}
failed_attempts:
per_second: 0.17
burst_count: 3
rc_federation:
window_size: 1000
sleep_limit: 10
sleep_delay: 500
reject_limit: 50
concurrent: 3
## Media Store ##
media_store_path: "{{ matrix_data_dir }}/media_store"
max_upload_size: 10M
max_image_pixels: 32M
dynamic_thumbnails: false
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: {{ 'true' if matrix_url_preview_enabled else 'false' }}
{% if matrix_url_preview_ip_blacklist is defined %}
url_preview_ip_range_blacklist:
{{ matrix_url_preview_ip_blacklist | to_nice_yaml | indent(2) }}
{% endif %}
{% if matrix_url_preview_url_blacklist is defined %}
url_preview_url_blacklist:
{{ matrix_url_preview_url_blacklist | to_nice_yaml | indent(2) }}
{% endif %}
max_spider_size: "{{ matrix_url_preview_max_spider_size }}"
## Captcha ##
enable_registration_captcha: false
## Registration ##
enable_registration: false
bcrypt_rounds: 12
allow_guest_access: false
default_identity_server: https://matrix.org
## Metrics ###
enable_metrics: false
report_stats: false
## API Configuration ##
macaroon_secret_key: "{{ matrix_macaroon_secret_key }}"
form_secret: "{{ matrix_form_secret }}"
## Signing Keys ##
signing_key_path: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key"
key_refresh_interval: 1d
suppress_key_server_warning: {{ matrix_suppress_key_server_warning | bool | lower }}
trusted_key_servers:
- server_name: "matrix.org"
password_config:
enabled: true
{% if matrix_ldap_auth_enabled %}
password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
config:
enabled: true
uri: "{{ matrix_ldap_auth_server }}"
start_tls: "{{ matrix_ldap_auth_use_starttls }}"
base: "{{ matrix_ldap_auth_basedn }}"
attributes:
uid: "{{ matrix_ldap_auth_uid_attr }}"
mail: "{{ matrix_ldap_auth_mail_attr }}"
name: "{{ matrix_ldap_auth_name_attr }}"
{% if matrix_ldap_auth_binddn is defined %}
bind_dn: "{{ matrix_ldap_auth_binddn }}"
{% endif %}
{% if matrix_ldap_auth_bind_password is defined %}
bind_password: "{{ matrix_ldap_auth_bind_password }}"
{% endif %}
{% if matrix_ldap_auth_filter is defined %}
filter: "{{ matrix_ldap_auth_filter }}"
{% endif %}
{% endif %}
## Rooms ##
enable_group_creation: false
enable_room_list_search: true
alias_creation_rules:
- user_id: "*"
alias: "*"
room_id: "*"
action: allow
room_list_publication_rules:
- user_id: "*"
alias: "*"
room_id: "*"
action: allow
## Opentracing ##
opentracing:
enabled: false