# For more information on how to configure Synapse, including a complete accounting of # each option, go to docs/usage/configuration/config_documentation.md or # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html # Server server_name: "${env['domain']}" pid_file: /data/homeserver.pid public_baseurl: "https://matrix.${env['domain']}" listeners: - port: 8008 tls: false type: http x_forwarded: true resources: - names: [client, federation] compress: false email: smtp_host: "mail.${env['domain']}" smtp_port: ${env['ports']['mailserver_smtps']} smtp_user: '${secrets["mailserver"]["synapse"]["user"]}' smtp_pass: '${secrets["mailserver"]["synapse"]["pass"]}' force_tls: true notif_from: "Matrix " #invite_client_location: "https://element.${env['domain']}" # Homeserver blocking max_avatar_size: 2M # Database database: name: psycopg2 args: user: '${secrets["postgres"]["synapse"]["user"]}' password: '${secrets["postgres"]["synapse"]["pass"]}' dbname: synapse host: "postgres.${env['domain']}" cp_min: 5 cp_max: 10 # Logging log_config: "/data/${env['domain']}.log.config" # Media Store media_store_path: /data/media_store # Changer aussi le max_body_size dans le reverse proxy max_upload_size: 50M media_retention: remote_media_lifetime: 14d url_preview_enabled: true url_preview_ip_range_blacklist: - '127.0.0.0/8' - '10.0.0.0/8' - '172.16.0.0/12' - '192.168.0.0/16' - '100.64.0.0/10' - '192.0.0.0/24' - '169.254.0.0/16' - '192.88.99.0/24' - '198.18.0.0/15' - '192.0.2.0/24' - '198.51.100.0/24' - '203.0.113.0/24' - '224.0.0.0/4' - '::1/128' - 'fe80::/10' - 'fc00::/7' - '2001:db8::/32' - 'ff00::/8' - 'fec0::/10' url_preview_accept_language: - 'en' - 'fr' - '*;q=0.2' # TURN turn_uris: ["turns:turn.${env['domain']}?transport=udp", "turns:turn.${env['domain']}?transport=tcp"] turn_shared_secret: '${secrets["turn_static_auth"]}' turn_user_lifetime: 86400000 turn_allow_guests: true # Registration enable_registration: true registration_requires_token: true # Metrics report_stats: true # API Configuration macaroon_secret_key: '${secrets["synapse"]["macaroon"]}' form_secret: '${secrets["synapse"]["form"]}' # Signing Keys signing_key_path: "/data/${env['domain']}.signing.key" trusted_key_servers: - server_name: "matrix.org" suppress_key_server_warning: true # Single sign-on integration oidc_providers: - idp_id: keycloak idp_name: "Keycloak" issuer: "https://kc.${env['domain']}/realms/master" client_id: '${secrets["keycloak"]["synapse"]["id"]}' client_secret: '${secrets["keycloak"]["synapse"]["secret"]}' scopes: ["openid", "profile", "email"] allow_existing_users: true user_mapping_provider: config: subject_claim: "sub" localpart_template: '{{ user.preferred_username }}' display_name_template: '{{ user.name }}' email_template: '{{ user.email }}' backchannel_logout_enabled: true password_config: enabled: false