matrix: rebase homeserver config against current upstream

2022-03-23 18:04:48 +01:00 · 2022-03-23 18:04:48 +01:00 · 3cd42908be
commit 3cd42908be
parent dac19a26b6
1 changed files with 144 additions and 30 deletions
--- a/roles/matrix/templates/matrix-synapse/homeserver.yaml.j2
+++ b/roles/matrix/templates/matrix-synapse/homeserver.yaml.j2
@ -11,14 +11,14 @@
 # Server admins can expand Synapse's functionality with external modules.
 #
-# See https://matrix-org.github.io/synapse/latest/modules.html for more
+# See https://matrix-org.github.io/synapse/latest/modules/index.html for more
 # documentation on how to configure or create custom modules for Synapse.
 #
 modules:
-    # - module: my_super_module.MySuperClass
+  #- module: my_super_module.MySuperClass
  #  config:
  #    do_thing: true
-    # - module: my_other_super_module.SomeClass
+  #- module: my_other_super_module.SomeClass
  #  config: {}
@ -50,13 +50,7 @@ modules:
 #
 pid_file: "/var/run/matrix-synapse.pid"
-# The absolute URL to the web client which /_matrix/client will redirect
+# The absolute URL to the web client which / will redirect to.
 # to if 'webclient' is configured under the 'listeners' configuration.
 #
 # This option can be also set to the filesystem path to the web client
 # which will be served at /_matrix/client/ if 'webclient' is configured
 # under the 'listeners' configuration, however this is a security risk:
 # https://github.com/matrix-org/synapse#security-note
 #
 #web_client_location: https://riot.example.com/
@ -140,12 +134,12 @@ allow_public_rooms_over_federation: true
 # The default room version for newly created rooms.
 #
 # Known room versions are listed here:
-# https://matrix.org/docs/spec/#complete-list-of-room-versions
+# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions
 #
 # For example, for room version 1, default_room_version should be set
 # to "1".
 #
-#default_room_version: "6"
+#default_room_version: "9"
 # The GC threshold parameters to pass to `gc.set_threshold`, if defined
 #
@ -286,8 +280,6 @@ allow_public_rooms_over_federation: true
 #   static: static resources under synapse/static (/_matrix/static). (Mostly
 #       useful for 'fallback authentication'.)
 #
 #   webclient: A web client. Requires web_client_location to be set.
 #
 listeners:
  # TLS-enabled listener: for when matrix traffic is sent directly to synapse.
  #
@ -455,6 +447,20 @@ limit_remote_rooms:
 #
 #allow_per_room_profiles: false
 # The largest allowed file size for a user avatar. Defaults to no restriction.
 #
 # Note that user avatar changes will not work if this is set without
 # using Synapse's media repository.
 #
 #max_avatar_size: 10M
 # The MIME types allowed for user avatars. Defaults to no restriction.
 #
 # Note that user avatar changes will not work if this is set without
 # using Synapse's media repository.
 #
 #allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"]
 # How long to keep redacted events in unredacted form in the database. After
 # this period redacted events get replaced with their redacted form in the DB.
 #
@ -623,8 +629,8 @@ retention:
 #
 #federation_certificate_verification_whitelist:
 #  - lon.example.com
-#  - *.domain.com
+#  - "*.domain.com"
-#  - *.onion
+#  - "*.onion"
 # List of custom certificate authorities for federation traffic.
 #
@ -721,11 +727,16 @@ caches:
  per_cache_factors:
    #get_users_who_share_room_with_user: 2.0
-  # Controls how long an entry can be in a cache without having been
+  # Controls whether cache entries are evicted after a specified time
-  # accessed before being evicted. Defaults to None, which means
+  # period. Defaults to true. Uncomment to disable this feature.
  # entries are never evicted based on time.
  #
-  #expiry_time: 30m
+  #expire_caches: false
  # If expire_caches is enabled, this flag controls how long an entry can
  # be in a cache without having been accessed before being evicted.
  # Defaults to 30m. Uncomment to set a different time to live for cache entries.
  #
  #cache_entry_ttl: 30m
  # Controls how long the results of a /sync request are cached for after
  # a successful response is returned. A higher duration can help clients with
@ -832,6 +843,9 @@ log_config: "/etc/matrix-synapse/log.yaml"
 #   - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
 #   - two for ratelimiting how often invites can be sent in a room or to a
 #     specific user.
 #   - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID
 #     such as an email address or a phone number) based on the account that's
 #     sending the invite.
 #
 # The defaults are as shown below.
 #
@ -881,6 +895,10 @@ log_config: "/etc/matrix-synapse/log.yaml"
 #  per_user:
 #    per_second: 0.003
 #    burst_count: 5
 #
 #rc_third_party_invite:
 #  per_second: 0.2
 #  burst_count: 10
 # Ratelimiting settings for incoming federation
 #
@ -1190,6 +1208,44 @@ enable_registration: false
 #
 #session_lifetime: 24h
 # Time that an access token remains valid for, if the session is
 # using refresh tokens.
 # For more information about refresh tokens, please see the manual.
 # Note that this only applies to clients which advertise support for
 # refresh tokens.
 #
 # Note also that this is calculated at login time and refresh time:
 # changes are not applied to existing sessions until they are refreshed.
 #
 # By default, this is 5 minutes.
 #
 #refreshable_access_token_lifetime: 5m
 # Time that a refresh token remains valid for (provided that it is not
 # exchanged for another one first).
 # This option can be used to automatically log-out inactive sessions.
 # Please see the manual for more information.
 #
 # Note also that this is calculated at login time and refresh time:
 # changes are not applied to existing sessions until they are refreshed.
 #
 # By default, this is infinite.
 #
 #refresh_token_lifetime: 24h
 # Time that an access token remains valid for, if the session is NOT
 # using refresh tokens.
 # Please note that not all clients support refresh tokens, so setting
 # this to a short value may be inconvenient for some users who will
 # then be logged out frequently.
 #
 # Note also that this is calculated at login time: changes are not applied
 # retrospectively to existing sessions for users that have already logged in.
 #
 # By default, this is infinite.
 #
 #nonrefreshable_access_token_lifetime: 24h
 # The user must provide all of the below types of 3PID when registering.
 #
 #registrations_require_3pid:
@ -1379,6 +1435,16 @@ enable_3pid_changes: false
 #
 #auto_join_rooms_for_guests: false
 # Whether to inhibit errors raised when registering a new account if the user ID
 # already exists. If turned on, that requests to /register/available will always
 # show a user ID as available, and Synapse won't raise an error when starting
 # a registration with a user ID that already exists. However, Synapse will still
 # raise an error if the registration completes and the username conflicts.
 #
 # Defaults to false.
 #
 #inhibit_user_in_use_error: true
 ## Metrics ###
@ -1431,6 +1497,7 @@ room_prejoin_state:
   # - m.room.encryption
   # - m.room.name
   # - m.room.create
   # - m.room.topic
   #
   # Uncomment the following to disable these defaults (so that only the event
   # types listed in 'additional_event_types' are shared). Defaults to 'false'.
@ -1812,10 +1879,13 @@ saml2_config:
 #       Defaults to false. Avoid this in production.
 #
 #   user_profile_method: Whether to fetch the user profile from the userinfo
-#       endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
+#       endpoint, or to rely on the data returned in the id_token from the
 #       token_endpoint.
 #
-#       Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
+#       Valid values are: 'auto' or 'userinfo_endpoint'.
-#       included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
+#
 #       Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
 #       not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
 #       userinfo endpoint.
 #
 #   allow_existing_users: set to 'true' to allow a user logging in via OIDC to
@ -1843,8 +1913,14 @@ saml2_config:
 #
 #             localpart_template: Jinja2 template for the localpart of the MXID.
 #                 If this is not set, the user will be prompted to choose their
-#                 own username (see 'sso_auth_account_details.html' in the 'sso'
+#                 own username (see the documentation for the
-#                 section of this file).
+#                 'sso_auth_account_details.html' template). This template can
 #                 use the 'localpart_from_email' filter.
 #
 #             confirm_localpart: Whether to prompt the user to validate (or
 #                 change) the generated localpart (see the documentation for the
 #                 'sso_auth_account_details.html' template), instead of
 #                 registering the account right away.
 #
 #             display_name_template: Jinja2 template for the display name to set
 #                 on first login. If unset, no displayname will be set.
@ -2020,6 +2096,12 @@ sso:
    #
    #algorithm: "provided-by-your-issuer"
    # Name of the claim containing a unique identifier for the user.
    #
    # Optional, defaults to `sub`.
    #
    #subject_claim: "sub"
    # The issuer to validate the "iss" claim against.
    #
    # Optional, if provided the "iss" claim will be required and
@ -2369,8 +2451,8 @@ user_directory:
    # indexes were (re)built was before Synapse 1.44, you'll have to
    # rebuild the indexes in order to search through all known users.
    # These indexes are built the first time Synapse starts; admins can
-    # manually trigger a rebuild following the instructions at
+    # manually trigger a rebuild via API following the instructions at
-    #     https://matrix-org.github.io/synapse/latest/user_directory.html
+    #     https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run
    #
    # Uncomment to return search results containing all known users, even if that
    # user does not share a room with the requester.
@ -2647,3 +2729,35 @@ redis:
  # Optional password if configured on the Redis instance
  #
  #password: <secret_password>
 ## Background Updates ##
 # Background updates are database updates that are run in the background in batches.
 # The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to
 # sleep can all be configured. This is helpful to speed up or slow down the updates.
 #
 background_updates:
    # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set
    # a time to change the default.
    #
    #background_update_duration_ms: 500
    # Whether to sleep between updates. Defaults to True. Uncomment to change the default.
    #
    #sleep_enabled: false
    # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment
    # and set a duration to change the default.
    #
    #sleep_duration_ms: 300
    # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and
    # set a size to change the default.
    #
    #min_batch_size: 10
    # The batch size to use for the first iteration of a new background update. The default is 100.
    # Uncomment and set a size to change the default.
    #
    #default_batch_size: 50