forked from infra/ansible
matrix: rebase config against 1.14.0
This commit is contained in:
parent
8e5ccda050
commit
9bb3111efc
@ -21,10 +21,15 @@
|
|||||||
#
|
#
|
||||||
pid_file: "/var/run/matrix-synapse.pid"
|
pid_file: "/var/run/matrix-synapse.pid"
|
||||||
|
|
||||||
# The path to the web client which will be served at /_matrix/client/
|
# The absolute URL to the web client which /_matrix/client will redirect
|
||||||
# if 'webclient' is configured under the 'listeners' configuration.
|
# to if 'webclient' is configured under the 'listeners' configuration.
|
||||||
#
|
#
|
||||||
#web_client_location: "/path/to/web/root"
|
# This option can be also set to the filesystem path to the web client
|
||||||
|
# which will be served at /_matrix/client/ if 'webclient' is configured
|
||||||
|
# under the 'listeners' configuration, however this is a security risk:
|
||||||
|
# https://github.com/matrix-org/synapse#security-note
|
||||||
|
#
|
||||||
|
#web_client_location: https://riot.example.com/
|
||||||
|
|
||||||
# The public-facing base URL that clients use to access this HS
|
# The public-facing base URL that clients use to access this HS
|
||||||
# (not including _matrix/...). This is the same URL a user would
|
# (not including _matrix/...). This is the same URL a user would
|
||||||
@ -236,6 +241,18 @@ listeners:
|
|||||||
# bind_addresses: ['::1', '127.0.0.1']
|
# bind_addresses: ['::1', '127.0.0.1']
|
||||||
# type: manhole
|
# type: manhole
|
||||||
|
|
||||||
|
# Forward extremities can build up in a room due to networking delays between
|
||||||
|
# homeservers. Once this happens in a large room, calculation of the state of
|
||||||
|
# that room can become quite expensive. To mitigate this, once the number of
|
||||||
|
# forward extremities reaches a given threshold, Synapse will send an
|
||||||
|
# org.matrix.dummy_event event, which will reduce the forward extremities
|
||||||
|
# in the room.
|
||||||
|
#
|
||||||
|
# This setting defines the threshold (i.e. number of forward extremities in the
|
||||||
|
# room) at which dummy events are sent. The default value is 10.
|
||||||
|
#
|
||||||
|
#dummy_events_threshold: 5
|
||||||
|
|
||||||
|
|
||||||
## Homeserver blocking ##
|
## Homeserver blocking ##
|
||||||
|
|
||||||
@ -293,22 +310,27 @@ listeners:
|
|||||||
# Used by phonehome stats to group together related servers.
|
# Used by phonehome stats to group together related servers.
|
||||||
#server_context: context
|
#server_context: context
|
||||||
|
|
||||||
# Resource-constrained homeserver Settings
|
# Resource-constrained homeserver settings
|
||||||
#
|
#
|
||||||
# If limit_remote_rooms.enabled is True, the room complexity will be
|
# When this is enabled, the room "complexity" will be checked before a user
|
||||||
# checked before a user joins a new remote room. If it is above
|
# joins a new remote room. If it is above the complexity limit, the server will
|
||||||
# limit_remote_rooms.complexity, it will disallow joining or
|
# disallow joining, or will instantly leave.
|
||||||
# instantly leave.
|
|
||||||
#
|
#
|
||||||
# limit_remote_rooms.complexity_error can be set to customise the text
|
# Room complexity is an arbitrary measure based on factors such as the number of
|
||||||
# displayed to the user when a room above the complexity threshold has
|
# users in the room.
|
||||||
# its join cancelled.
|
|
||||||
#
|
#
|
||||||
# Uncomment the below lines to enable:
|
limit_remote_rooms:
|
||||||
#limit_remote_rooms:
|
# Uncomment to enable room complexity checking.
|
||||||
# enabled: true
|
#
|
||||||
# complexity: 1.0
|
#enabled: true
|
||||||
# complexity_error: "This room is too complex."
|
|
||||||
|
# the limit above which rooms cannot be joined. The default is 1.0.
|
||||||
|
#
|
||||||
|
#complexity: 0.5
|
||||||
|
|
||||||
|
# override the error which is returned when the room is too complex.
|
||||||
|
#
|
||||||
|
#complexity_error: "This room is too complex."
|
||||||
|
|
||||||
# Whether to require a user to be in the room to add an alias to it.
|
# Whether to require a user to be in the room to add an alias to it.
|
||||||
# Defaults to 'true'.
|
# Defaults to 'true'.
|
||||||
@ -397,6 +419,16 @@ retention:
|
|||||||
# longest_max_lifetime: 1y
|
# longest_max_lifetime: 1y
|
||||||
# interval: 1d
|
# interval: 1d
|
||||||
|
|
||||||
|
# Inhibits the /requestToken endpoints from returning an error that might leak
|
||||||
|
# information about whether an e-mail address is in use or not on this
|
||||||
|
# homeserver.
|
||||||
|
# Note that for some endpoints the error situation is the e-mail already being
|
||||||
|
# used, and for others the error is entering the e-mail being unused.
|
||||||
|
# If this option is enabled, instead of returning an error, these endpoints will
|
||||||
|
# act as if no error happened and return a fake session ID ('sid') to clients.
|
||||||
|
#
|
||||||
|
#request_token_inhibit_3pid_errors: true
|
||||||
|
|
||||||
|
|
||||||
## TLS ##
|
## TLS ##
|
||||||
|
|
||||||
@ -564,12 +596,91 @@ acme:
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Caching ##
|
||||||
|
|
||||||
|
# Caching can be configured through the following options.
|
||||||
|
#
|
||||||
|
# A cache 'factor' is a multiplier that can be applied to each of
|
||||||
|
# Synapse's caches in order to increase or decrease the maximum
|
||||||
|
# number of entries that can be stored.
|
||||||
|
|
||||||
|
# The number of events to cache in memory. Not affected by
|
||||||
|
# caches.global_factor.
|
||||||
|
#
|
||||||
|
#event_cache_size: 10K
|
||||||
|
|
||||||
|
caches:
|
||||||
|
# Controls the global cache factor, which is the default cache factor
|
||||||
|
# for all caches if a specific factor for that cache is not otherwise
|
||||||
|
# set.
|
||||||
|
#
|
||||||
|
# This can also be set by the "SYNAPSE_CACHE_FACTOR" environment
|
||||||
|
# variable. Setting by environment variable takes priority over
|
||||||
|
# setting through the config file.
|
||||||
|
#
|
||||||
|
# Defaults to 0.5, which will half the size of all caches.
|
||||||
|
#
|
||||||
|
#global_factor: 1.0
|
||||||
|
|
||||||
|
# A dictionary of cache name to cache factor for that individual
|
||||||
|
# cache. Overrides the global cache factor for a given cache.
|
||||||
|
#
|
||||||
|
# These can also be set through environment variables comprised
|
||||||
|
# of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital
|
||||||
|
# letters and underscores. Setting by environment variable
|
||||||
|
# takes priority over setting through the config file.
|
||||||
|
# Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0
|
||||||
|
#
|
||||||
|
# Some caches have '*' and other characters that are not
|
||||||
|
# alphanumeric or underscores. These caches can be named with or
|
||||||
|
# without the special characters stripped. For example, to specify
|
||||||
|
# the cache factor for `*stateGroupCache*` via an environment
|
||||||
|
# variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
|
||||||
|
#
|
||||||
|
per_cache_factors:
|
||||||
|
#get_users_who_share_room_with_user: 2.0
|
||||||
|
|
||||||
|
|
||||||
## Database ##
|
## Database ##
|
||||||
|
|
||||||
|
# The 'database' setting defines the database that synapse uses to store all of
|
||||||
|
# its data.
|
||||||
|
#
|
||||||
|
# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
|
||||||
|
# 'psycopg2' (for PostgreSQL).
|
||||||
|
#
|
||||||
|
# 'args' gives options which are passed through to the database engine,
|
||||||
|
# except for options starting 'cp_', which are used to configure the Twisted
|
||||||
|
# connection pool. For a reference to valid arguments, see:
|
||||||
|
# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
|
||||||
|
# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
|
||||||
|
# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Example SQLite configuration:
|
||||||
|
#
|
||||||
|
#database:
|
||||||
|
# name: sqlite3
|
||||||
|
# args:
|
||||||
|
# database: /path/to/homeserver.db
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Example Postgres configuration:
|
||||||
|
#
|
||||||
|
#database:
|
||||||
|
# name: psycopg2
|
||||||
|
# args:
|
||||||
|
# user: synapse
|
||||||
|
# password: secretpassword
|
||||||
|
# database: synapse
|
||||||
|
# host: localhost
|
||||||
|
# cp_min: 5
|
||||||
|
# cp_max: 10
|
||||||
|
#
|
||||||
|
# For more information on using Synapse with Postgres, see `docs/postgres.md`.
|
||||||
|
#
|
||||||
database:
|
database:
|
||||||
# The database engine name
|
|
||||||
name: "psycopg2"
|
name: "psycopg2"
|
||||||
# Arguments to pass to the engine
|
|
||||||
args:
|
args:
|
||||||
user: {{ matrix_dbuser }}
|
user: {{ matrix_dbuser }}
|
||||||
password: {{ matrix_dbpass }}
|
password: {{ matrix_dbpass }}
|
||||||
@ -689,12 +800,11 @@ media_store_path: "/var/lib/matrix-synapse/media"
|
|||||||
#
|
#
|
||||||
#media_storage_providers:
|
#media_storage_providers:
|
||||||
# - module: file_system
|
# - module: file_system
|
||||||
# # Whether to write new local files.
|
# # Whether to store newly uploaded local files
|
||||||
# store_local: false
|
# store_local: false
|
||||||
# # Whether to write new remote media
|
# # Whether to store newly downloaded remote files
|
||||||
# store_remote: false
|
# store_remote: false
|
||||||
# # Whether to block upload requests waiting for write to this
|
# # Whether to wait for successful storage for local uploads
|
||||||
# # provider to complete
|
|
||||||
# store_synchronous: false
|
# store_synchronous: false
|
||||||
# config:
|
# config:
|
||||||
# directory: /mnt/some/other/directory
|
# directory: /mnt/some/other/directory
|
||||||
@ -813,31 +923,55 @@ max_upload_size: 10M
|
|||||||
#
|
#
|
||||||
#max_spider_size: 10M
|
#max_spider_size: 10M
|
||||||
|
|
||||||
|
# A list of values for the Accept-Language HTTP header used when
|
||||||
|
# downloading webpages during URL preview generation. This allows
|
||||||
|
# Synapse to specify the preferred languages that URL previews should
|
||||||
|
# be in when communicating with remote servers.
|
||||||
|
#
|
||||||
|
# Each value is a IETF language tag; a 2-3 letter identifier for a
|
||||||
|
# language, optionally followed by subtags separated by '-', specifying
|
||||||
|
# a country or region variant.
|
||||||
|
#
|
||||||
|
# Multiple values can be provided, and a weight can be added to each by
|
||||||
|
# using quality value syntax (;q=). '*' translates to any language.
|
||||||
|
#
|
||||||
|
# Defaults to "en".
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#
|
||||||
|
# url_preview_accept_language:
|
||||||
|
# - en-UK
|
||||||
|
# - en-US;q=0.9
|
||||||
|
# - fr;q=0.8
|
||||||
|
# - *;q=0.7
|
||||||
|
#
|
||||||
|
url_preview_accept_language:
|
||||||
|
# - en
|
||||||
|
|
||||||
|
|
||||||
## Captcha ##
|
## Captcha ##
|
||||||
# See docs/CAPTCHA_SETUP for full details of configuring this.
|
# See docs/CAPTCHA_SETUP.md for full details of configuring this.
|
||||||
|
|
||||||
# This homeserver's ReCAPTCHA public key.
|
# This homeserver's ReCAPTCHA public key. Must be specified if
|
||||||
|
# enable_registration_captcha is enabled.
|
||||||
#
|
#
|
||||||
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
|
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
|
||||||
|
|
||||||
# This homeserver's ReCAPTCHA private key.
|
# This homeserver's ReCAPTCHA private key. Must be specified if
|
||||||
|
# enable_registration_captcha is enabled.
|
||||||
#
|
#
|
||||||
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
||||||
|
|
||||||
# Enables ReCaptcha checks when registering, preventing signup
|
# Uncomment to enable ReCaptcha checks when registering, preventing signup
|
||||||
# unless a captcha is answered. Requires a valid ReCaptcha
|
# unless a captcha is answered. Requires a valid ReCaptcha
|
||||||
# public/private key.
|
# public/private key. Defaults to 'false'.
|
||||||
#
|
#
|
||||||
#enable_registration_captcha: false
|
#enable_registration_captcha: true
|
||||||
|
|
||||||
# A secret key used to bypass the captcha test entirely.
|
|
||||||
#
|
|
||||||
#captcha_bypass_secret: "YOUR_SECRET_HERE"
|
|
||||||
|
|
||||||
# The API endpoint to use for verifying m.login.recaptcha responses.
|
# The API endpoint to use for verifying m.login.recaptcha responses.
|
||||||
|
# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
|
||||||
#
|
#
|
||||||
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
|
#recaptcha_siteverify_api: "https://my.recaptcha.site"
|
||||||
|
|
||||||
|
|
||||||
## TURN ##
|
## TURN ##
|
||||||
@ -981,7 +1115,7 @@ account_validity:
|
|||||||
# If set, allows registration of standard or admin accounts by anyone who
|
# If set, allows registration of standard or admin accounts by anyone who
|
||||||
# has the shared secret, even if registration is otherwise disabled.
|
# has the shared secret, even if registration is otherwise disabled.
|
||||||
#
|
#
|
||||||
# registration_shared_secret: <PRIVATE STRING>
|
#registration_shared_secret: <PRIVATE STRING>
|
||||||
|
|
||||||
# Set the number of bcrypt rounds used to generate password hash.
|
# Set the number of bcrypt rounds used to generate password hash.
|
||||||
# Larger numbers increase the work factor needed to generate the hash.
|
# Larger numbers increase the work factor needed to generate the hash.
|
||||||
@ -1049,6 +1183,29 @@ account_threepid_delegates:
|
|||||||
#email: https://example.com # Delegate email sending to example.com
|
#email: https://example.com # Delegate email sending to example.com
|
||||||
#msisdn: http://localhost:8090 # Delegate SMS sending to this local process
|
#msisdn: http://localhost:8090 # Delegate SMS sending to this local process
|
||||||
|
|
||||||
|
# Whether users are allowed to change their displayname after it has
|
||||||
|
# been initially set. Useful when provisioning users based on the
|
||||||
|
# contents of a third-party directory.
|
||||||
|
#
|
||||||
|
# Does not apply to server administrators. Defaults to 'true'
|
||||||
|
#
|
||||||
|
#enable_set_displayname: false
|
||||||
|
|
||||||
|
# Whether users are allowed to change their avatar after it has been
|
||||||
|
# initially set. Useful when provisioning users based on the contents
|
||||||
|
# of a third-party directory.
|
||||||
|
#
|
||||||
|
# Does not apply to server administrators. Defaults to 'true'
|
||||||
|
#
|
||||||
|
#enable_set_avatar_url: false
|
||||||
|
|
||||||
|
# Whether users can change the 3PIDs associated with their accounts
|
||||||
|
# (email address and msisdn).
|
||||||
|
#
|
||||||
|
# Defaults to 'true'
|
||||||
|
#
|
||||||
|
enable_3pid_changes: false
|
||||||
|
|
||||||
# Users who register on this homeserver will automatically be joined
|
# Users who register on this homeserver will automatically be joined
|
||||||
# to these rooms
|
# to these rooms
|
||||||
#
|
#
|
||||||
@ -1084,13 +1241,15 @@ account_threepid_delegates:
|
|||||||
# enabled by default, either for performance reasons or limited use.
|
# enabled by default, either for performance reasons or limited use.
|
||||||
#
|
#
|
||||||
metrics_flags:
|
metrics_flags:
|
||||||
# Publish synapse_federation_known_servers, a g auge of the number of
|
# Publish synapse_federation_known_servers, a gauge of the number of
|
||||||
# servers this homeserver knows about, including itself. May cause
|
# servers this homeserver knows about, including itself. May cause
|
||||||
# performance problems on large homeservers.
|
# performance problems on large homeservers.
|
||||||
#
|
#
|
||||||
#known_servers: true
|
#known_servers: true
|
||||||
|
|
||||||
# Whether or not to report anonymized homeserver usage statistics.
|
# Whether or not to report anonymized homeserver usage statistics.
|
||||||
|
#
|
||||||
|
#report_stats: true|false
|
||||||
|
|
||||||
# The endpoint to report the anonymized homeserver usage statistics to.
|
# The endpoint to report the anonymized homeserver usage statistics to.
|
||||||
# Defaults to https://matrix.org/report-usage-stats/push
|
# Defaults to https://matrix.org/report-usage-stats/push
|
||||||
@ -1126,13 +1285,13 @@ metrics_flags:
|
|||||||
# the registration_shared_secret is used, if one is given; otherwise,
|
# the registration_shared_secret is used, if one is given; otherwise,
|
||||||
# a secret key is derived from the signing key.
|
# a secret key is derived from the signing key.
|
||||||
#
|
#
|
||||||
# macaroon_secret_key: <PRIVATE STRING>
|
#macaroon_secret_key: <PRIVATE STRING>
|
||||||
|
|
||||||
# a secret which is used to calculate HMACs for form values, to stop
|
# a secret which is used to calculate HMACs for form values, to stop
|
||||||
# falsification of values. Must be specified for the User Consent
|
# falsification of values. Must be specified for the User Consent
|
||||||
# forms to work.
|
# forms to work.
|
||||||
#
|
#
|
||||||
# form_secret: <PRIVATE STRING>
|
#form_secret: <PRIVATE STRING>
|
||||||
|
|
||||||
## Signing Keys ##
|
## Signing Keys ##
|
||||||
|
|
||||||
@ -1358,6 +1517,94 @@ saml2_config:
|
|||||||
#template_dir: "res/templates"
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
|
# Enable OpenID Connect for registration and login. Uses authlib.
|
||||||
|
#
|
||||||
|
oidc_config:
|
||||||
|
# enable OpenID Connect. Defaults to false.
|
||||||
|
#
|
||||||
|
#enabled: true
|
||||||
|
|
||||||
|
# use the OIDC discovery mechanism to discover endpoints. Defaults to true.
|
||||||
|
#
|
||||||
|
#discover: true
|
||||||
|
|
||||||
|
# the OIDC issuer. Used to validate tokens and discover the providers endpoints. Required.
|
||||||
|
#
|
||||||
|
#issuer: "https://accounts.example.com/"
|
||||||
|
|
||||||
|
# oauth2 client id to use. Required.
|
||||||
|
#
|
||||||
|
#client_id: "provided-by-your-issuer"
|
||||||
|
|
||||||
|
# oauth2 client secret to use. Required.
|
||||||
|
#
|
||||||
|
#client_secret: "provided-by-your-issuer"
|
||||||
|
|
||||||
|
# auth method to use when exchanging the token.
|
||||||
|
# Valid values are "client_secret_basic" (default), "client_secret_post" and "none".
|
||||||
|
#
|
||||||
|
#client_auth_method: "client_secret_basic"
|
||||||
|
|
||||||
|
# list of scopes to ask. This should include the "openid" scope. Defaults to ["openid"].
|
||||||
|
#
|
||||||
|
#scopes: ["openid"]
|
||||||
|
|
||||||
|
# the oauth2 authorization endpoint. Required if provider discovery is disabled.
|
||||||
|
#
|
||||||
|
#authorization_endpoint: "https://accounts.example.com/oauth2/auth"
|
||||||
|
|
||||||
|
# the oauth2 token endpoint. Required if provider discovery is disabled.
|
||||||
|
#
|
||||||
|
#token_endpoint: "https://accounts.example.com/oauth2/token"
|
||||||
|
|
||||||
|
# the OIDC userinfo endpoint. Required if discovery is disabled and the "openid" scope is not asked.
|
||||||
|
#
|
||||||
|
#userinfo_endpoint: "https://accounts.example.com/userinfo"
|
||||||
|
|
||||||
|
# URI where to fetch the JWKS. Required if discovery is disabled and the "openid" scope is used.
|
||||||
|
#
|
||||||
|
#jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
|
||||||
|
|
||||||
|
# skip metadata verification. Defaults to false.
|
||||||
|
# Use this if you are connecting to a provider that is not OpenID Connect compliant.
|
||||||
|
# Avoid this in production.
|
||||||
|
#
|
||||||
|
#skip_verification: false
|
||||||
|
|
||||||
|
|
||||||
|
# An external module can be provided here as a custom solution to mapping
|
||||||
|
# attributes returned from a OIDC provider onto a matrix user.
|
||||||
|
#
|
||||||
|
user_mapping_provider:
|
||||||
|
# The custom module's class. Uncomment to use a custom module.
|
||||||
|
# Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'.
|
||||||
|
#
|
||||||
|
#module: mapping_provider.OidcMappingProvider
|
||||||
|
|
||||||
|
# Custom configuration values for the module. Below options are intended
|
||||||
|
# for the built-in provider, they should be changed if using a custom
|
||||||
|
# module. This section will be passed as a Python dictionary to the
|
||||||
|
# module's `parse_config` method.
|
||||||
|
#
|
||||||
|
# Below is the config of the default mapping provider, based on Jinja2
|
||||||
|
# templates. Those templates are used to render user attributes, where the
|
||||||
|
# userinfo object is available through the `user` variable.
|
||||||
|
#
|
||||||
|
config:
|
||||||
|
# name of the claim containing a unique identifier for the user.
|
||||||
|
# Defaults to `sub`, which OpenID Connect compliant providers should provide.
|
||||||
|
#
|
||||||
|
#subject_claim: "sub"
|
||||||
|
|
||||||
|
# Jinja2 template for the localpart of the MXID
|
||||||
|
#
|
||||||
|
localpart_template: "<{ user.preferred_username }>"
|
||||||
|
|
||||||
|
# Jinja2 template for the display name to set on first login. Optional.
|
||||||
|
#
|
||||||
|
#display_name_template: "<{ user.given_name }> <{ user.last_name }>"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Enable CAS for registration and login.
|
# Enable CAS for registration and login.
|
||||||
#
|
#
|
||||||
@ -1383,6 +1630,10 @@ sso:
|
|||||||
# phishing attacks from evil.site. To avoid this, include a slash after the
|
# phishing attacks from evil.site. To avoid this, include a slash after the
|
||||||
# hostname: "https://my.client/".
|
# hostname: "https://my.client/".
|
||||||
#
|
#
|
||||||
|
# If public_baseurl is set, then the login fallback page (used by clients
|
||||||
|
# that don't natively support the required login flows) is whitelisted in
|
||||||
|
# addition to any URLs in this list.
|
||||||
|
#
|
||||||
# By default, this list is empty.
|
# By default, this list is empty.
|
||||||
#
|
#
|
||||||
#client_whitelist:
|
#client_whitelist:
|
||||||
@ -1414,6 +1665,37 @@ sso:
|
|||||||
#
|
#
|
||||||
# * server_name: the homeserver's name.
|
# * server_name: the homeserver's name.
|
||||||
#
|
#
|
||||||
|
# * HTML page which notifies the user that they are authenticating to confirm
|
||||||
|
# an operation on their account during the user interactive authentication
|
||||||
|
# process: 'sso_auth_confirm.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given the following variables:
|
||||||
|
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||||
|
# manual escaping (see
|
||||||
|
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * description: the operation which the user is being asked to confirm
|
||||||
|
#
|
||||||
|
# * HTML page shown after a successful user interactive authentication session:
|
||||||
|
# 'sso_auth_success.html'.
|
||||||
|
#
|
||||||
|
# Note that this page must include the JavaScript which notifies of a successful authentication
|
||||||
|
# (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
|
||||||
|
#
|
||||||
|
# This template has no additional variables.
|
||||||
|
#
|
||||||
|
# * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
|
||||||
|
# attempts to login: 'sso_account_deactivated.html'.
|
||||||
|
#
|
||||||
|
# This template has no additional variables.
|
||||||
|
#
|
||||||
|
# * HTML page to display to users if something goes wrong during the
|
||||||
|
# OpenID Connect authentication process: 'sso_error.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given two variables:
|
||||||
|
# * error: the technical name of the error
|
||||||
|
# * error_description: a human-readable message for the error
|
||||||
|
#
|
||||||
# You can see the default templates at:
|
# You can see the default templates at:
|
||||||
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
#
|
#
|
||||||
@ -1444,6 +1726,41 @@ password_config:
|
|||||||
#
|
#
|
||||||
#pepper: "EVEN_MORE_SECRET"
|
#pepper: "EVEN_MORE_SECRET"
|
||||||
|
|
||||||
|
# Define and enforce a password policy. Each parameter is optional.
|
||||||
|
# This is an implementation of MSC2000.
|
||||||
|
#
|
||||||
|
policy:
|
||||||
|
# Whether to enforce the password policy.
|
||||||
|
# Defaults to 'false'.
|
||||||
|
#
|
||||||
|
#enabled: true
|
||||||
|
|
||||||
|
# Minimum accepted length for a password.
|
||||||
|
# Defaults to 0.
|
||||||
|
#
|
||||||
|
#minimum_length: 15
|
||||||
|
|
||||||
|
# Whether a password must contain at least one digit.
|
||||||
|
# Defaults to 'false'.
|
||||||
|
#
|
||||||
|
#require_digit: true
|
||||||
|
|
||||||
|
# Whether a password must contain at least one symbol.
|
||||||
|
# A symbol is any character that's not a number or a letter.
|
||||||
|
# Defaults to 'false'.
|
||||||
|
#
|
||||||
|
#require_symbol: true
|
||||||
|
|
||||||
|
# Whether a password must contain at least one lowercase letter.
|
||||||
|
# Defaults to 'false'.
|
||||||
|
#
|
||||||
|
#require_lowercase: true
|
||||||
|
|
||||||
|
# Whether a password must contain at least one lowercase letter.
|
||||||
|
# Defaults to 'false'.
|
||||||
|
#
|
||||||
|
#require_uppercase: true
|
||||||
|
|
||||||
|
|
||||||
# Configuration for sending emails from Synapse.
|
# Configuration for sending emails from Synapse.
|
||||||
#
|
#
|
||||||
@ -1459,8 +1776,8 @@ email:
|
|||||||
# Username/password for authentication to the SMTP server. By default, no
|
# Username/password for authentication to the SMTP server. By default, no
|
||||||
# authentication is attempted.
|
# authentication is attempted.
|
||||||
#
|
#
|
||||||
# smtp_user: "exampleusername"
|
#smtp_user: "exampleusername"
|
||||||
# smtp_pass: "examplepassword"
|
#smtp_pass: "examplepassword"
|
||||||
|
|
||||||
# Uncomment the following to require TLS transport security for SMTP.
|
# Uncomment the following to require TLS transport security for SMTP.
|
||||||
# By default, Synapse will connect over plain text, and will then switch to
|
# By default, Synapse will connect over plain text, and will then switch to
|
||||||
@ -1552,6 +1869,17 @@ email:
|
|||||||
#template_dir: "res/templates"
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
|
# Password providers allow homeserver administrators to integrate
|
||||||
|
# their Synapse installation with existing authentication methods
|
||||||
|
# ex. LDAP, external tokens, etc.
|
||||||
|
#
|
||||||
|
# For more information and known implementations, please see
|
||||||
|
# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md
|
||||||
|
#
|
||||||
|
# Note: instances wishing to use SAML or CAS authentication should
|
||||||
|
# instead use the `saml2_config` or `cas_config` options,
|
||||||
|
# respectively.
|
||||||
|
#
|
||||||
password_providers:
|
password_providers:
|
||||||
- module: "ldap_auth_provider.LdapAuthProvider"
|
- module: "ldap_auth_provider.LdapAuthProvider"
|
||||||
config:
|
config:
|
||||||
@ -1585,10 +1913,17 @@ password_providers:
|
|||||||
# include_content: true
|
# include_content: true
|
||||||
|
|
||||||
|
|
||||||
#spam_checker:
|
# Spam checkers are third-party modules that can block specific actions
|
||||||
# module: "my_custom_project.SuperSpamChecker"
|
# of local users, such as creating rooms and registering undesirable
|
||||||
# config:
|
# usernames, as well as remote users by redacting incoming events.
|
||||||
# example_option: 'things'
|
#
|
||||||
|
spam_checker:
|
||||||
|
#- module: "my_custom_project.SuperSpamChecker"
|
||||||
|
# config:
|
||||||
|
# example_option: 'things'
|
||||||
|
#- module: "some_other_project.BadEventStopper"
|
||||||
|
# config:
|
||||||
|
# example_stop_events_from: ['@bad:example.com']
|
||||||
|
|
||||||
|
|
||||||
# Uncomment to allow non-server-admin users to create groups on this server
|
# Uncomment to allow non-server-admin users to create groups on this server
|
||||||
|
Loading…
Reference in New Issue
Block a user