server_name: "janky.solutions" pid_file: /data/homeserver.pid listeners: - port: 8008 tls: false type: http x_forwarded: true resources: - names: [client, federation] compress: false - port: 8000 type: metrics enable_metrics: true database: name: psycopg2 args: host: janky-solutions-homeserver-database.matrix.svc.cluster.local dbname: matrix log_config: "/config/log.yaml" media_store_path: /data/media_store registration_shared_secret: "SECRET_registration_shared_secret" report_stats: false form_secret: "SECRET_form_secret" signing_key_path: "/secrets/janky.solutions.signing.key" trusted_key_servers: - server_name: "matrix.org" public_baseurl: https://matrix.janky.solutions ip_range_whitelist: [10.5.1.245,10.5.1.1] # oidc_providers: # - idp_id: keycloak # idp_name: "Janky Solutions Auth" # issuer: "https://auth.janky.solutions/realms/janky.solutions/" # client_id: "synapse" # client_secret: SECRET_oidc_secret # scopes: ["openid", "profile"] # user_mapping_provider: # config: # localpart_template: "{{ user.preferred_username }}" # display_name_template: "{{ user.name }}" # backchannel_logout_enabled: true # Optional password_config: enabled: false app_service_config_files: - /appservices/facebook.yaml - /appservices/telegram.yaml - /appservices/signal.yaml media_storage_providers: - module: s3_storage_provider.S3StorageProviderBackend store_local: True store_remote: True store_synchronous: True config: bucket: matrix-media # All of the below options are optional, for use with non-AWS S3-like # services, or to specify access tokens here instead of some external method. region_name: sea-01 endpoint_url: https://storage.home.finn.io access_key_id: SECRET_AWS_ACCESS_KEY_ID secret_access_key: SECRET_AWS_SECRET_ACCESS_KEY # Server Side Encryption for Customer-provided keys #sse_customer_key: # Your SSE-C algorithm is very likely AES256 # Default is AES256. #sse_customer_algo: # The object storage class used when uploading files to the bucket. # Default is STANDARD. #storage_class: "STANDARD_IA" # Prefix for all media in bucket, can't be changed once media has been uploaded # Useful if sharing the bucket between Synapses # Blank if not provided prefix: "janky.solutions/" # The maximum number of concurrent threads which will be used to connect # to S3. Each thread manages a single connection. Default is 40. # #threadpool_size: 20 experimental_features: msc3861: enabled: true # Synapse will call `{issuer}/.well-known/openid-configuration` to get the OIDC configuration issuer: https://matrix-auth.janky.solutions/ # Matches the `client_id` in the auth service config client_id: 01J5VH0VE08DMM5TMNSS9A4J31 # Matches the `client_auth_method` in the auth service config client_auth_method: client_secret_basic # Matches the `client_secret` in the auth service config client_secret: "SECRET_CLIENT_SECRET" # Matches the `matrix.secret` in the auth service config admin_token: "SECRET_ADMIN_SECRET" # URL to advertise to clients where users can self-manage their account account_management_url: "https://matrix-auth.janky.solutions/account"