http: listeners: - name: web resources: - name: discovery - name: human - name: oauth - name: compat - name: graphql - name: assets binds: - address: "[::]:8080" proxy_protocol: false - name: internal resources: - name: health binds: - host: "0.0.0.0" port: 8081 proxy_protocol: false trusted_proxies: - 192.168.0.0/16 - 172.16.0.0/12 - 10.0.0.0/10 - 127.0.0.1/8 - fd00::/8 - ::1/128 public_base: https://matrix-auth.janky.solutions/ # issuer: http://[::]:8080/ database: uri: postgresql://mas@janky-solutions-homeserver-database.matrix.svc.cluster.local/mas max_connections: 10 min_connections: 0 connect_timeout: 30 idle_timeout: 600 max_lifetime: 1800 email: from: '"Matrix Authentication Service" ' reply_to: '"Matrix Authentication Service" ' transport: blackhole secrets: encryption: SECRET_ENCRYPTION keys: - kid: fjm6GxWLms key: | SECRET_KEY_0 - kid: SszPRpg6Lm key: | SECRET_KEY_1 - kid: f3dAhzd5lq key: | SECRET_KEY_2 - kid: yLREYJJQV4 key: | SECRET_KEY_3 passwords: enabled: false matrix: homeserver: janky.solutions secret: SECRET_ADMIN_SECRET endpoint: http://homeserver-janky-solutions:8008/ clients: - client_id: 01J5VH0VE08DMM5TMNSS9A4J31 client_auth_method: client_secret_basic client_secret: SECRET_CLIENT_SECRET metrics: exporter: prometheus upstream_oauth2: providers: - id: 01J5VF4J9NQQP1E2MAWQFHPMG8 human_name: Janky Solutions issuer: https://auth.janky.solutions/realms/janky.solutions token_endpoint_auth_method: client_secret_basic client_id: matrix client_secret: "SECRET_oidc_secret" scope: "openid profile email" claims_imports: localpart: action: require template: "{{ user.preferred_username }}" displayname: action: suggest template: "{{ user.name }}" email: action: require template: "{{ user.name }}@janky.solutions" set_email_verification: always account: email_change_allowed: true