infra/k8s/matrix/config-janky.solutions/homeserver.yaml

82 lines
2.6 KiB
YAML

server_name: "janky.solutions"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
- port: 8000
type: http
bind_addresses: ['0.0.0.0']
resources:
- names: [metrics]
database:
name: psycopg2
args:
host: janky-solutions-homeserver-database.matrix.svc.cluster.local
dbname: matrix
log_config: "/config/log.yaml"
media_store_path: /data/media_store
registration_shared_secret: "SECRET_registration_shared_secret"
report_stats: false
macaroon_secret_key: "SECRET_macaroon_secret_key"
form_secret: "SECRET_form_secret"
signing_key_path: "/secrets/janky.solutions.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
public_baseurl: https://matrix.janky.solutions
ip_range_whitelist: [10.5.1.245,10.5.1.1]
oidc_providers:
- idp_id: keycloak
idp_name: "Janky Solutions Auth"
issuer: "https://auth.janky.solutions/realms/janky.solutions"
client_id: "synapse"
client_secret: SECRET_oidc_secret
scopes: ["openid", "profile"]
user_mapping_provider:
config:
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name }}"
backchannel_logout_enabled: true # Optional
password_config:
enabled: false
app_service_config_files:
- /appservices/facebook.yaml
- /appservices/telegram.yaml
- /appservices/signal.yaml
media_storage_providers:
- module: s3_storage_provider.S3StorageProviderBackend
store_local: True
store_remote: True
store_synchronous: True
config:
bucket: matrix-media
# All of the below options are optional, for use with non-AWS S3-like
# services, or to specify access tokens here instead of some external method.
region_name: sea-01
endpoint_url: https://storage.home.finn.io
access_key_id: SECRET_AWS_ACCESS_KEY_ID
secret_access_key: SECRET_AWS_SECRET_ACCESS_KEY
# Server Side Encryption for Customer-provided keys
#sse_customer_key: <S3_SSEC_KEY>
# Your SSE-C algorithm is very likely AES256
# Default is AES256.
#sse_customer_algo: <S3_SSEC_ALGO>
# The object storage class used when uploading files to the bucket.
# Default is STANDARD.
#storage_class: "STANDARD_IA"
# Prefix for all media in bucket, can't be changed once media has been uploaded
# Useful if sharing the bucket between Synapses
# Blank if not provided
prefix: "janky.solutions/"
# The maximum number of concurrent threads which will be used to connect
# to S3. Each thread manages a single connection. Default is 40.
#
#threadpool_size: 20