till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 21:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/docker/matrix/homeserver.yaml
Till-JS 4d8c7f1a7c 🔧 chore: temporarily disable OIDC in synapse config 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 02:49:45 +01:00

220 lines
5.3 KiB
YAML
Raw Blame History

# ManaCore Matrix Synapse Configuration
# Documentation: https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "mana.how"
pid_file: /data/homeserver.pid
public_baseurl: https://matrix.mana.how/
# ============================================
# Listeners
# ============================================
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
# ============================================
# Database (PostgreSQL)
# ============================================
database:
name: psycopg2
txn_limit: 10000
args:
user: synapse
password: "synapse-secure-password"
database: matrix
host: postgres
port: 5432
cp_min: 5
cp_max: 10
# ============================================
# Logging
# ============================================
log_config: "/config/log.config.yaml"
# ============================================
# Media Storage
# ============================================
media_store_path: /data/media_store
max_upload_size: 50M
url_preview_enabled: true
url_preview_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '192.0.0.0/24'
- '169.254.0.0/16'
- '198.18.0.0/15'
- '192.0.2.0/24'
- '198.51.100.0/24'
- '203.0.113.0/24'
- '224.0.0.0/4'
- '::1/128'
- 'fe80::/10'
- 'fc00::/7'
- '2001:db8::/32'
- 'ff00::/8'
- 'fec0::/10'
# ============================================
# Registration & Authentication
# ============================================
enable_registration: false
enable_registration_without_verification: false
# Password config
password_config:
enabled: true
localdb_enabled: true
pepper: "${SYNAPSE_PASSWORD_PEPPER:-change-me-pepper}"
# Session lifetime (must be >= refresh_token_lifetime)
session_lifetime: 168h
refresh_token_lifetime: 168h
# ============================================
# Rate Limiting
# ============================================
rc_message:
per_second: 5
burst_count: 20
rc_registration:
per_second: 0.5
burst_count: 5
rc_login:
address:
per_second: 0.5
burst_count: 5
account:
per_second: 0.5
burst_count: 5
failed_attempts:
per_second: 0.5
burst_count: 5
# ============================================
# Federation
# ============================================
# Allow federation with other Matrix servers
federation_domain_whitelist: []
trusted_key_servers:
- server_name: "matrix.org"
# ============================================
# DSGVO / Data Retention
# ============================================
retention:
enabled: true
default_policy:
min_lifetime: 1d
max_lifetime: 365d
allowed_lifetime_min: 1d
allowed_lifetime_max: 365d
purge_jobs:
- longest_max_lifetime: 3d
interval: 12h
- shortest_max_lifetime: 365d
interval: 1d
# Forgotten room retention
forgotten_room_retention_period: 7d
# ============================================
# Security
# ============================================
signing_key_path: "/data/signing.key"
form_secret: "${SYNAPSE_FORM_SECRET:-change-me-form-secret}"
macaroon_secret_key: "${SYNAPSE_MACAROON_SECRET:-change-me-macaroon-secret}"
registration_shared_secret: "${SYNAPSE_REGISTRATION_SECRET:-change-me-registration-secret}"
# ============================================
# Application Services (for Bots)
# ============================================
app_service_config_files: []
# ============================================
# Metrics & Telemetry
# ============================================
report_stats: false
enable_metrics: true
metrics_port: 9002
# ============================================
# Caching
# ============================================
caches:
global_factor: 0.5
per_cache_factors: {}
expire_caches: true
cache_entry_ttl: 30m
# ============================================
# Background Tasks
# ============================================
run_background_tasks_on: synapse
# ============================================
# Email (optional, for password reset)
# ============================================
# email:
# smtp_host: smtp-relay.brevo.com
# smtp_port: 587
# smtp_user: "${SMTP_USER}"
# smtp_pass: "${SMTP_PASSWORD}"
# require_transport_security: true
# notif_from: "ManaCore Matrix <noreply@mana.how>"
# ============================================
# OIDC / SSO Configuration (Mana Core Auth)
# ============================================
# TEMPORARILY DISABLED - Fix OIDC client registration first
# Enable SSO via Mana Core Auth OIDC Provider
# oidc_providers:
# - idp_id: manacore
# idp_name: "Mana Core"
# idp_brand: "org.matrix.custom"
# discover: true
# issuer: "https://auth.mana.how"
# client_id: "matrix-synapse"
# client_secret: "ms-1ac3cfdd636e4688c927aa36feb1dfa79d84da73099a1dd9c9ceacb79a77e7cd"
# scopes: ["openid", "profile", "email"]
# user_mapping_provider:
# config:
# subject_claim: "sub"
# localpart_template: "{{ user.email.split('@')[0] }}"
# display_name_template: "{{ user.name }}"
# email_template: "{{ user.email }}"
# allow_existing_users: true
# enable_registration: true
# SSO UI Settings
# sso:
# client_whitelist:
# - "https://element.mana.how"
# - "https://matrix.mana.how"
Reference in a new issue View git blame Copy permalink