mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
Files
fix/ms22-audit
stack/docker/matrix/synapse/homeserver.yaml
Jason Woltje 7c7ad59002
All checks were successful
ci/woodpecker/push/infra Pipeline was successful
Details
Remove extra docker-compose and .env.exmple files.
2026-02-16 22:08:02 -06:00

145 lines
3.6 KiB
YAML
Raw Permalink Blame History

# ==============================================
# Synapse Homeserver Configuration — Production
# ==============================================
#
# Deploy to /opt/mosaic/synapse/homeserver.yaml on the Docker host.
#
# IMPORTANT: server_name is PERMANENT. It becomes part of every user ID
# (@user:server_name) and room alias. It cannot be changed after the
# database has been initialized without losing all data.
#
# Before first deploy, replace ALL placeholders marked REPLACE_*.
#
# ==============================================
# REPLACE with your Matrix domain (e.g. matrix.mosaicstack.dev)
# This is permanent — cannot be changed after first startup.
server_name: "REPLACE_MATRIX_DOMAIN"
pid_file: /data/homeserver.pid
public_baseurl: "https://REPLACE_MATRIX_DOMAIN/"
# ======================
# Network Listeners
# ======================
listeners:
- port: 8008
tls: false
type: http
# Traefik terminates TLS and forwards via X-Forwarded-For
x_forwarded: true
bind_addresses: ["0.0.0.0"]
resources:
- names: [client, federation]
compress: false
# ======================
# Database (Shared PostgreSQL)
# ======================
database:
name: psycopg2
txn_limit: 10000
args:
# Must match SYNAPSE_POSTGRES_USER / SYNAPSE_POSTGRES_PASSWORD
# from your Portainer environment variables
user: "REPLACE_SYNAPSE_DB_USER"
password: "REPLACE_SYNAPSE_DB_PASSWORD"
database: "REPLACE_SYNAPSE_DB_NAME"
host: "postgres"
port: 5432
cp_min: 5
cp_max: 10
# ======================
# Media Storage
# ======================
media_store_path: /data/media_store
max_upload_size: 50M
url_preview_enabled: true
url_preview_ip_range_blacklist:
- "127.0.0.0/8"
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
- "100.64.0.0/10"
- "192.0.0.0/24"
- "169.254.0.0/16"
- "198.18.0.0/15"
- "::1/128"
- "fe80::/10"
- "fc00::/7"
- "2001:db8::/32"
- "ff00::/8"
- "fec0::/10"
# ======================
# Registration
# ======================
# Public registration disabled. Create accounts via the admin API or CLI:
# docker exec -it <container> register_new_matrix_user \
# -u username -c /data/homeserver.yaml http://localhost:8008
enable_registration: false
# ======================
# Signing Keys
# ======================
# Auto-generated on first startup and persisted in /opt/mosaic/synapse/keys/
signing_key_path: "/data/keys/signing.key"
# ======================
# Trusted Key Servers
# ======================
# matrix.org is the default. Set to [] to disable federation key trust.
trusted_key_servers:
- server_name: "matrix.org"
# ======================
# Room Configuration
# ======================
enable_room_list_search: true
allow_public_rooms_over_federation: false
# ======================
# Rate Limiting
# ======================
rc_message:
per_second: 10
burst_count: 50
rc_registration:
per_second: 1
burst_count: 5
rc_login:
address:
per_second: 3
burst_count: 10
account:
per_second: 3
burst_count: 10
# ======================
# Logging
# ======================
# Synapse falls back to a basic console logger (stdout) when this file
# does not exist, which is ideal for Docker log collection.
log_config: "/data/log.config"
# ======================
# Secrets
# ======================
# Generate with: python3 -c 'import secrets; print(secrets.token_hex(32))'
report_stats: false
macaroon_secret_key: "REPLACE_MACAROON_SECRET"
form_secret: "REPLACE_FORM_SECRET"
# ======================
# Presence & Retention
# ======================
use_presence: true
retention:
enabled: true
default_policy:
min_lifetime: 1d
max_lifetime: 365d
Reference in New Issue View Git Blame Copy Permalink