# Configuration file for Synapse.
#
# Note: Commented-out values that came from the default config are, strangely,
# the non-default options.
#
# This file is managed via Ansible; any changes made here will be overwritten
#

## Server ##
pid_file: "/var/run/matrix-synapse.pid"
public_baseurl: https://matrix.9iron.club/
filter_timeline_limit: 5000
federation_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '169.254.0.0/16'
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']
    resources:
      - names: [client, federation]
        compress: false

## Homeserver blocking ##
admin_contact: '{{ matrix.admin_contact }}'
#hs_disabled: false
#hs_disabled_message: '{{ matrix_disabled_message }}'
retention:
  enabled: true
  default_policy:
    max_lifetime: 3y

## Database ##
database:
  name: psycopg2
  args:
    user: matrix
    password: '{{ matrix.db_password }}'
    database: matrix
    host: '{{ matrix_db_hostname }}'
    cp_min: 5
    cp_max: 10
#  name: sqlite3
#  args:
#    database: /var/lib/matrix-synapse/homeserver.db

## Logging ##
log_config: "/etc/matrix-synapse/log.yaml"

## Ratelimiting ##
rc_message:
  per_second: 0.3
  burst_count: 10
rc_registration:
  per_second: 0.17
  burst_count: 3
rc_login:
  address:
    per_second: 0.17
    burst_count: 3
  account:
    per_second: 0.17
    burst_count: 3
  failed_attempts:
    per_second: 0.17
    burst_count: 3
rc_admin_redaction:
  per_second: 2
  burst_count: 50
rc_federation:
  window_size: 1000
  sleep_limit: 10
  sleep_delay: 500
  reject_limit: 50
  concurrent: 3

## Media Store ##
media_store_path: "/var/lib/matrix-synapse/media"
max_upload_size: 32M
max_image_pixels: 32M
url_preview_enabled: true
url_preview_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '169.254.0.0/16'
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'
url_preview_url_blacklist:
  # blacklist any URL with a username in its URI
  - username: '*'
  # blacklist all plain HTTP URLs
  - scheme: 'http'
max_spider_size: 10M

## Registration ##
enable_registration: {{ matrix.enable_registration }}
enable_3pid_lookup: true
default_identity_server: https://vector.im
auto_join_rooms:
  - "#welcome:9iron.club"

## Signing Keys ##
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
trusted_key_servers:
  - server_name: "matrix.org"

## Email ##
email:
  smtp_host: email-smtp.us-east-1.amazonaws.com
  smtp_port: 587
  smtp_user: "{{ aws.ses.user }}"
  smtp_pass: "{{ aws.ses.pass }}"
  require_transport_security: true
  notif_from: "%(app)s <noreply@9iron.club>"
  app_name: "9iron Matrix"

## Privileges ##
enable_group_creation: true