---
# vim:ft=yaml
# {{ ansible_managed }}

signing_key_path: /run/secrets/signing-key
media_store_path: /data/media
log_config: /data/log.yaml

server_name: {{ synapse_server_name }}
public_baseurl: https://{{ synapse_external_domain }}/
report_stats: false

listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
  - port: 8009
    tls: false
    type: http
    x_forwarded: false
    resources:
      - names: [client]

database:
  name: psycopg2
  args:
    host: synapse-postgres
    user: synapse
    password: "{{ service_podman_secrets['synapse-postgres'] }}"
    dbname: synapse

caches:
  global_factor: 1.0

enable_registration: false
enable_3pid_changes: false
ui_auth:
  session_timeout: 5m
password_config:
  enabled: false

trusted_key_servers:
{% for server in synapse_trusted_key_servers %}
  - server_name: {{ server }}
{% endfor %}
suppress_key_server_warning: true

max_upload_sixe: "{{ synapse_max_upload_size }}"

{% if synapse_room_complexity_limit > 0 %}
limit_remote_rooms:
  enabled: true
  complexity: {{ synapse_room_complexity_limit }}
  complexity_error: "{{ synapse_room_complexity_error }}"
{% endif %}

url_preview_enabled: true
url_preview_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '192.0.0.0/24'
  - '169.254.0.0/16'
  - '192.88.99.0/24'
  - '198.18.0.0/15'
  - '192.0.2.0/24'
  - '198.51.100.0/24'
  - '203.0.113.0/24'
  - '224.0.0.0/4'
  - '::1/128'
  - 'fe80::/10'
  - 'fc00::/7'
  - '2001:db8::/32'
  - 'ff00::/8'
  - 'fec0::/10'

turn_uris: {{ synapse_turn_uris }}
{% if synapse_turn_uris | length > 0 %}
turn_shared_secret: {{ synapse_turn_shared_secret }}
{% endif %}
turn_user_lifetime: 1d
turn_allow_guests: false

{% if synapse_smtp_server | length > 0 %}
email:
  smtp_host: {{ synapse_smtp_server }}
  smtp_port: 587
  smtp_user: {{ synapse_smtp_user }}
  smtp_pass: {{ synapse_smtp_password }}
  require_transport_security: true

  notif_from: "{{ synapse_email_from }}"
  app_name: "{{ synapse_email_app_name }}"
  enable_notifs: true
  notif_for_new_users: false
  notif_delay_before_mail: 1h
{% endif %}

allow_public_rooms_over_federation: {{ synapse_allow_public_rooms_over_federation }}
auto_accept_invites: {{ synapse_auto_accept_invites }}
auto_join_rooms: {{ synapse_auto_join_rooms }}
autocreate_auto_join_rooms: false

experimental_features:
  msc3861:
    enabled: true
    issuer: http://matrix-authentication-service:8080/
    client_id: 0000000000000000000SYNAPSE
    client_auth_method: client_secret_basic
    client_secret: "{{ service_podman_secrets['synapse-mas-client-secret'] }}"
    admin_token: "{{ service_podman_secrets['synapse-mas-homeserver-secret'] }}"
    account_management_url: "https://{{ synapse_mas_domain }}/account"