---

server_name: [[ .matrix.server_name ]]
public_baseurl: [[ .matrix.public_url ]]
report_stats: false

web_client: false

listeners:
  - path: /alloc/tmp/synapse.sock
    type: http
    resources:
      - names:
          - client
          - federation
        compress: false

database:
  name: psycopg2
  args:
    database: '[[ .postgres.database ]]'
[[- if ne .postgres.pooler.engine "none" ]]
    host: '127.0.0.1'
    port: '[[ .postgres.pooler.port ]]'
    user: '[[ .instance ]]'
    password: '{{ env "NOMAD_ALLOC_ID" }}'
[[- else ]]
    host: '[[ .postgres.host ]]'
    port: '[[ .postgres.port ]]'
    user: '[[ .postgres.user ]]'
    password: '[[ .postgres.password ]]'
[[- end ]]

trusted_key_servers:
  - server_name: "matrix.org"
suppress_key_server_warning: True

email:
  enable_notifs: true
  smtp_host: 127.0.0.1
  smtp_port: 25
  require_transport_security: false
  notif_from: "%(app)s <no-reply@[[ .consul.domain ]]>"
  notif_for_new_users: true
  client_base_url: [[ .matrix.public_url ]]

delete_stale_devices_after: 180d
max_avatar_size: 4M
allowed_avatar_mimetypes:
  - image/png
  - image/jpeg
  - image/gif
forgotten_room_retention_period: 15d
request_token_inhibit_3pid_errors: true

media_store_path: /data/media_store
media_retention:
  local_media_lifetime: 730d
  remote_media_lifetime: 14d

[[ if .matrix.synapse.url_preview.enabled ]]
url_preview_enabled: true
url_preview_ip_range_blacklist:
  [[- range $idx, $black := .matrix.synapse.url_preview.ip_range_blacklist ]]
  - [[ $black ]]
  [[- end ]]
url_preview_url_blacklist:
  [[- range $idx, $black := .matrix.synapse.url_preview.url_blacklist ]]
  - [[ $black | toYAML ]]
  [[- end ]]
[[- end ]]

default_identity_server: https://matrix.org

allow_guest_access: [[ .matrix.allow_guests ]]

macaroon_secret_key: '{{- with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.macaroon_secret_key }}{{ end }}'
form_secret: '{{- with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.form_secret }}{{ end }}'

sso:
  client_whitelist:
    - [[ .matrix.public_url ]]
  update_profile_information: true

password_config:
  enabled: false

push:
  include_content: event_id_only

server_notices:
  system_mxid_localpart: server
  system_mxid_display_name: "Notification bot"

alias_creation_rules:
  - user_id: '*'
    alias: '*'
    action: allow

log_config: /secrets/logging.conf
signing_key_path: /data/conf/[[ .matrix.server_name ]].signing.key