# MAS configuration template for Cloudron per https://element-hq.github.io/matrix-authentication-service/setup/

server:
  bind_address: "0.0.0.0"
  port: ${MAS_PORT}

site:
  base_url: "https://${MAS_DOMAIN}"
  developer_mode: false

logging:
  level: info

metrics:
  enabled: false

database:
  provider: postgresql
  host: "${CLOUDRON_POSTGRESQL_HOST}"
  port: ${CLOUDRON_POSTGRESQL_PORT}
  username: "${CLOUDRON_POSTGRESQL_USERNAME}"
  password: "${CLOUDRON_POSTGRESQL_PASSWORD}"
  database: "${CLOUDRON_POSTGRESQL_DATABASE}_mas"

oidc:
  issuer: "https://${MAS_DOMAIN}"
  clients:
    - id: "synapse"
      secret: "${MAS_OIDC_CLIENT_SECRET}"
      redirect_uris:
        - "${CLOUDRON_APP_ORIGIN}/_synapse/client/oidc/callback"
      response_types:
        - "code"
      grant_types:
        - "authorization_code"
        - "refresh_token"
      scopes:
        - "openid"
        - "profile"
        - "email"

homeserver:
  name: "${CLOUDRON_APP_DOMAIN}"
  public_baseurl: "${CLOUDRON_APP_ORIGIN}"
  discovery_url: "${CLOUDRON_APP_ORIGIN}/.well-known/openid-configuration"

assets:
  frontend: "/app/pkg/mas/share/assets"
  manifest: "/app/pkg/mas/share/manifest.json"
  policy: "/app/pkg/mas/share/policy.wasm"
  translations: "/app/pkg/mas/share/translations"
secrets:
  encryption_file: "${MAS_ENCRYPTION_FILE}"
  keys_dir: "/app/data/configs/mas-keys"