# https://github.com/element-hq/synapse/blob/master/docs/sample_config.yaml

# if you change this, change the auto_join_rooms below as well
server_name: "example.com"

pid_file: /run/synapse/homeserver.pid

public_baseurl: https://example.com/

listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['0.0.0.0']
    resources:
      - names: [client,federation]
        compress: false

database:
  name: "psycopg2"
  args:
    user: ${POSTGRESQL_USERNAME}
    password: ${POSTGRESQL_PASSWORD}
    database: ${POSTGRESQL_DATABASE}
    host: ${POSTGRESQL_HOST}
    cp_min: 5
    cp_max: 10

log_config: "/app/data/configs/log.config"
media_store_path: "/app/data/data/media_store"
registration_shared_secret: "some_shared_secret"
report_stats: false
macaroon_secret_key: "some_macaroon_secret"
form_secret: "some_form_secret"
signing_key_path: "/app/data/configs/signing.key"
trusted_key_servers:
  - server_name: "matrix.org"

## Cloudron packaging
email:
    smtp_host: mail.server
    smtp_port: 587
    smtp_user: "exampleusername"
    smtp_pass: "examplepassword"
    require_transport_security: false
    app_name: Matrix
    notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
    enable_notifs: true
    notif_for_new_users: true

# turn
turn_uris: []
turn_shared_secret: "sharedsecret"
turn_allow_guests: true

# sso (https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#single-sign-on-integration)
enable_registration: false
# without this, registration requires one of email/captcha/token verification
enable_registration_without_verification: true

oidc_providers:
  - idp_id: cloudron
    idp_name: "CLOUDRON_OIDC_PROVIDER_NAME"
    issuer: "CLOUDRON_OIDC_ISSUER"
    client_id: "CLOUDRON_OIDC_CLIENT_ID"
    client_secret: "CLOUDRON_OIDC_CLIENT_SECRET"
    scopes: ["openid", "profile", "email"]
    authorization_endpoint: "CLOUDRON_OIDC_AUTH_ENDPOINT"
    token_endpoint: "CLOUDRON_OIDC_TOKEN_ENDPOINT"
    userinfo_endpoint: "CLOUDRON_OIDC_AUTH_ENDPOINT"
    allow_existing_users: true
    enable_registration: true
    backchannel_logout_enabled: false
    user_mapping_provider:
      config:
        localpart_template: "{{ user.sub }}"
        display_name_template: "{{ user.name }}"
        email_template: "{{ user.email }}"

password_config:
    enabled: false
    localdb_enabled: false
    pepper: "some_pepper_secret"