server_name: "{{applications.matrix.server_name}}"
pid_file: /data/homeserver.pid
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false
database:
  name: psycopg2
  args:
    user: "{{database_username}}"
    password: "{{database_password}}"
    database: "{{database_name}}"
    host: "{{database_host}}"
    cp_min: 5
    cp_max: 10
log_config:                     "/data/{{domains.matrix_synapse}}.log.config"
media_store_path:               "/data/media_store"
registration_shared_secret:     "{{matrix_registration_shared_secret}}"
report_stats:                   true
macaroon_secret_key:            "{{matrix_macaroon_secret_key}}"
form_secret:                    "{{matrix_form_secret}}"
signing_key_path:               "/data/{{domains.matrix_synapse}}.signing.key"
web_client_location:            "https://{{domains.matrix_element}}"
public_baseurl:                 "https://{{domains.matrix_synapse}}"
trusted_key_servers:
  - server_name: "matrix.org"
admin_contact: 'mailto:{{users.administrator.email}}'

email:
  smtp_host:                    "{{system_email.host}}"
  smtp_port:                    "{{system_email.port}}"
  smtp_user:                    "{{system_email.from}}"
  smtp_pass:                    "{{system_email.password}}"
  #force_tls:                    true
  #require_transport_security:   true
  enable_tls:                   "{{ system_email.tls | upper }}"
  notif_from:                   "Your Friendly %(app)s homeserver <{{system_email.from}}>"
  app_name:                     "Matrix on {{domains.matrix_synapse}}"
  enable_notifs:                true
  notif_for_new_users:          false
  client_base_url:              "{{domains.matrix_synapse}}"
  validation_token_lifetime:    15m

{% if applications[application_id].oidc.enabled | bool %}
# @See https://matrix-org.github.io/synapse/latest/openid.html
oidc_providers:
  - idp_id: keycloak
    idp_name: "{{primary_domain | upper}} SSO"
    issuer: "{{oidc.client.issuer_url}}"
    client_id: "{{oidc.client.id}}"
    client_secret: "{{oidc.client.secret}}"
    scopes: ["openid", "profile"]
    user_mapping_provider:
      config:
        localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
        display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
    backchannel_logout_enabled: true
{% endif %}

app_service_config_files:
{% for item in bridges %}
  - {{registration_file_folder}}{{item.bridge_name}}.registration.yaml
{% endfor %}