computer-playbook/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2

server_name: "{{ MATRIX_SERVER_NAME }}"
pid_file: /data/homeserver.pid
max_upload_size: {{ client_max_body_size }}
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false
database:
  name: psycopg2
  args:
    user: "{{ database_username }}"
    password: "{{ database_password }}"
    database: "{{ database_name }}"
    host: "{{ database_host }}"
    cp_min: 5
    cp_max: {{ POSTGRES_ALLOWED_AVG_CONNECTIONS }}
log_config:                     "{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}"
media_store_path:               "/data/media_store"
registration_shared_secret:     "{{ MATRIX_REGISTRATION_SHARED_SECRET }}"
report_stats:                   true
macaroon_secret_key:            "{{ applications | get_app_conf(application_id, 'credentials.macaroon_secret_key') }}"
form_secret:                    "{{ applications | get_app_conf(application_id, 'credentials.form_secret') }}"
signing_key_path:               "/data/{{ MATRIX_SYNAPSE_DOMAIN }}.signing.key"
web_client_location:            "{{ WEB_PROTOCOL }}://{{ domains[application_id].element}}"
public_baseurl:                 "{{ MATRIX_SYNAPSE_URL }}"
trusted_key_servers:
  - server_name: "matrix.org"
admin_contact: 'mailto:{{ users.administrator.email }}'

email:
  smtp_host:                    "{{ SYSTEM_EMAIL.HOST }}"
  smtp_port:                    "{{ SYSTEM_EMAIL.PORT }}"
  smtp_user:                    "{{ users['no-reply'].email }}"
  smtp_pass:                    "{{ users['no-reply'].mailu_token }}"
  #force_tls:                    true
  #require_transport_security:   true
  enable_tls:                   "{{ SYSTEM_EMAIL.TLS | upper }}"
  notif_from:                   "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
  app_name:                     "Matrix on {{ MATRIX_SYNAPSE_DOMAIN }}"
  enable_notifs:                true
  notif_for_new_users:          false
  client_base_url:              "{{ MATRIX_SYNAPSE_DOMAIN }}"
  validation_token_lifetime:    15m

{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
# @See https://matrix-org.github.io/synapse/latest/openid.html
oidc_providers:
  - idp_id:         keycloak
    idp_name:       "{{ OIDC.BUTTON_TEXT }}"
    issuer:         "{{ OIDC.CLIENT.ISSUER_URL }}"
    client_id:      "{{ OIDC.CLIENT.ID }}"
    client_secret:  "{{ OIDC.CLIENT.SECRET }}"
    scopes: ["openid", "profile"]
    user_mapping_provider:
      config:
        localpart_template: "{% raw %}{{ user.{% endraw %}{{ OIDC.ATTRIBUTES.USERNAME }}{% raw %}}}{% endraw %}"
        display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
    backchannel_logout_enabled: true
{% endif %}

{% if MATRIX_BRIDGES | bool %}
app_service_config_files:
{% for item in MATRIX_BRIDGES %}
  - {{ MATRIX_REGISTRATION_FILE_FOLDER }}{{ item.bridge_name }}.registration.yaml
{% endfor %}
{% endif %}