Comment out most options in the generated config. (#4863)

Make it so that most options in the config are optional, and commented out in
the generated config.

The reasons this is a good thing are as follows:

* If we decide that we should change the default for an option, we can do so,
  and only those admins that have deliberately chosen to override that option
  will be stuck on the old setting.

* It moves us towards a point where we can get rid of the super-surprising
  feature of synapse where the default settings for the config come from the
  generated yaml.

* It makes setting up a test config for unit testing an order of magnitude
  easier (see forthcoming PR).

* It makes the generated config more consistent, and hopefully easier for users
  to understand.
This commit is contained in:
Richard van der Hoff 2019-03-19 10:06:40 +00:00 committed by GitHub
parent 282c97327f
commit fd463b4f5d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 230 additions and 171 deletions

1
changelog.d/4863.misc Normal file
View File

@ -0,0 +1 @@
Comment out most options in the generated config.

View File

@ -63,11 +63,11 @@ pid_file: DATADIR/homeserver.pid
# Zero is used to indicate synapse should set the soft limit to the # Zero is used to indicate synapse should set the soft limit to the
# hard limit. # hard limit.
# #
soft_file_limit: 0 #soft_file_limit: 0
# Set to false to disable presence tracking on this homeserver. # Set to false to disable presence tracking on this homeserver.
# #
use_presence: true #use_presence: false
# The GC threshold parameters to pass to `gc.set_threshold`, if defined # The GC threshold parameters to pass to `gc.set_threshold`, if defined
# #
@ -359,7 +359,8 @@ database:
database: "DATADIR/homeserver.db" database: "DATADIR/homeserver.db"
# Number of events to cache in memory. # Number of events to cache in memory.
event_cache_size: "10K" #
#event_cache_size: 10K
## Logging ## ## Logging ##
@ -373,11 +374,11 @@ log_config: "CONFDIR/SERVERNAME.log.config"
# Number of messages a client can send per second # Number of messages a client can send per second
# #
rc_messages_per_second: 0.2 #rc_messages_per_second: 0.2
# Number of message a client can send before being throttled # Number of message a client can send before being throttled
# #
rc_message_burst_count: 10.0 #rc_message_burst_count: 10.0
# Ratelimiting settings for registration and login. # Ratelimiting settings for registration and login.
# #
@ -415,27 +416,27 @@ rc_message_burst_count: 10.0
# The federation window size in milliseconds # The federation window size in milliseconds
# #
federation_rc_window_size: 1000 #federation_rc_window_size: 1000
# The number of federation requests from a single server in a window # The number of federation requests from a single server in a window
# before the server will delay processing the request. # before the server will delay processing the request.
# #
federation_rc_sleep_limit: 10 #federation_rc_sleep_limit: 10
# The duration in milliseconds to delay processing events from # The duration in milliseconds to delay processing events from
# remote servers by if they go over the sleep limit. # remote servers by if they go over the sleep limit.
# #
federation_rc_sleep_delay: 500 #federation_rc_sleep_delay: 500
# The maximum number of concurrent federation requests allowed # The maximum number of concurrent federation requests allowed
# from a single server # from a single server
# #
federation_rc_reject_limit: 50 #federation_rc_reject_limit: 50
# The number of federation requests to concurrently process from a # The number of federation requests to concurrently process from a
# single server # single server
# #
federation_rc_concurrent: 3 #federation_rc_concurrent: 3
@ -464,11 +465,11 @@ uploads_path: "DATADIR/uploads"
# The largest allowed upload size in bytes # The largest allowed upload size in bytes
# #
max_upload_size: "10M" #max_upload_size: 10M
# Maximum number of pixels that will be thumbnailed # Maximum number of pixels that will be thumbnailed
# #
max_image_pixels: "32M" #max_image_pixels: 32M
# Whether to generate new thumbnails on the fly to precisely match # Whether to generate new thumbnails on the fly to precisely match
# the resolution requested by the client. If true then whenever # the resolution requested by the client. If true then whenever
@ -476,32 +477,32 @@ max_image_pixels: "32M"
# generate a new thumbnail. If false the server will pick a thumbnail # generate a new thumbnail. If false the server will pick a thumbnail
# from a precalculated list. # from a precalculated list.
# #
dynamic_thumbnails: false #dynamic_thumbnails: false
# List of thumbnails to precalculate when an image is uploaded. # List of thumbnails to precalculate when an image is uploaded.
# #
thumbnail_sizes: #thumbnail_sizes:
- width: 32 # - width: 32
height: 32 # height: 32
method: crop # method: crop
- width: 96 # - width: 96
height: 96 # height: 96
method: crop # method: crop
- width: 320 # - width: 320
height: 240 # height: 240
method: scale # method: scale
- width: 640 # - width: 640
height: 480 # height: 480
method: scale # method: scale
- width: 800 # - width: 800
height: 600 # height: 600
method: scale # method: scale
# Is the preview URL API enabled? If enabled, you *must* specify # Is the preview URL API enabled? If enabled, you *must* specify
# an explicit url_preview_ip_range_blacklist of IPs that the spider is # an explicit url_preview_ip_range_blacklist of IPs that the spider is
# denied from accessing. # denied from accessing.
# #
url_preview_enabled: False #url_preview_enabled: false
# List of IP address CIDR ranges that the URL preview spider is denied # List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. There are no defaults: you must explicitly # from accessing. There are no defaults: you must explicitly
@ -566,8 +567,8 @@ url_preview_enabled: False
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' # - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
# The largest allowed URL preview spidering size in bytes # The largest allowed URL preview spidering size in bytes
max_spider_size: "10M" #
#max_spider_size: 10M
## Captcha ## ## Captcha ##
@ -575,23 +576,25 @@ max_spider_size: "10M"
# This Home Server's ReCAPTCHA public key. # This Home Server's ReCAPTCHA public key.
# #
recaptcha_public_key: "YOUR_PUBLIC_KEY" #recaptcha_public_key: "YOUR_PUBLIC_KEY"
# This Home Server's ReCAPTCHA private key. # This Home Server's ReCAPTCHA private key.
# #
recaptcha_private_key: "YOUR_PRIVATE_KEY" #recaptcha_private_key: "YOUR_PRIVATE_KEY"
# Enables ReCaptcha checks when registering, preventing signup # Enables ReCaptcha checks when registering, preventing signup
# unless a captcha is answered. Requires a valid ReCaptcha # unless a captcha is answered. Requires a valid ReCaptcha
# public/private key. # public/private key.
# #
enable_registration_captcha: False #enable_registration_captcha: false
# A secret key used to bypass the captcha test entirely. # A secret key used to bypass the captcha test entirely.
#
#captcha_bypass_secret: "YOUR_SECRET_HERE" #captcha_bypass_secret: "YOUR_SECRET_HERE"
# The API endpoint to use for verifying m.login.recaptcha responses. # The API endpoint to use for verifying m.login.recaptcha responses.
recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify" #
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
## TURN ## ## TURN ##
@ -612,7 +615,7 @@ recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
# How long generated TURN credentials last # How long generated TURN credentials last
# #
turn_user_lifetime: "1h" #turn_user_lifetime: 1h
# Whether guests should be allowed to use the TURN server. # Whether guests should be allowed to use the TURN server.
# This defaults to True, otherwise VoIP will be unreliable for guests. # This defaults to True, otherwise VoIP will be unreliable for guests.
@ -620,15 +623,17 @@ turn_user_lifetime: "1h"
# connect to arbitrary endpoints without having first signed up for a # connect to arbitrary endpoints without having first signed up for a
# valid account (e.g. by passing a CAPTCHA). # valid account (e.g. by passing a CAPTCHA).
# #
turn_allow_guests: True #turn_allow_guests: True
## Registration ## ## Registration ##
#
# Registration can be rate-limited using the parameters in the "Ratelimiting" # Registration can be rate-limited using the parameters in the "Ratelimiting"
# section of this file. # section of this file.
# Enable registration for new users. # Enable registration for new users.
enable_registration: False #
#enable_registration: false
# The user must provide all of the below types of 3PID when registering. # The user must provide all of the below types of 3PID when registering.
# #
@ -639,7 +644,7 @@ enable_registration: False
# Explicitly disable asking for MSISDNs from the registration # Explicitly disable asking for MSISDNs from the registration
# flow (overrides registrations_require_3pid if MSISDNs are set as required) # flow (overrides registrations_require_3pid if MSISDNs are set as required)
# #
#disable_msisdn_registration: True #disable_msisdn_registration: true
# Mandate that users are only allowed to associate certain formats of # Mandate that users are only allowed to associate certain formats of
# 3PIDs with accounts on this server. # 3PIDs with accounts on this server.
@ -663,13 +668,13 @@ enable_registration: False
# N.B. that increasing this will exponentially increase the time required # N.B. that increasing this will exponentially increase the time required
# to register or login - e.g. 24 => 2^24 rounds which will take >20 mins. # to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
# #
bcrypt_rounds: 12 #bcrypt_rounds: 12
# Allows users to register as guests without a password/email/etc, and # Allows users to register as guests without a password/email/etc, and
# participate in rooms hosted on this server which have been made # participate in rooms hosted on this server which have been made
# accessible to anonymous users. # accessible to anonymous users.
# #
allow_guest_access: False #allow_guest_access: false
# The identity server which we suggest that clients should use when users log # The identity server which we suggest that clients should use when users log
# in on this server. # in on this server.
@ -685,9 +690,9 @@ allow_guest_access: False
# Also defines the ID server which will be called when an account is # Also defines the ID server which will be called when an account is
# deactivated (one will be picked arbitrarily). # deactivated (one will be picked arbitrarily).
# #
trusted_third_party_id_servers: #trusted_third_party_id_servers:
- matrix.org # - matrix.org
- vector.im # - vector.im
# Users who register on this homeserver will automatically be joined # Users who register on this homeserver will automatically be joined
# to these rooms # to these rooms
@ -701,14 +706,14 @@ trusted_third_party_id_servers:
# Setting to false means that if the rooms are not manually created, # Setting to false means that if the rooms are not manually created,
# users cannot be auto-joined since they do not exist. # users cannot be auto-joined since they do not exist.
# #
autocreate_auto_join_rooms: true #autocreate_auto_join_rooms: true
## Metrics ### ## Metrics ###
# Enable collection and rendering of performance metrics # Enable collection and rendering of performance metrics
# #
enable_metrics: False #enable_metrics: False
# Enable sentry integration # Enable sentry integration
# NOTE: While attempts are made to ensure that the logs don't contain # NOTE: While attempts are made to ensure that the logs don't contain
@ -728,22 +733,24 @@ enable_metrics: False
# A list of event types that will be included in the room_invite_state # A list of event types that will be included in the room_invite_state
# #
room_invite_state_types: #room_invite_state_types:
- "m.room.join_rules" # - "m.room.join_rules"
- "m.room.canonical_alias" # - "m.room.canonical_alias"
- "m.room.avatar" # - "m.room.avatar"
- "m.room.encryption" # - "m.room.encryption"
- "m.room.name" # - "m.room.name"
# A list of application service config file to use # A list of application service config files to use
# #
app_service_config_files: [] #app_service_config_files:
# - app_service_1.yaml
# - app_service_2.yaml
# Whether or not to track application service IP addresses. Implicitly # Uncomment to enable tracking of application service IP addresses. Implicitly
# enables MAU tracking for application service users. # enables MAU tracking for application service users.
# #
track_appservice_user_ips: False #track_appservice_user_ips: True
# a secret which is used to sign access tokens. If none is specified, # a secret which is used to sign access tokens. If none is specified,
@ -754,7 +761,7 @@ track_appservice_user_ips: False
# Used to enable access token expiration. # Used to enable access token expiration.
# #
expire_access_token: False #expire_access_token: False
# a secret which is used to calculate HMACs for form values, to stop # a secret which is used to calculate HMACs for form values, to stop
# falsification of values. Must be specified for the User Consent # falsification of values. Must be specified for the User Consent
@ -783,17 +790,16 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
# Determines how quickly servers will query to check which keys # Determines how quickly servers will query to check which keys
# are still valid. # are still valid.
# #
key_refresh_interval: "1d" # 1 Day. #key_refresh_interval: 1d
# The trusted servers to download signing keys from. # The trusted servers to download signing keys from.
# #
perspectives: #perspectives:
servers: # servers:
"matrix.org": # "matrix.org":
verify_keys: # verify_keys:
"ed25519:auto": # "ed25519:auto":
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" # key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
# Enable SAML2 for registration and login. Uses pysaml2. # Enable SAML2 for registration and login. Uses pysaml2.
@ -858,14 +864,15 @@ perspectives:
# algorithm: "HS256" # algorithm: "HS256"
# Enable password for login.
#
password_config: password_config:
enabled: true # Uncomment to disable password login
#
#enabled: false
# Uncomment and change to a secret random string for extra security. # Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP! # DO NOT CHANGE THIS AFTER INITIAL SETUP!
#pepper: "" #
#pepper: "EVEN_MORE_SECRET"
@ -934,9 +941,9 @@ password_config:
# example_option: 'things' # example_option: 'things'
# Whether to allow non server admins to create groups on this server # Uncomment to allow non-server-admin users to create groups on this server
# #
enable_group_creation: false #enable_group_creation: true
# If enabled, non server admins can only create groups with local parts # If enabled, non server admins can only create groups with local parts
# starting with this prefix # starting with this prefix

View File

@ -34,10 +34,10 @@ class ApiConfig(Config):
# A list of event types that will be included in the room_invite_state # A list of event types that will be included in the room_invite_state
# #
room_invite_state_types: #room_invite_state_types:
- "{JoinRules}" # - "{JoinRules}"
- "{CanonicalAlias}" # - "{CanonicalAlias}"
- "{RoomAvatar}" # - "{RoomAvatar}"
- "{RoomEncryption}" # - "{RoomEncryption}"
- "{Name}" # - "{Name}"
""".format(**vars(EventTypes)) """.format(**vars(EventTypes))

View File

@ -37,14 +37,16 @@ class AppServiceConfig(Config):
def default_config(cls, **kwargs): def default_config(cls, **kwargs):
return """\ return """\
# A list of application service config file to use # A list of application service config files to use
# #
app_service_config_files: [] #app_service_config_files:
# - app_service_1.yaml
# - app_service_2.yaml
# Whether or not to track application service IP addresses. Implicitly # Uncomment to enable tracking of application service IP addresses. Implicitly
# enables MAU tracking for application service users. # enables MAU tracking for application service users.
# #
track_appservice_user_ips: False #track_appservice_user_ips: True
""" """

View File

@ -18,11 +18,16 @@ from ._base import Config
class CaptchaConfig(Config): class CaptchaConfig(Config):
def read_config(self, config): def read_config(self, config):
self.recaptcha_private_key = config["recaptcha_private_key"] self.recaptcha_private_key = config.get("recaptcha_private_key")
self.recaptcha_public_key = config["recaptcha_public_key"] self.recaptcha_public_key = config.get("recaptcha_public_key")
self.enable_registration_captcha = config["enable_registration_captcha"] self.enable_registration_captcha = config.get(
"enable_registration_captcha", False
)
self.captcha_bypass_secret = config.get("captcha_bypass_secret") self.captcha_bypass_secret = config.get("captcha_bypass_secret")
self.recaptcha_siteverify_api = config["recaptcha_siteverify_api"] self.recaptcha_siteverify_api = config.get(
"recaptcha_siteverify_api",
"https://www.recaptcha.net/recaptcha/api/siteverify",
)
def default_config(self, **kwargs): def default_config(self, **kwargs):
return """\ return """\
@ -31,21 +36,23 @@ class CaptchaConfig(Config):
# This Home Server's ReCAPTCHA public key. # This Home Server's ReCAPTCHA public key.
# #
recaptcha_public_key: "YOUR_PUBLIC_KEY" #recaptcha_public_key: "YOUR_PUBLIC_KEY"
# This Home Server's ReCAPTCHA private key. # This Home Server's ReCAPTCHA private key.
# #
recaptcha_private_key: "YOUR_PRIVATE_KEY" #recaptcha_private_key: "YOUR_PRIVATE_KEY"
# Enables ReCaptcha checks when registering, preventing signup # Enables ReCaptcha checks when registering, preventing signup
# unless a captcha is answered. Requires a valid ReCaptcha # unless a captcha is answered. Requires a valid ReCaptcha
# public/private key. # public/private key.
# #
enable_registration_captcha: False #enable_registration_captcha: false
# A secret key used to bypass the captcha test entirely. # A secret key used to bypass the captcha test entirely.
#
#captcha_bypass_secret: "YOUR_SECRET_HERE" #captcha_bypass_secret: "YOUR_SECRET_HERE"
# The API endpoint to use for verifying m.login.recaptcha responses. # The API endpoint to use for verifying m.login.recaptcha responses.
recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify" #
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
""" """

View File

@ -60,7 +60,8 @@ class DatabaseConfig(Config):
database: "%(database_path)s" database: "%(database_path)s"
# Number of events to cache in memory. # Number of events to cache in memory.
event_cache_size: "10K" #
#event_cache_size: 10K
""" % locals() """ % locals()
def read_arguments(self, args): def read_arguments(self, args):

View File

@ -23,9 +23,9 @@ class GroupsConfig(Config):
def default_config(self, **kwargs): def default_config(self, **kwargs):
return """\ return """\
# Whether to allow non server admins to create groups on this server # Uncomment to allow non-server-admin users to create groups on this server
# #
enable_group_creation: false #enable_group_creation: true
# If enabled, non server admins can only create groups with local parts # If enabled, non server admins can only create groups with local parts
# starting with this prefix # starting with this prefix

View File

@ -43,10 +43,16 @@ class KeyConfig(Config):
config.get("old_signing_keys", {}) config.get("old_signing_keys", {})
) )
self.key_refresh_interval = self.parse_duration( self.key_refresh_interval = self.parse_duration(
config["key_refresh_interval"] config.get("key_refresh_interval", "1d"),
) )
self.perspectives = self.read_perspectives( self.perspectives = self.read_perspectives(
config["perspectives"] config.get("perspectives", {}).get("servers", {
"matrix.org": {"verify_keys": {
"ed25519:auto": {
"key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw",
}
}}
})
) )
self.macaroon_secret_key = config.get( self.macaroon_secret_key = config.get(
@ -88,7 +94,7 @@ class KeyConfig(Config):
# Used to enable access token expiration. # Used to enable access token expiration.
# #
expire_access_token: False #expire_access_token: False
# a secret which is used to calculate HMACs for form values, to stop # a secret which is used to calculate HMACs for form values, to stop
# falsification of values. Must be specified for the User Consent # falsification of values. Must be specified for the User Consent
@ -117,21 +123,21 @@ class KeyConfig(Config):
# Determines how quickly servers will query to check which keys # Determines how quickly servers will query to check which keys
# are still valid. # are still valid.
# #
key_refresh_interval: "1d" # 1 Day. #key_refresh_interval: 1d
# The trusted servers to download signing keys from. # The trusted servers to download signing keys from.
# #
perspectives: #perspectives:
servers: # servers:
"matrix.org": # "matrix.org":
verify_keys: # verify_keys:
"ed25519:auto": # "ed25519:auto":
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" # key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
""" % locals() """ % locals()
def read_perspectives(self, perspectives_config): def read_perspectives(self, perspectives_servers):
servers = {} servers = {}
for server_name, server_config in perspectives_config["servers"].items(): for server_name, server_config in perspectives_servers.items():
for key_id, key_data in server_config["verify_keys"].items(): for key_id, key_data in server_config["verify_keys"].items():
if is_signing_algorithm_supported(key_id): if is_signing_algorithm_supported(key_id):
key_base64 = key_data["key"] key_base64 = key_data["key"]

View File

@ -24,7 +24,7 @@ MISSING_SENTRY = (
class MetricsConfig(Config): class MetricsConfig(Config):
def read_config(self, config): def read_config(self, config):
self.enable_metrics = config["enable_metrics"] self.enable_metrics = config.get("enable_metrics", False)
self.report_stats = config.get("report_stats", None) self.report_stats = config.get("report_stats", None)
self.metrics_port = config.get("metrics_port") self.metrics_port = config.get("metrics_port")
self.metrics_bind_host = config.get("metrics_bind_host", "127.0.0.1") self.metrics_bind_host = config.get("metrics_bind_host", "127.0.0.1")
@ -48,7 +48,7 @@ class MetricsConfig(Config):
# Enable collection and rendering of performance metrics # Enable collection and rendering of performance metrics
# #
enable_metrics: False #enable_metrics: False
# Enable sentry integration # Enable sentry integration
# NOTE: While attempts are made to ensure that the logs don't contain # NOTE: While attempts are made to ensure that the logs don't contain

View File

@ -22,16 +22,21 @@ class PasswordConfig(Config):
def read_config(self, config): def read_config(self, config):
password_config = config.get("password_config", {}) password_config = config.get("password_config", {})
if password_config is None:
password_config = {}
self.password_enabled = password_config.get("enabled", True) self.password_enabled = password_config.get("enabled", True)
self.password_pepper = password_config.get("pepper", "") self.password_pepper = password_config.get("pepper", "")
def default_config(self, config_dir_path, server_name, **kwargs): def default_config(self, config_dir_path, server_name, **kwargs):
return """ return """\
# Enable password for login.
#
password_config: password_config:
enabled: true # Uncomment to disable password login
#
#enabled: false
# Uncomment and change to a secret random string for extra security. # Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP! # DO NOT CHANGE THIS AFTER INITIAL SETUP!
#pepper: "" #
#pepper: "EVEN_MORE_SECRET"
""" """

View File

@ -24,8 +24,8 @@ class RateLimitConfig(object):
class RatelimitConfig(Config): class RatelimitConfig(Config):
def read_config(self, config): def read_config(self, config):
self.rc_messages_per_second = config["rc_messages_per_second"] self.rc_messages_per_second = config.get("rc_messages_per_second", 0.2)
self.rc_message_burst_count = config["rc_message_burst_count"] self.rc_message_burst_count = config.get("rc_message_burst_count", 10.0)
self.rc_registration = RateLimitConfig(config.get("rc_registration", {})) self.rc_registration = RateLimitConfig(config.get("rc_registration", {}))
@ -36,11 +36,11 @@ class RatelimitConfig(Config):
rc_login_config.get("failed_attempts", {}), rc_login_config.get("failed_attempts", {}),
) )
self.federation_rc_window_size = config["federation_rc_window_size"] self.federation_rc_window_size = config.get("federation_rc_window_size", 1000)
self.federation_rc_sleep_limit = config["federation_rc_sleep_limit"] self.federation_rc_sleep_limit = config.get("federation_rc_sleep_limit", 10)
self.federation_rc_sleep_delay = config["federation_rc_sleep_delay"] self.federation_rc_sleep_delay = config.get("federation_rc_sleep_delay", 500)
self.federation_rc_reject_limit = config["federation_rc_reject_limit"] self.federation_rc_reject_limit = config.get("federation_rc_reject_limit", 50)
self.federation_rc_concurrent = config["federation_rc_concurrent"] self.federation_rc_concurrent = config.get("federation_rc_concurrent", 3)
def default_config(self, **kwargs): def default_config(self, **kwargs):
return """\ return """\
@ -48,11 +48,11 @@ class RatelimitConfig(Config):
# Number of messages a client can send per second # Number of messages a client can send per second
# #
rc_messages_per_second: 0.2 #rc_messages_per_second: 0.2
# Number of message a client can send before being throttled # Number of message a client can send before being throttled
# #
rc_message_burst_count: 10.0 #rc_message_burst_count: 10.0
# Ratelimiting settings for registration and login. # Ratelimiting settings for registration and login.
# #
@ -90,25 +90,25 @@ class RatelimitConfig(Config):
# The federation window size in milliseconds # The federation window size in milliseconds
# #
federation_rc_window_size: 1000 #federation_rc_window_size: 1000
# The number of federation requests from a single server in a window # The number of federation requests from a single server in a window
# before the server will delay processing the request. # before the server will delay processing the request.
# #
federation_rc_sleep_limit: 10 #federation_rc_sleep_limit: 10
# The duration in milliseconds to delay processing events from # The duration in milliseconds to delay processing events from
# remote servers by if they go over the sleep limit. # remote servers by if they go over the sleep limit.
# #
federation_rc_sleep_delay: 500 #federation_rc_sleep_delay: 500
# The maximum number of concurrent federation requests allowed # The maximum number of concurrent federation requests allowed
# from a single server # from a single server
# #
federation_rc_reject_limit: 50 #federation_rc_reject_limit: 50
# The number of federation requests to concurrently process from a # The number of federation requests to concurrently process from a
# single server # single server
# #
federation_rc_concurrent: 3 #federation_rc_concurrent: 3
""" """

View File

@ -24,7 +24,7 @@ class RegistrationConfig(Config):
def read_config(self, config): def read_config(self, config):
self.enable_registration = bool( self.enable_registration = bool(
strtobool(str(config["enable_registration"])) strtobool(str(config.get("enable_registration", False)))
) )
if "disable_registration" in config: if "disable_registration" in config:
self.enable_registration = not bool( self.enable_registration = not bool(
@ -36,7 +36,10 @@ class RegistrationConfig(Config):
self.registration_shared_secret = config.get("registration_shared_secret") self.registration_shared_secret = config.get("registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12) self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"] self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers",
["matrix.org", "vector.im"],
)
self.default_identity_server = config.get("default_identity_server") self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False) self.allow_guest_access = config.get("allow_guest_access", False)
@ -64,11 +67,13 @@ class RegistrationConfig(Config):
return """\ return """\
## Registration ## ## Registration ##
#
# Registration can be rate-limited using the parameters in the "Ratelimiting" # Registration can be rate-limited using the parameters in the "Ratelimiting"
# section of this file. # section of this file.
# Enable registration for new users. # Enable registration for new users.
enable_registration: False #
#enable_registration: false
# The user must provide all of the below types of 3PID when registering. # The user must provide all of the below types of 3PID when registering.
# #
@ -79,7 +84,7 @@ class RegistrationConfig(Config):
# Explicitly disable asking for MSISDNs from the registration # Explicitly disable asking for MSISDNs from the registration
# flow (overrides registrations_require_3pid if MSISDNs are set as required) # flow (overrides registrations_require_3pid if MSISDNs are set as required)
# #
#disable_msisdn_registration: True #disable_msisdn_registration: true
# Mandate that users are only allowed to associate certain formats of # Mandate that users are only allowed to associate certain formats of
# 3PIDs with accounts on this server. # 3PIDs with accounts on this server.
@ -103,13 +108,13 @@ class RegistrationConfig(Config):
# N.B. that increasing this will exponentially increase the time required # N.B. that increasing this will exponentially increase the time required
# to register or login - e.g. 24 => 2^24 rounds which will take >20 mins. # to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
# #
bcrypt_rounds: 12 #bcrypt_rounds: 12
# Allows users to register as guests without a password/email/etc, and # Allows users to register as guests without a password/email/etc, and
# participate in rooms hosted on this server which have been made # participate in rooms hosted on this server which have been made
# accessible to anonymous users. # accessible to anonymous users.
# #
allow_guest_access: False #allow_guest_access: false
# The identity server which we suggest that clients should use when users log # The identity server which we suggest that clients should use when users log
# in on this server. # in on this server.
@ -125,9 +130,9 @@ class RegistrationConfig(Config):
# Also defines the ID server which will be called when an account is # Also defines the ID server which will be called when an account is
# deactivated (one will be picked arbitrarily). # deactivated (one will be picked arbitrarily).
# #
trusted_third_party_id_servers: #trusted_third_party_id_servers:
- matrix.org # - matrix.org
- vector.im # - vector.im
# Users who register on this homeserver will automatically be joined # Users who register on this homeserver will automatically be joined
# to these rooms # to these rooms
@ -141,7 +146,7 @@ class RegistrationConfig(Config):
# Setting to false means that if the rooms are not manually created, # Setting to false means that if the rooms are not manually created,
# users cannot be auto-joined since they do not exist. # users cannot be auto-joined since they do not exist.
# #
autocreate_auto_join_rooms: true #autocreate_auto_join_rooms: true
""" % locals() """ % locals()
def add_arguments(self, parser): def add_arguments(self, parser):

View File

@ -19,6 +19,36 @@ from synapse.util.module_loader import load_module
from ._base import Config, ConfigError from ._base import Config, ConfigError
DEFAULT_THUMBNAIL_SIZES = [
{
"width": 32,
"height": 32,
"method": "crop",
}, {
"width": 96,
"height": 96,
"method": "crop",
}, {
"width": 320,
"height": 240,
"method": "scale",
}, {
"width": 640,
"height": 480,
"method": "scale",
}, {
"width": 800,
"height": 600,
"method": "scale"
},
]
THUMBNAIL_SIZE_YAML = """\
# - width: %(width)i
# height: %(height)i
# method: %(method)s
"""
MISSING_NETADDR = ( MISSING_NETADDR = (
"Missing netaddr library. This is required for URL preview API." "Missing netaddr library. This is required for URL preview API."
) )
@ -77,9 +107,9 @@ def parse_thumbnail_requirements(thumbnail_sizes):
class ContentRepositoryConfig(Config): class ContentRepositoryConfig(Config):
def read_config(self, config): def read_config(self, config):
self.max_upload_size = self.parse_size(config["max_upload_size"]) self.max_upload_size = self.parse_size(config.get("max_upload_size", "10M"))
self.max_image_pixels = self.parse_size(config["max_image_pixels"]) self.max_image_pixels = self.parse_size(config.get("max_image_pixels", "32M"))
self.max_spider_size = self.parse_size(config["max_spider_size"]) self.max_spider_size = self.parse_size(config.get("max_spider_size", "10M"))
self.media_store_path = self.ensure_directory(config["media_store_path"]) self.media_store_path = self.ensure_directory(config["media_store_path"])
@ -139,9 +169,9 @@ class ContentRepositoryConfig(Config):
) )
self.uploads_path = self.ensure_directory(config["uploads_path"]) self.uploads_path = self.ensure_directory(config["uploads_path"])
self.dynamic_thumbnails = config["dynamic_thumbnails"] self.dynamic_thumbnails = config.get("dynamic_thumbnails", False)
self.thumbnail_requirements = parse_thumbnail_requirements( self.thumbnail_requirements = parse_thumbnail_requirements(
config["thumbnail_sizes"] config.get("thumbnail_sizes", DEFAULT_THUMBNAIL_SIZES),
) )
self.url_preview_enabled = config.get("url_preview_enabled", False) self.url_preview_enabled = config.get("url_preview_enabled", False)
if self.url_preview_enabled: if self.url_preview_enabled:
@ -178,6 +208,13 @@ class ContentRepositoryConfig(Config):
def default_config(self, data_dir_path, **kwargs): def default_config(self, data_dir_path, **kwargs):
media_store = os.path.join(data_dir_path, "media_store") media_store = os.path.join(data_dir_path, "media_store")
uploads_path = os.path.join(data_dir_path, "uploads") uploads_path = os.path.join(data_dir_path, "uploads")
formatted_thumbnail_sizes = "".join(
THUMBNAIL_SIZE_YAML % s for s in DEFAULT_THUMBNAIL_SIZES
)
# strip final NL
formatted_thumbnail_sizes = formatted_thumbnail_sizes[:-1]
return r""" return r"""
# Directory where uploaded images and attachments are stored. # Directory where uploaded images and attachments are stored.
# #
@ -204,11 +241,11 @@ class ContentRepositoryConfig(Config):
# The largest allowed upload size in bytes # The largest allowed upload size in bytes
# #
max_upload_size: "10M" #max_upload_size: 10M
# Maximum number of pixels that will be thumbnailed # Maximum number of pixels that will be thumbnailed
# #
max_image_pixels: "32M" #max_image_pixels: 32M
# Whether to generate new thumbnails on the fly to precisely match # Whether to generate new thumbnails on the fly to precisely match
# the resolution requested by the client. If true then whenever # the resolution requested by the client. If true then whenever
@ -216,32 +253,18 @@ class ContentRepositoryConfig(Config):
# generate a new thumbnail. If false the server will pick a thumbnail # generate a new thumbnail. If false the server will pick a thumbnail
# from a precalculated list. # from a precalculated list.
# #
dynamic_thumbnails: false #dynamic_thumbnails: false
# List of thumbnails to precalculate when an image is uploaded. # List of thumbnails to precalculate when an image is uploaded.
# #
thumbnail_sizes: #thumbnail_sizes:
- width: 32 %(formatted_thumbnail_sizes)s
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
# Is the preview URL API enabled? If enabled, you *must* specify # Is the preview URL API enabled? If enabled, you *must* specify
# an explicit url_preview_ip_range_blacklist of IPs that the spider is # an explicit url_preview_ip_range_blacklist of IPs that the spider is
# denied from accessing. # denied from accessing.
# #
url_preview_enabled: False #url_preview_enabled: false
# List of IP address CIDR ranges that the URL preview spider is denied # List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. There are no defaults: you must explicitly # from accessing. There are no defaults: you must explicitly
@ -306,6 +329,6 @@ class ContentRepositoryConfig(Config):
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' # - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
# The largest allowed URL preview spidering size in bytes # The largest allowed URL preview spidering size in bytes
max_spider_size: "10M" #
#max_spider_size: 10M
""" % locals() """ % locals()

View File

@ -64,7 +64,7 @@ class SAML2Config(Config):
} }
def default_config(self, config_dir_path, server_name, **kwargs): def default_config(self, config_dir_path, server_name, **kwargs):
return """ return """\
# Enable SAML2 for registration and login. Uses pysaml2. # Enable SAML2 for registration and login. Uses pysaml2.
# #
# `sp_config` is the configuration for the pysaml2 Service Provider. # `sp_config` is the configuration for the pysaml2 Service Provider.

View File

@ -45,7 +45,7 @@ class ServerConfig(Config):
self.pid_file = self.abspath(config.get("pid_file")) self.pid_file = self.abspath(config.get("pid_file"))
self.web_client_location = config.get("web_client_location", None) self.web_client_location = config.get("web_client_location", None)
self.soft_file_limit = config["soft_file_limit"] self.soft_file_limit = config.get("soft_file_limit", 0)
self.daemonize = config.get("daemonize") self.daemonize = config.get("daemonize")
self.print_pidfile = config.get("print_pidfile") self.print_pidfile = config.get("print_pidfile")
self.user_agent_suffix = config.get("user_agent_suffix") self.user_agent_suffix = config.get("user_agent_suffix")
@ -307,11 +307,11 @@ class ServerConfig(Config):
# Zero is used to indicate synapse should set the soft limit to the # Zero is used to indicate synapse should set the soft limit to the
# hard limit. # hard limit.
# #
soft_file_limit: 0 #soft_file_limit: 0
# Set to false to disable presence tracking on this homeserver. # Set to false to disable presence tracking on this homeserver.
# #
use_presence: true #use_presence: false
# The GC threshold parameters to pass to `gc.set_threshold`, if defined # The GC threshold parameters to pass to `gc.set_threshold`, if defined
# #

View File

@ -22,7 +22,9 @@ class VoipConfig(Config):
self.turn_shared_secret = config.get("turn_shared_secret") self.turn_shared_secret = config.get("turn_shared_secret")
self.turn_username = config.get("turn_username") self.turn_username = config.get("turn_username")
self.turn_password = config.get("turn_password") self.turn_password = config.get("turn_password")
self.turn_user_lifetime = self.parse_duration(config["turn_user_lifetime"]) self.turn_user_lifetime = self.parse_duration(
config.get("turn_user_lifetime", "1h"),
)
self.turn_allow_guests = config.get("turn_allow_guests", True) self.turn_allow_guests = config.get("turn_allow_guests", True)
def default_config(self, **kwargs): def default_config(self, **kwargs):
@ -45,7 +47,7 @@ class VoipConfig(Config):
# How long generated TURN credentials last # How long generated TURN credentials last
# #
turn_user_lifetime: "1h" #turn_user_lifetime: 1h
# Whether guests should be allowed to use the TURN server. # Whether guests should be allowed to use the TURN server.
# This defaults to True, otherwise VoIP will be unreliable for guests. # This defaults to True, otherwise VoIP will be unreliable for guests.
@ -53,5 +55,5 @@ class VoipConfig(Config):
# connect to arbitrary endpoints without having first signed up for a # connect to arbitrary endpoints without having first signed up for a
# valid account (e.g. by passing a CAPTCHA). # valid account (e.g. by passing a CAPTCHA).
# #
turn_allow_guests: True #turn_allow_guests: True
""" """