dendrite-config.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

# The config file format version
# This is used by dendrite to tell if it understands the config format.
# This will change if the structure of the config file changes or if the meaning
# of an existing config key changes.
version: 0

# The matrix specific config
matrix:
    # The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'.
    server_name: "example.com"
    # The path to the PEM formatted matrix private key.
    private_key: "/etc/dendrite/matrix_key.pem"
    # The x509 certificates used by the federation listeners for this server
    federation_certificates: ["/etc/dendrite/server.crt"]
    # The list of identity servers trusted to verify third party identifiers by this server.
    # Defaults to no trusted servers.
    trusted_third_party_id_servers:
      - vector.im
      - matrix.org
    # Perspective key servers which are used when direct key requests fail
    #key_perspectives:
    #  - server_name: matrix.org
    #    keys:
    #      - key_id: ed25519:auto
    #        public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
    #      - key_id: ed25519:a_RXGa
    #        public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
    # Disables new users from registering (except via shared secrets)
    registration_disabled: false

# The media repository config
media:
    # The base path to where the media files will be stored. May be relative or absolute.
    base_path: /var/dendrite/media

    # The maximum file size in bytes that is allowed to be stored on this server.
    # Note: if max_file_size_bytes is set to 0, the size is unlimited.
    # Note: if max_file_size_bytes is not set, it will default to 10485760 (10MB)
    max_file_size_bytes: 10485760

    # Whether to dynamically generate thumbnails on-the-fly if the requested resolution is not already generated
    # NOTE: This is a possible denial-of-service attack vector - use at your own risk
    dynamic_thumbnails: false

    # A list of thumbnail sizes to be pre-generated for downloaded remote / uploaded content
    # method is one of crop or scale. If omitted, it will default to scale.
    # crop scales to fill the requested dimensions and crops the excess.
    # scale scales to fit the requested dimensions and one dimension may be smaller than requested.
    thumbnail_sizes:
      - width: 32
        height: 32
        method: crop
      - width: 96
        height: 96
        method: crop
      - width: 320
        height: 240
        method: scale
      - width: 640
        height: 480
        method: scale
      - width: 800
        height: 600
        method: scale

# Metrics config for Prometheus
metrics:
    # Whether or not metrics are enabled
    enabled: false
    # Use basic auth to protect the metrics. Uncomment to the complete block to enable.
    #basic_auth:
    #  username: prometheusUser
    #  password: y0ursecr3tPa$$w0rd

# The config for the TURN server
turn:
    # Whether or not guests can request TURN credentials
    turn_allow_guests: true
    # How long the authorization should last
    turn_user_lifetime: "1h"
    # The list of TURN URIs to pass to clients
    turn_uris: []

    # Authorization via Shared Secret
    # The shared secret from coturn
    turn_shared_secret: "<SECRET STRING GOES HERE>"

    # Authorization via Static Username & Password
    # Hardcoded Username and Password
    turn_username: ""
    turn_password: ""

# The config for communicating with kafka
kafka:
    # Where the kafka servers are running.
    addresses: ["localhost:9092"]
    # Whether to use naffka instead of kafka.
    # Naffka can only be used when running dendrite as a single monolithic server.
    # Kafka can be used both with a monolithic server and when running the
    # components as separate servers.
    # If enabled database.naffka must also be specified.
    use_naffka: false
    # The names of the kafka topics to use.
    topics:
        output_room_event: roomserverOutput
        output_client_data: clientapiOutput
        output_typing_event: eduServerTypingOutput
        output_send_to_device_event: eduServerSendToDeviceOutput
        user_updates: userUpdates

# The postgres connection configs for connecting to the databases, e.g.
# for Postgres: postgres://username:password@hostname/database
# for SQLite: file:filename.db or file:///path/to/filename.db
database:
    account: "postgres://dendrite:itsasecret@localhost/dendrite_account?sslmode=disable"
    device: "postgres://dendrite:itsasecret@localhost/dendrite_device?sslmode=disable"
    media_api: "postgres://dendrite:itsasecret@localhost/dendrite_mediaapi?sslmode=disable"
    sync_api: "postgres://dendrite:itsasecret@localhost/dendrite_syncapi?sslmode=disable"
    room_server: "postgres://dendrite:itsasecret@localhost/dendrite_roomserver?sslmode=disable"
    server_key: "postgres://dendrite:itsasecret@localhost/dendrite_serverkey?sslmode=disable"
    federation_sender: "postgres://dendrite:itsasecret@localhost/dendrite_federationsender?sslmode=disable"
    appservice: "postgres://dendrite:itsasecret@localhost/dendrite_appservice?sslmode=disable"
    current_state: "postgres://dendrite:itsasecret@localhost/dendrite_currentstate?sslmode=disable"
    e2e_key: "postgres://dendrite:itsasecret@localhost/dendrite_e2ekey?sslmode=disable"
    max_open_conns: 100
    max_idle_conns: 2
    conn_max_lifetime: -1
    # If 'use_naffka: true' set above then you need to specify a naffka database
    # naffka: "postgres://dendrite:itsasecret@localhost/dendrite_naffka?sslmode=disable"

# The TCP host:port pairs to bind the internal HTTP APIs to.
# These shouldn't be exposed to the public internet.
# These aren't needed when running dendrite as a monolithic server.
listen:
    room_server: "localhost:7770"
    client_api: "localhost:7771"
    federation_api: "localhost:7772"
    sync_api: "localhost:7773"
    media_api: "localhost:7774"
    federation_sender: "localhost:7776"
    appservice_api: "localhost:7777"
    edu_server: "localhost:7778"
    key_server: "localhost:7779"
    server_key_api: "localhost:7780"
    user_api: "localhost:7781"
    current_state_server: "localhost:7782"

# The configuration for tracing the dendrite components.
tracing:
    # Config for the jaeger opentracing reporter.
    # See https://godoc.org/github.com/uber/jaeger-client-go/config#Configuration
    # for documentation.
    jaeger:
        disabled: true

# A list of application service config files to use
application_services:
    config_files: []

# The configuration for dendrite logs
logging:
    # The logging type, only "file" is supported at the moment
    - type: "file"
      # The logging level, must be one of debug, info, warn, error, fatal, panic.
      level: "info"
      # Parameters for this type of log
      params:
        # File logging must be given a path to a directory. Each component will write to a different file. Logs are rotated each day and gzipped
        path: "/var/log/dendrite"
    # It is possible to have multiple logging hooks at the same time.
    # To save only errors in a different directory, uncomment the following.
    # - type: "file"
    #   level: "error"
    #   params:
    #     path: "/var/log/dendrite/errors"