0
0
Fork 0
mirror of https://github.com/matrix-org/dendrite synced 2024-12-15 03:23:46 +01:00
dendrite/dendrite-config.yaml
Neil Alexander 7d6461dd3c
Server key component (#1050)
* Server key API (works for monolith but not for polylith yet)

* Re-enable caching on server key API component

* Groundwork for HTTP APIs for server key API

* Hopefully implement HTTP for server key API

* Simplify public key request marshalling from map keys

* Update gomatrixserverlib

* go mod tidy

* Common -> internal

* remove keyring.go

* Update Docker Hub for server key API

* YAML is funny about indentation

* Wire in new server key API into hybrid monolith mode

* Create maps

* Route server key API endpoints on internal API mux

* Fix server key API URLs

* Add fetcher behaviour into server key API implementation

* Return error if we failed to fetch some keys

* Return results anyway

* Move things about a bit

* Remove unused code

* Fix comments, don't use federation sender URL in polylith mode

* Add server_key_api to sample config

* Review comments

* HTTP API to cache keys that have been requested

* Overwrite server_key_api listen in monolith hybrid mode
2020-05-27 10:19:24 +01:00

170 lines
6.7 KiB
YAML

# The config file format version
# This is used by dendrite to tell if it understands the config format.
# This will change if the structure of the config file changes or if the meaning
# of an existing config key changes.
version: 0
# The matrix specific config
matrix:
# The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'.
server_name: "example.com"
# The path to the PEM formatted matrix private key.
private_key: "/etc/dendrite/matrix_key.pem"
# The x509 certificates used by the federation listeners for this server
federation_certificates: ["/etc/dendrite/server.crt"]
# The list of identity servers trusted to verify third party identifiers by this server.
# Defaults to no trusted servers.
trusted_third_party_id_servers:
- vector.im
- matrix.org
# Perspective key servers which are used when direct key requests fail
#key_perspectives:
# - server_name: matrix.org
# keys:
# - key_id: ed25519:auto
# public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
# - key_id: ed25519:a_RXGa
# public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
# Disables new users from registering (except via shared secrets)
registration_disabled: false
# The media repository config
media:
# The base path to where the media files will be stored. May be relative or absolute.
base_path: /var/dendrite/media
# The maximum file size in bytes that is allowed to be stored on this server.
# Note: if max_file_size_bytes is set to 0, the size is unlimited.
# Note: if max_file_size_bytes is not set, it will default to 10485760 (10MB)
max_file_size_bytes: 10485760
# Whether to dynamically generate thumbnails on-the-fly if the requested resolution is not already generated
# NOTE: This is a possible denial-of-service attack vector - use at your own risk
dynamic_thumbnails: false
# A list of thumbnail sizes to be pre-generated for downloaded remote / uploaded content
# method is one of crop or scale. If omitted, it will default to scale.
# crop scales to fill the requested dimensions and crops the excess.
# scale scales to fit the requested dimensions and one dimension may be smaller than requested.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
# Metrics config for Prometheus
metrics:
# Whether or not metrics are enabled
enabled: false
# Use basic auth to protect the metrics. Uncomment to the complete block to enable.
#basic_auth:
# username: prometheusUser
# password: y0ursecr3tPa$$w0rd
# The config for the TURN server
turn:
# Whether or not guests can request TURN credentials
turn_allow_guests: true
# How long the authorization should last
turn_user_lifetime: "1h"
# The list of TURN URIs to pass to clients
turn_uris: []
# Authorization via Shared Secret
# The shared secret from coturn
turn_shared_secret: "<SECRET STRING GOES HERE>"
# Authorization via Static Username & Password
# Hardcoded Username and Password
turn_username: ""
turn_password: ""
# The config for communicating with kafka
kafka:
# Where the kafka servers are running.
addresses: ["localhost:9092"]
# Whether to use naffka instead of kafka.
# Naffka can only be used when running dendrite as a single monolithic server.
# Kafka can be used both with a monolithic server and when running the
# components as separate servers.
# If enabled database.naffka must also be specified.
use_naffka: false
# The names of the kafka topics to use.
topics:
output_room_event: roomserverOutput
output_client_data: clientapiOutput
output_typing_event: eduServerOutput
user_updates: userUpdates
# The postgres connection configs for connecting to the databases e.g a postgres:// URI
database:
account: "postgres://dendrite:itsasecret@localhost/dendrite_account?sslmode=disable"
device: "postgres://dendrite:itsasecret@localhost/dendrite_device?sslmode=disable"
media_api: "postgres://dendrite:itsasecret@localhost/dendrite_mediaapi?sslmode=disable"
sync_api: "postgres://dendrite:itsasecret@localhost/dendrite_syncapi?sslmode=disable"
room_server: "postgres://dendrite:itsasecret@localhost/dendrite_roomserver?sslmode=disable"
server_key: "postgres://dendrite:itsasecret@localhost/dendrite_serverkey?sslmode=disable"
federation_sender: "postgres://dendrite:itsasecret@localhost/dendrite_federationsender?sslmode=disable"
appservice: "postgres://dendrite:itsasecret@localhost/dendrite_appservice?sslmode=disable"
public_rooms_api: "postgres://dendrite:itsasecret@localhost/dendrite_publicroomsapi?sslmode=disable"
max_open_conns: 100
max_idle_conns: 2
conn_max_lifetime: -1
# If using naffka you need to specify a naffka database
# naffka: "postgres://dendrite:itsasecret@localhost/dendrite_naffka?sslmode=disable"
# The TCP host:port pairs to bind the internal HTTP APIs to.
# These shouldn't be exposed to the public internet.
# These aren't needed when running dendrite as a monolithic server.
listen:
room_server: "localhost:7770"
client_api: "localhost:7771"
federation_api: "localhost:7772"
sync_api: "localhost:7773"
media_api: "localhost:7774"
public_rooms_api: "localhost:7775"
federation_sender: "localhost:7776"
appservice_api: "localhost:7777"
edu_server: "localhost:7778"
key_server: "localhost:7779"
server_key_api: "localhost:7780"
# The configuration for tracing the dendrite components.
tracing:
# Config for the jaeger opentracing reporter.
# See https://godoc.org/github.com/uber/jaeger-client-go/config#Configuration
# for documentation.
jaeger:
disabled: true
# A list of application service config files to use
application_services:
config_files: []
# The configuration for dendrite logs
logging:
# The logging type, only "file" is supported at the moment
- type: "file"
# The logging level, must be one of debug, info, warn, error, fatal, panic.
level: "info"
# Parameters for this type of log
params:
# File logging must be given a path to a directory. Each component will write to a different file. Logs are rotated each day and gzipped
path: "/var/log/dendrite"
# It is possible to have multiple logging hooks at the same time.
# To save only errors in a different directory, uncomment the following.
# - type: "file"
# level: "error"
# params:
# path: "/var/log/dendrite/errors"