server_name: ${synapse_domain}
pid_file: /var/run/matrix-synapse/homeserver.pid
public_baseurl: https://${synapse_public_fqdn}/

listeners:
  - port: ${synapse_local_client_port}
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']
    resources:
      - names: [client]
        compress: false

  - port: ${synapse_local_federation_port}
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']
    resources:
      - names: [federation]
        compress: false

email:
  smtp_host: ${smtp_host}
  smtp_port: 25
  notif_from: ${synapse_email_from}
  enable_notifs: true

client_base_url: https://${synapse_public_fqdn}

database:
  name: psycopg2
  args:
    user: ${synapse_username}
    database: ${synapse_dbname}
    host: ${synapse_dbhost}
    cp_min: 5
    cp_max: 10
    keepalives_idle: 10
    keepalives_interval: 10
    keepalives_count: 3

log_config: ${synapse_conf_dir}/log.config

media_store_path: ${synapse_db_dir}/media_store
media_retention:
  local_media_retention: ${synapse_local_media_retention}
  remote_media_retention: ${synapse_remote_media_retention}
max_upload_size: ${synapse_upload_sizelimit}

url_preview_enabled: true
url_preview_ip_range_whitelist: []
url_preview_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '192.0.0.0/24'
  - '169.254.0.0/16'
  - '192.88.99.0/24'
  - '198.18.0.0/15'
  - '192.0.2.0/24'
  - '198.51.100.0/24'
  - '203.0.113.0/24'
  - '224.0.0.0/4'
  - '::1/128'
  - 'fe80::/10'
  - 'fc00::/7'
  - '2001:db8::/32'
  - 'ff00::/8'
  - 'fec0::/10'

enable_registration: false
auto_join_rooms: []
autocreate_auto_join_rooms: true
autocreate_auto_join_rooms_federated: false

turn_uris: ['turn:${synapse_turn_host}']
turn_shared_secret: "${synapse_turn_secret}"
turn_allow_guests: false

report_stats: false

macaroon_secret_key: "${synapse_macaroon_secret_key}"
form_secret: "${synapse_form_secret}"

signing_key_path: ${synapse_conf_dir}/signing.key

trusted_key_servers:
  - server_name: matrix.org
suppress_key_server_warning: true

modules:
  - module: ldap_auth_provider.LdapAuthProviderModule
    config:
      enabled: true
      uri:
$(printf -- '         - ldap://%s:389\n' $ldap_hosts)
      start_tls: true
      base: ${users_basedn}
      attributes:
        uid: uid
        mail: mail
        name: cn
      bind_dn: uid=${synapse_username},${robots_basedn}
      bind_password: ${synapse_ldap_password}
      filter: '(memberOf=cn=${synapse_access_role},${roles_basedn})'