my.diff

7c7
< tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
---
> tls_certificate_path: "/usr/src/synapse/demo-core.watcha.fr.tls.crt"
10c10
< tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
---
> tls_private_key_path: "/usr/src/synapse/demo-core.watcha.fr.tls.key"
13c13
< tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
---
> tls_dh_params_path: "/usr/src/synapse/demo-core.watcha.fr.tls.dh"
17a18,45
> # List of allowed TLS fingerprints for this server to publish along
> # with the signing keys for this server. Other matrix servers that
> # make HTTPS requests to this server will check that the TLS
> # certificates returned by this server match one of the fingerprints.
> #
> # Synapse automatically adds the fingerprint of its own certificate
> # to the list. So if federation traffic is handled directly by synapse
> # then no modification to the list is required.
> #
> # If synapse is run behind a load balancer that handles the TLS then it
> # will be necessary to add the fingerprints of the certificates used by
> # the loadbalancers to this list if they are different to the one
> # synapse is using.
> #
> # Homeservers are permitted to cache the list of TLS fingerprints
> # returned in the key responses up to the "valid_until_ts" returned in
> # key. It may be necessary to publish the fingerprints of a new
> # certificate and wait until the "valid_until_ts" of the previous key
> # responses have passed before deploying it.
> #
> # You can calculate a fingerprint from a given TLS listener via:
> # openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
> #   openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
> # or by checking matrix.org/federationtester/api/report?server_name=$host
> #
> tls_fingerprints: []
> # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
> 
20a49,54
> # The domain name of the server, with optional explicit port.
> # This is used by remote servers to connect to this server,
> # e.g. matrix.org, localhost:8080, etc.
> # This is also the last part of your UserID.
> server_name: "demo-core.watcha.fr"
> 
22c56,77
< pid_file: "/var/run/matrix-synapse.pid"
---
> pid_file: /usr/src/synapse/homeserver.pid
> 
> # CPU affinity mask. Setting this restricts the CPUs on which the
> # process will be scheduled. It is represented as a bitmask, with the
> # lowest order bit corresponding to the first logical CPU and the
> # highest order bit corresponding to the last logical CPU. Not all CPUs
> # may exist on a given system but a mask may specify more CPUs than are
> # present.
> #
> # For example:
> #    0x00000001  is processor #0,
> #    0x00000003  is processors #0 and #1,
> #    0xFFFFFFFF  is all processors (#0 through #31).
> #
> # Pinning a Python process to a single CPU is desirable, because Python
> # is inherently single-threaded due to the GIL, and can suffer a
> # 30-40% slowdown due to cache blow-out and thread context switching
> # if the scheduler happens to schedule the underlying threads across
> # different cores. See
> # https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/.
> #
> # cpu_affinity: 0xFFFFFFFF
25c80,86
< web_client: False
---
> web_client: True
> 
> # The root directory to server for the above web client.
> # If left undefined, synapse will serve the matrix-angular-sdk web client.
> # Make sure matrix-angular-sdk is installed with pip if web_client is True
> # and web_client_location is undefined
> # web_client_location: "/path/to/web/root"
38,45c99,116
< # A list of other Home Servers to fetch the public room directory from
< # and include in the public room directory of this home server
< # This is a temporary stopgap solution to populate new server with a
< # list of rooms until there exists a good solution of a decentralized
< # room directory.
< # secondary_directory_servers:
< #     - matrix.org
< #     - vector.im
---
> # Set the limit on the returned events in the timeline in the get
> # and sync operations. The default value is -1, means no upper limit.
> # filter_timeline_limit: 5000
> 
> # Whether room invites to users on this server should be blocked
> # (except those sent by local server admins). The default is False.
> # block_non_admin_invites: True
> 
> # Restrict federation to the following whitelist of domains.
> # N.B. we recommend also firewalling your federation listener to limit
> # inbound federation traffic as early as possible, rather than relying
> # purely on this application-layer restriction.  If not specified, the
> # default is to whitelist everything.
> #
> # federation_domain_whitelist:
> #  - lon.example.com
> #  - nyc.example.com
> #  - syd.example.com
56,58c127,133
< # WATCHA DISABLED     # Local interface to listen on.
< # WATCHA DISABLED     # The empty string will cause synapse to listen on all interfaces.
< # WATCHA DISABLED     bind_address: ''
---
> # WATCHA DISABLED     # Local addresses to listen on.
> # WATCHA DISABLED     # On Linux and Mac OS, `::` will listen on all IPv4 and IPv6
> # WATCHA DISABLED     # addresses by default. For most other OSes, this will only listen
> # WATCHA DISABLED     # on IPv6.
> # WATCHA DISABLED     bind_addresses:
> # WATCHA DISABLED       - '::'
> # WATCHA DISABLED       - '0.0.0.0'
84a160,166
> # WATCHA DISABLED     # optional list of additional endpoints which can be loaded via
> # WATCHA DISABLED     # dynamic modules
> # WATCHA DISABLED     # additional_resources:
> # WATCHA DISABLED     #   "/_matrix/my/custom/endpoint":
> # WATCHA DISABLED     #     module: my_module.CustomRequestHandler
> # WATCHA DISABLED     #     config: {}
> # WATCHA DISABLED 
89c171
<     bind_address: ''
---
>     bind_addresses: ['::', '0.0.0.0']
103c185
<   #   bind_address: 127.0.0.1
---
>   #   bind_addresses: ['::1', '127.0.0.1']
114c196
<     database: "/var/lib/matrix-synapse/homeserver.db"
---
>     database: "/usr/src/synapse/homeserver.db"
120,121d201
< # A yaml python logging config file
< log_config: "/etc/matrix-synapse/log.yaml"
123,126c203,204
< # Stop twisted from discarding the stack traces of exceptions in
< # deferreds by waiting a reactor tick before running a deferred's
< # callbacks.
< # full_twisted_stacktraces: true
---
> # A yaml python logging config file
> log_config: "/usr/src/synapse/demo-core.watcha.fr.log.config"
159c237,254
< media_store_path: "/var/lib/matrix-synapse/media"
---
> media_store_path: "/usr/src/synapse/media_store"
> 
> # Media storage providers allow media to be stored in different
> # locations.
> # media_storage_providers:
> # - module: file_system
> #   # Whether to write new local files.
> #   store_local: false
> #   # Whether to write new remote media
> #   store_remote: false
> #   # Whether to block upload requests waiting for write to this
> #   # provider to complete
> #   store_synchronous: false
> #   config:
> #     directory: /mnt/some/other/directory
> 
> # Directory where in-progress uploads are stored.
> uploads_path: "/usr/src/synapse/uploads"
209a305,306
> # - '100.64.0.0/10'
> # - '169.254.0.0/16'
260a358
> # See docs/CAPTCHA_SETUP for full details of configuring this.
287a386,390
> # The Username and password if the TURN server needs them and
> # does not use a token
> #turn_username: "TURNSERVER_USERNAME"
> #turn_password: "TURNSERVER_PASSWORD"
> 
290a394,400
> # Whether guests should be allowed to use the TURN server.
> # This defaults to True, otherwise VoIP will be unreliable for guests.
> # However, it does introduce a slight security risk as it allows users to
> # connect to arbitrary endpoints without having first signed up for a
> # valid account (e.g. by passing a CAPTCHA).
> turn_allow_guests: True
> 
296a407,423
> # The user must provide all of the below types of 3PID when registering.
> #
> # registrations_require_3pid:
> #     - email
> #     - msisdn
> 
> # Mandate that users are only allowed to associate certain formats of
> # 3PIDs with accounts on this server.
> #
> # allowed_local_3pids:
> #     - medium: email
> #       pattern: ".*@matrix\.org"
> #     - medium: email
> #       pattern: ".*@vector\.im"
> #     - medium: msisdn
> #       pattern: "\+44"
> 
299,304c426
< registration_shared_secret: 'e4L8ddPKy7sLIqja8BaJZoOdgK0uOLo2'
< 
< # Sets the expiry for the short term user creation in
< # milliseconds. For instance the bellow duration is two weeks
< # in milliseconds.
< user_creation_max_duration: 1209600000
---
> registration_shared_secret: hdHaCACEEFHhNh2lHb0C9m6BIKlxtuxO
320a443,448
> # WATCHA DISABLED     - riot.im
> 
> # Users who register on this homeserver will automatically be joined
> # to these rooms
> #auto_join_rooms:
> #    - "#example:example.com"
326a455,456
> report_stats: False
> 
342c472
< # macaroon_secret_key: <PRIVATE STRING>
---
> macaroon_secret_key: "IsxJ-y7HiD;n,KU:BZ0^@Xs13,S2iPwOo510vUOaDbpm:T;w&7"
350c480
< signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
---
> signing_key_path: "/usr/src/synapse/demo-core.watcha.fr.signing.key"
384,385c514,515
< #   config_path: "/home/erikj/git/synapse/sp_conf.py"
< #   idp_redirect_url: "http://test/idp"
---
> #   config_path: "/usr/src/synapse/sp_conf.py"
> #   idp_redirect_url: "http://demo-core.watcha.fr/idp"
393c523
< #   service_url: "https://homesever.domain.com:8448"
---
> #   service_url: "https://homeserver.domain.com:8448"
406,416d535
< # ldap_config:
< #   enabled: true
< #   server: "ldap://localhost"
< #   port: 389
< #   tls: false
< #   search_base: "ou=Users,dc=example,dc=com"
< #   search_property: "cn"
< #   email_property: "email"
< #   full_name_property: "givenName"
< 
< 
420a540,542
>    # Uncomment and change to a secret random string for extra security.
>    # DO NOT CHANGE THIS AFTER INITIAL SETUP!
>    #pepper: ""
424a547,553
> # Defining a custom URL for Riot is only needed if email notifications
> # should contain links to a self-hosted installation of Riot; when set
> # the "app_name" setting is ignored.
> #
> # If your SMTP server requires authentication, the optional smtp_user &
> # smtp_pass variables should be used
> #
428a558,560
> #   smtp_user: "exampleusername"
> #   smtp_pass: "examplepassword"
> #   require_transport_security: False
434a567,627
> #   riot_base_url: "http://localhost/riot"
> 
> 
> # password_providers:
> #     - module: "ldap_auth_provider.LdapAuthProvider"
> #       config:
> #         enabled: true
> #         uri: "ldap://ldap.example.com:389"
> #         start_tls: true
> #         base: "ou=users,dc=example,dc=com"
> #         attributes:
> #            uid: "cn"
> #            mail: "email"
> #            name: "givenName"
> #         #bind_dn:
> #         #bind_password:
> #         #filter: "(objectClass=posixAccount)"
> 
> 
> 
> # Clients requesting push notifications can either have the body of
> # the message sent in the notification poke along with other details
> # like the sender, or just the event ID and room ID (`event_id_only`).
> # If clients choose the former, this option controls whether the
> # notification request includes the content of the event (other details
> # like the sender are still included). For `event_id_only` push, it
> # has no effect.
> 
> # For modern android devices the notification content will still appear
> # because it is loaded by the app. iPhone, however will send a
> # notification saying only that a message arrived and who it came from.
> #
> #push:
> #   include_content: true
> 
> 
> # spam_checker:
> #     module: "my_custom_project.SuperSpamChecker"
> #     config:
> #         example_option: 'things'
> 
> 
> # Whether to allow non server admins to create groups on this server
> enable_group_creation: false
> 
> # If enabled, non server admins can only create groups with local parts
> # starting with this prefix
> # group_creation_prefix: "unofficial/"
> 
> 
> 
> # User Directory configuration
> #
> # 'search_all_users' defines whether to search all users visible to your HS
> # when searching the user directory, rather than limiting to users visible
> # in public rooms.  Defaults to false.  If you set it True, you'll have to run
> # UPDATE user_directory_stream_pos SET stream_id = NULL;
> # on your database to tell it to rebuild the user_directory search indexes.
> #
> #user_directory:
> #   search_all_users: false