From 982eec178b894e9f7b786189791c233f1bceed16 Mon Sep 17 00:00:00 2001 From: strawberry Date: Thu, 18 Jan 2024 01:08:25 -0500 Subject: [PATCH] add conduwuit-example.toml (new example config) Signed-off-by: strawberry --- conduwuit-example.toml | 205 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 conduwuit-example.toml diff --git a/conduwuit-example.toml b/conduwuit-example.toml new file mode 100644 index 00000000..450fefaf --- /dev/null +++ b/conduwuit-example.toml @@ -0,0 +1,205 @@ +# ============================================================================= +# This is the official example config for conduwuit. +# If you use it for your server, you will need to adjust it to your own needs. +# At the very least, change the server_name field! +# ============================================================================= + +[global] + +# The server_name is the pretty name of this server. It is used as a suffix for user +# and room ids. Examples: matrix.org, conduit.rs + +# The Conduit server needs all /_matrix/ requests to be reachable at +# https://your.server.name/ on port 443 (client-server) and 8448 (federation). + +# If that's not possible for you, you can create /.well-known files to redirect +# requests (delegation). See +# https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient +# and +# https://spec.matrix.org/v1.9/server-server-api/#getwell-knownmatrixserver +# for more information + +# YOU NEED TO EDIT THIS +#server_name = "your.server.name" + +# Servers listed here will be used to gather public keys of other servers. +# Generally, copying this exactly should be enough. (Currently, conduwuit doesn't +# support batched key requests, so this list should only contain Synapse +# servers.) Defaults to `matrix.org` +#trusted_servers = ["matrix.org"] + + + +### Database configuration + +# This is the only directory where conduwuit will save its data, including media +database_path = "/var/lib/conduwuit/" + +# Database backend: Only rocksdb and sqlite are supported. Please note that sqlite +# will perform significantly worse than rocksdb as it is not intended to be used the +# way it is by conduwuit. sqlite only exists for historical reasons. +database_backend = "rocksdb" + + + +### Network + +# The port conduwuit will be running on. You need to set up a reverse proxy such as +# Caddy or Nginx so all requests to /_matrix on port 443 and 8448 will be +# forwarded to the conduwuit instance running on this port +# Docker users: Don't change this, you'll need to map an external port to this. +port = 6167 + +# default address (IPv4 or IPv6) conduwuit will listen on. Generally you want this to be +# localhost (127.0.0.1 / ::1). If you are using Docker or a container NAT networking setup, you +# likely need this to be 0.0.0.0. +address = "127.0.0.1" + +# How many requests conduwuit sends to other servers at the same time. Default is 100 +# Note that because conduwuit is very fast unlike other homeserver implementations, +# setting this too high could inadvertently result in ratelimits kicking in, or +# overloading lower-end homeservers out there. Recommended to leave this alone unless you +# have a valid reason to. No this will not speed up room joins. +#max_concurrent_requests = 100 + +# Max request size for file uploads +max_request_size = 20_000_000 # in bytes + +# Uncomment unix_socket_path to listen on a UNIX socket at the specified path. +# If listening on a UNIX socket, you must remove/comment the 'address' key if defined and add your +# reverse proxy to the 'conduwuit' group, unless world RW permissions are specified with unix_socket_perms (666 minimum). +#unix_socket_path = "/run/conduwuit/conduwuit.sock" +#unix_socket_perms = 660 + +# Set this to true for conduwuit to compress HTTP response bodies using zstd. +# Please be aware that enabling HTTP compression may weaken or even defeat TLS. +# Most users should not need to enable this. +# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before deciding to enable this. +zstd_compression = false + + + +### Moderation / Privacy / Security + +# Set to true to allow user type "guest" registrations. Element attempts to register guest users automatically. +# For private homeservers, this is best at false. +allow_guest_registration = false + +# Vector list of servers that conduwuit will refuse to download remote media from +#prevent_media_downloads_from = ["example.com", "example.local"] + +# Enables open registration. If set to false, no users can register on this +# server (unless a token is configured). +# If set to true, users can register with no form of 2nd step only if you set +# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` to +# in your config. If you would like +# registration only via token reg, please set this to *false* and configure the +# `registration_token` key. +allow_registration = false +# Please note that an open registration homeserver with no second-step verification +# is highly prone to abuse and potential defederation by homeservers, including +# matrix.org. + +# A static registration token that new users will have to provide when creating +# an account. If unset and `allow_registration` is true, registration is open +# without any condition. YOU NEED TO EDIT THIS. +registration_token = "change this token for something specific to your server" + +# controls whether federation is allowed or not +allow_federation = true + +# Set this to true to allow your server's public room directory to be federated. +# Set this to false to protect against /publicRooms spiders, but will forbid external users +# from viewing your server's public room directory. If federation is disabled entirely +# (`allow_federation`), this is inherently false. +allow_public_room_directory_over_federation = false + +# Set this to true to allow your server's public room directory to be queried without client +# authentication (access token) through the Client APIs. Set this to false to protect against /publicRooms spiders. +allow_public_room_directory_without_auth = false + +# Set this to true to allow federating device display names / allow external users to see your device display name. +# If federation is disabled entirely (`allow_federation`), this is inherently false. For privacy, this is best disabled. +allow_device_name_federation = false + + + +### Misc + +# max log level for conduwuit. allows debug, info, warn, or error +#log = "warn" + +# controls whether encrypted rooms and events are allowed (default true) +#allow_encryption = false + +# conduwuit will send a simple GET request periodically to `https://pupbrain.dev/check-for-updates/stable` +# for any new announcements made. Despite the name, this is not an update check +# endpoint, it is simply an announcement check endpoint. I don't plan on using +# this so feel free to disable it. +allow_check_for_updates = true + +# Enables adding the lightning bolt emoji (⚡️) to all newly registered users' +# initial display names. +enable_lightning_bolt = false + +# If you are using delegation via well-known files and you cannot serve them from your reverse proxy, you can +# uncomment these to serve them directly from conduwuit. This requires proxying all requests to conduwuit, not just `/_matrix` to work. +#well_known_server = "matrix.example.com:443" +#well_known_client = "https://matrix.example.com" +# Note that whatever you put will show up in the well-known JSON values. + +# Set to false to disable users from joining or creating room versions that aren't 100% officially supported by conduwuit. +# conduwuit officially supports room versions 6 - 10. conduwuit has experimental/unstable support for 1 - 5, and 11. +# Defaults to true. +#allow_unstable_room_versions = true + +# Set this to any float value to multiply conduwuit's in-memory LRU caches with. +# May be useful if you have significant memory to spare to increase performance. +# Defaults to 1.0. +#conduit_cache_capacity_modifier = 1.0 + +# Set this to any float value in megabytes for conduwuit to tell the database engine that this much memory is available for database-related caches. +# May be useful if you have significant memory to spare to increase performance. +# Defaults to 900.0 +#db_cache_capacity_mb = 900.0 + + + +### RocksDB options + +# Set this to true to use RocksDB config options that are tailored to HDDs (slower device storage) +#rocksdb_optimize_for_spinning_disks = false + +# RocksDB log level. This is not the same as conduwuit's log level. This is the log level for RocksDB itself +# which show up in your database folder/path as `LOG` files. Defaults to warn. conduwuit will typically log RocksDB errors. +#rocksdb_log_level = "warn" + +# Max RocksDB `LOG` file size before rotating in bytes. Defaults to 4MB. +#rocksdb_max_log_file_size = 4194304 + +# Time in seconds before RocksDB will forcibly rotate logs. Defaults to 0. +#rocksdb_log_time_to_roll = 0 + + + +### Presence + +# Config option to control local (your server only) presence updates/requests. Defaults to false. +# Note that presence on conduwuit is very fast unlike Synapse's. +#allow_local_presence = false + +# Config option to control incoming federated presence updates/requests. Defaults to false. +# This option receives presence updates from other servers, but does not send any unless `allow_outgoing_presence` is true. +# Note that presence on conduwuit is very fast unlike Synapse's. +#allow_incoming_presence = false + +# Config option to control outgoing presence updates/requests. Defaults to false. +# This option sends presence updates to other servers, but does not receive any unless `allow_incoming_presence` is true. +# Note that presence on conduwuit is very fast unlike Synapse's. +#allow_outgoing_presence = false + +# Config option to control how many seconds before presence updates that you are idle. Defaults to 5 minutes. +#presence_idle_timeout_s = 300 + +# Config option to control how many seconds before presence updates that you are offline. Defaults to 30 minutes. +#presence_offline_timeout_s = 1800 \ No newline at end of file