summary refs log tree commit diff
path: root/synapse/config/server.py
diff options
context:
space:
mode:
authorShay <hillerys@element.io>2022-06-14 07:53:42 -0700
committerGitHub <noreply@github.com>2022-06-14 07:53:42 -0700
commit493c2fc44abcf3457953cc2f6f23509ff7855253 (patch)
treef429a75b187fdd0449bc1a460ce730b6d2b2ccd2 /synapse/config/server.py
parentRename delta to apply in the proper schema version. (#13050) (diff)
downloadsynapse-493c2fc44abcf3457953cc2f6f23509ff7855253.tar.xz
Remove code generating comments in configuration file (#12941)
Diffstat (limited to 'synapse/config/server.py')
-rw-r--r--synapse/config/server.py494
1 files changed, 2 insertions, 492 deletions
diff --git a/synapse/config/server.py b/synapse/config/server.py
index 657322cb1f..828938e5ec 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -16,7 +16,6 @@ import argparse
 import itertools
 import logging
 import os.path
-import re
 import urllib.parse
 from textwrap import indent
 from typing import Any, Dict, Iterable, List, Optional, Set, Tuple, Union
@@ -702,9 +701,6 @@ class ServerConfig(Config):
         listeners: Optional[List[dict]],
         **kwargs: Any,
     ) -> str:
-        ip_range_blacklist = "\n".join(
-            "        #  - '%s'" % ip for ip in DEFAULT_IP_RANGE_BLACKLIST
-        )
 
         _, bind_port = parse_and_validate_server_name(server_name)
         if bind_port is not None:
@@ -715,9 +711,6 @@ class ServerConfig(Config):
 
         pid_file = os.path.join(data_dir_path, "homeserver.pid")
 
-        # Bring DEFAULT_ROOM_VERSION into the local-scope for use in the
-        # default config string
-        default_room_version = DEFAULT_ROOM_VERSION
         secure_listeners = []
         unsecure_listeners = []
         private_addresses = ["::1", "127.0.0.1"]
@@ -765,501 +758,18 @@ class ServerConfig(Config):
                 compress: false"""
 
             if listeners:
-                # comment out this block
-                unsecure_http_bindings = "#" + re.sub(
-                    "\n {10}",
-                    lambda match: match.group(0) + "#",
-                    unsecure_http_bindings,
-                )
+                unsecure_http_bindings = ""
 
         if not secure_listeners:
-            secure_http_bindings = (
-                """#- port: %(bind_port)s
-          #  type: http
-          #  tls: true
-          #  resources:
-          #    - names: [client, federation]"""
-                % locals()
-            )
+            secure_http_bindings = ""
 
         return (
             """\
-        ## Server ##
-
-        # The public-facing domain of the server
-        #
-        # The server_name name will appear at the end of usernames and room addresses
-        # created on this server. For example if the server_name was example.com,
-        # usernames on this server would be in the format @user:example.com
-        #
-        # In most cases you should avoid using a matrix specific subdomain such as
-        # matrix.example.com or synapse.example.com as the server_name for the same
-        # reasons you wouldn't use user@email.example.com as your email address.
-        # See https://matrix-org.github.io/synapse/latest/delegate.html
-        # for information on how to host Synapse on a subdomain while preserving
-        # a clean server_name.
-        #
-        # The server_name cannot be changed later so it is important to
-        # configure this correctly before you start Synapse. It should be all
-        # lowercase and may contain an explicit port.
-        # Examples: matrix.org, localhost:8080
-        #
         server_name: "%(server_name)s"
-
-        # When running as a daemon, the file to store the pid in
-        #
         pid_file: %(pid_file)s
-
-        # The absolute URL to the web client which / will redirect to.
-        #
-        #web_client_location: https://riot.example.com/
-
-        # The public-facing base URL that clients use to access this Homeserver (not
-        # including _matrix/...). This is the same URL a user might enter into the
-        # 'Custom Homeserver URL' field on their client. If you use Synapse with a
-        # reverse proxy, this should be the URL to reach Synapse via the proxy.
-        # Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
-        # 'listeners' below).
-        #
-        # Defaults to 'https://<server_name>/'.
-        #
-        #public_baseurl: https://example.com/
-
-        # Uncomment the following to tell other servers to send federation traffic on
-        # port 443.
-        #
-        # By default, other servers will try to reach our server on port 8448, which can
-        # be inconvenient in some environments.
-        #
-        # Provided 'https://<server_name>/' on port 443 is routed to Synapse, this
-        # option configures Synapse to serve a file at
-        # 'https://<server_name>/.well-known/matrix/server'. This will tell other
-        # servers to send traffic to port 443 instead.
-        #
-        # See https://matrix-org.github.io/synapse/latest/delegate.html for more
-        # information.
-        #
-        # Defaults to 'false'.
-        #
-        #serve_server_wellknown: true
-
-        # Set the soft limit on the number of file descriptors synapse can use
-        # Zero is used to indicate synapse should set the soft limit to the
-        # hard limit.
-        #
-        #soft_file_limit: 0
-
-        # Presence tracking allows users to see the state (e.g online/offline)
-        # of other local and remote users.
-        #
-        presence:
-          # Uncomment to disable presence tracking on this homeserver. This option
-          # replaces the previous top-level 'use_presence' option.
-          #
-          #enabled: false
-
-        # Whether to require authentication to retrieve profile data (avatars,
-        # display names) of other users through the client API. Defaults to
-        # 'false'. Note that profile data is also available via the federation
-        # API, unless allow_profile_lookup_over_federation is set to false.
-        #
-        #require_auth_for_profile_requests: true
-
-        # Uncomment to require a user to share a room with another user in order
-        # to retrieve their profile information. Only checked on Client-Server
-        # requests. Profile requests from other servers should be checked by the
-        # requesting server. Defaults to 'false'.
-        #
-        #limit_profile_requests_to_users_who_share_rooms: true
-
-        # Uncomment to prevent a user's profile data from being retrieved and
-        # displayed in a room until they have joined it. By default, a user's
-        # profile data is included in an invite event, regardless of the values
-        # of the above two settings, and whether or not the users share a server.
-        # Defaults to 'true'.
-        #
-        #include_profile_data_on_invite: false
-
-        # If set to 'true', removes the need for authentication to access the server's
-        # public rooms directory through the client API, meaning that anyone can
-        # query the room directory. Defaults to 'false'.
-        #
-        #allow_public_rooms_without_auth: true
-
-        # If set to 'true', allows any other homeserver to fetch the server's public
-        # rooms directory via federation. Defaults to 'false'.
-        #
-        #allow_public_rooms_over_federation: true
-
-        # The default room version for newly created rooms.
-        #
-        # Known room versions are listed here:
-        # https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions
-        #
-        # For example, for room version 1, default_room_version should be set
-        # to "1".
-        #
-        #default_room_version: "%(default_room_version)s"
-
-        # The GC threshold parameters to pass to `gc.set_threshold`, if defined
-        #
-        #gc_thresholds: [700, 10, 10]
-
-        # The minimum time in seconds between each GC for a generation, regardless of
-        # the GC thresholds. This ensures that we don't do GC too frequently.
-        #
-        # A value of `[1s, 10s, 30s]` indicates that a second must pass between consecutive
-        # generation 0 GCs, etc.
-        #
-        # Defaults to `[1s, 10s, 30s]`.
-        #
-        #gc_min_interval: [0.5s, 30s, 1m]
-
-        # Set the limit on the returned events in the timeline in the get
-        # and sync operations. The default value is 100. -1 means no upper limit.
-        #
-        # Uncomment the following to increase the limit to 5000.
-        #
-        #filter_timeline_limit: 5000
-
-        # Whether room invites to users on this server should be blocked
-        # (except those sent by local server admins). The default is False.
-        #
-        #block_non_admin_invites: true
-
-        # Room searching
-        #
-        # If disabled, new messages will not be indexed for searching and users
-        # will receive errors when searching for messages. Defaults to enabled.
-        #
-        #enable_search: false
-
-        # Prevent outgoing requests from being sent to the following blacklisted IP address
-        # CIDR ranges. If this option is not specified then it defaults to private IP
-        # address ranges (see the example below).
-        #
-        # The blacklist applies to the outbound requests for federation, identity servers,
-        # push servers, and for checking key validity for third-party invite events.
-        #
-        # (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
-        # listed here, since they correspond to unroutable addresses.)
-        #
-        # This option replaces federation_ip_range_blacklist in Synapse v1.25.0.
-        #
-        # Note: The value is ignored when an HTTP proxy is in use
-        #
-        #ip_range_blacklist:
-%(ip_range_blacklist)s
-
-        # List of IP address CIDR ranges that should be allowed for federation,
-        # identity servers, push servers, and for checking key validity for
-        # third-party invite events. This is useful for specifying exceptions to
-        # wide-ranging blacklisted target IP ranges - e.g. for communication with
-        # a push server only visible in your network.
-        #
-        # This whitelist overrides ip_range_blacklist and defaults to an empty
-        # list.
-        #
-        #ip_range_whitelist:
-        #   - '192.168.1.1'
-
-        # List of ports that Synapse should listen on, their purpose and their
-        # configuration.
-        #
-        # Options for each listener include:
-        #
-        #   port: the TCP port to bind to
-        #
-        #   bind_addresses: a list of local addresses to listen on. The default is
-        #       'all local interfaces'.
-        #
-        #   type: the type of listener. Normally 'http', but other valid options are:
-        #       'manhole' (see https://matrix-org.github.io/synapse/latest/manhole.html),
-        #       'metrics' (see https://matrix-org.github.io/synapse/latest/metrics-howto.html),
-        #       'replication' (see https://matrix-org.github.io/synapse/latest/workers.html).
-        #
-        #   tls: set to true to enable TLS for this listener. Will use the TLS
-        #       key/cert specified in tls_private_key_path / tls_certificate_path.
-        #
-        #   x_forwarded: Only valid for an 'http' listener. Set to true to use the
-        #       X-Forwarded-For header as the client IP. Useful when Synapse is
-        #       behind a reverse-proxy.
-        #
-        #   resources: Only valid for an 'http' listener. A list of resources to host
-        #       on this port. Options for each resource are:
-        #
-        #       names: a list of names of HTTP resources. See below for a list of
-        #           valid resource names.
-        #
-        #       compress: set to true to enable HTTP compression for this resource.
-        #
-        #   additional_resources: Only valid for an 'http' listener. A map of
-        #        additional endpoints which should be loaded via dynamic modules.
-        #
-        # Valid resource names are:
-        #
-        #   client: the client-server API (/_matrix/client), and the synapse admin
-        #       API (/_synapse/admin). Also implies 'media' and 'static'.
-        #
-        #   consent: user consent forms (/_matrix/consent).
-        #       See https://matrix-org.github.io/synapse/latest/consent_tracking.html.
-        #
-        #   federation: the server-server API (/_matrix/federation). Also implies
-        #       'media', 'keys', 'openid'
-        #
-        #   keys: the key discovery API (/_matrix/key).
-        #
-        #   media: the media API (/_matrix/media).
-        #
-        #   metrics: the metrics interface.
-        #       See https://matrix-org.github.io/synapse/latest/metrics-howto.html.
-        #
-        #   openid: OpenID authentication.
-        #
-        #   replication: the HTTP replication API (/_synapse/replication).
-        #       See https://matrix-org.github.io/synapse/latest/workers.html.
-        #
-        #   static: static resources under synapse/static (/_matrix/static). (Mostly
-        #       useful for 'fallback authentication'.)
-        #
         listeners:
-          # TLS-enabled listener: for when matrix traffic is sent directly to synapse.
-          #
-          # Disabled by default. To enable it, uncomment the following. (Note that you
-          # will also need to give Synapse a TLS key and certificate: see the TLS section
-          # below.)
-          #
           %(secure_http_bindings)s
-
-          # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
-          # that unwraps TLS.
-          #
-          # If you plan to use a reverse proxy, please see
-          # https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
-          #
           %(unsecure_http_bindings)s
-
-            # example additional_resources:
-            #
-            #additional_resources:
-            #  "/_matrix/my/custom/endpoint":
-            #    module: my_module.CustomRequestHandler
-            #    config: {}
-
-          # Turn on the twisted ssh manhole service on localhost on the given
-          # port.
-          #
-          #- port: 9000
-          #  bind_addresses: ['::1', '127.0.0.1']
-          #  type: manhole
-
-        # Connection settings for the manhole
-        #
-        manhole_settings:
-          # The username for the manhole. This defaults to 'matrix'.
-          #
-          #username: manhole
-
-          # The password for the manhole. This defaults to 'rabbithole'.
-          #
-          #password: mypassword
-
-          # The private and public SSH key pair used to encrypt the manhole traffic.
-          # If these are left unset, then hardcoded and non-secret keys are used,
-          # which could allow traffic to be intercepted if sent over a public network.
-          #
-          #ssh_priv_key_path: %(config_dir_path)s/id_rsa
-          #ssh_pub_key_path: %(config_dir_path)s/id_rsa.pub
-
-        # Forward extremities can build up in a room due to networking delays between
-        # homeservers. Once this happens in a large room, calculation of the state of
-        # that room can become quite expensive. To mitigate this, once the number of
-        # forward extremities reaches a given threshold, Synapse will send an
-        # org.matrix.dummy_event event, which will reduce the forward extremities
-        # in the room.
-        #
-        # This setting defines the threshold (i.e. number of forward extremities in the
-        # room) at which dummy events are sent. The default value is 10.
-        #
-        #dummy_events_threshold: 5
-
-
-        ## Homeserver blocking ##
-
-        # How to reach the server admin, used in ResourceLimitError
-        #
-        #admin_contact: 'mailto:admin@server.com'
-
-        # Global blocking
-        #
-        #hs_disabled: false
-        #hs_disabled_message: 'Human readable reason for why the HS is blocked'
-
-        # Monthly Active User Blocking
-        #
-        # Used in cases where the admin or server owner wants to limit to the
-        # number of monthly active users.
-        #
-        # 'limit_usage_by_mau' disables/enables monthly active user blocking. When
-        # enabled and a limit is reached the server returns a 'ResourceLimitError'
-        # with error type Codes.RESOURCE_LIMIT_EXCEEDED
-        #
-        # 'max_mau_value' is the hard limit of monthly active users above which
-        # the server will start blocking user actions.
-        #
-        # 'mau_trial_days' is a means to add a grace period for active users. It
-        # means that users must be active for this number of days before they
-        # can be considered active and guards against the case where lots of users
-        # sign up in a short space of time never to return after their initial
-        # session.
-        #
-        # The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but
-        # applies a different trial number if the user was registered by an appservice.
-        # A value of 0 means no trial days are applied. Appservices not listed in this
-        # dictionary use the value of `mau_trial_days` instead.
-        #
-        # 'mau_limit_alerting' is a means of limiting client side alerting
-        # should the mau limit be reached. This is useful for small instances
-        # where the admin has 5 mau seats (say) for 5 specific people and no
-        # interest increasing the mau limit further. Defaults to True, which
-        # means that alerting is enabled
-        #
-        #limit_usage_by_mau: false
-        #max_mau_value: 50
-        #mau_trial_days: 2
-        #mau_limit_alerting: false
-        #mau_appservice_trial_days:
-        #  "appservice-id": 1
-
-        # If enabled, the metrics for the number of monthly active users will
-        # be populated, however no one will be limited. If limit_usage_by_mau
-        # is true, this is implied to be true.
-        #
-        #mau_stats_only: false
-
-        # Sometimes the server admin will want to ensure certain accounts are
-        # never blocked by mau checking. These accounts are specified here.
-        #
-        #mau_limit_reserved_threepids:
-        #  - medium: 'email'
-        #    address: 'reserved_user@example.com'
-
-        # Used by phonehome stats to group together related servers.
-        #server_context: context
-
-        # Resource-constrained homeserver settings
-        #
-        # When this is enabled, the room "complexity" will be checked before a user
-        # joins a new remote room. If it is above the complexity limit, the server will
-        # disallow joining, or will instantly leave.
-        #
-        # Room complexity is an arbitrary measure based on factors such as the number of
-        # users in the room.
-        #
-        limit_remote_rooms:
-          # Uncomment to enable room complexity checking.
-          #
-          #enabled: true
-
-          # the limit above which rooms cannot be joined. The default is 1.0.
-          #
-          #complexity: 0.5
-
-          # override the error which is returned when the room is too complex.
-          #
-          #complexity_error: "This room is too complex."
-
-          # allow server admins to join complex rooms. Default is false.
-          #
-          #admins_can_join: true
-
-        # Whether to require a user to be in the room to add an alias to it.
-        # Defaults to 'true'.
-        #
-        #require_membership_for_aliases: false
-
-        # Whether to allow per-room membership profiles through the send of membership
-        # events with profile information that differ from the target's global profile.
-        # Defaults to 'true'.
-        #
-        #allow_per_room_profiles: false
-
-        # The largest allowed file size for a user avatar. Defaults to no restriction.
-        #
-        # Note that user avatar changes will not work if this is set without
-        # using Synapse's media repository.
-        #
-        #max_avatar_size: 10M
-
-        # The MIME types allowed for user avatars. Defaults to no restriction.
-        #
-        # Note that user avatar changes will not work if this is set without
-        # using Synapse's media repository.
-        #
-        #allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"]
-
-        # How long to keep redacted events in unredacted form in the database. After
-        # this period redacted events get replaced with their redacted form in the DB.
-        #
-        # Defaults to `7d`. Set to `null` to disable.
-        #
-        #redaction_retention_period: 28d
-
-        # How long to track users' last seen time and IPs in the database.
-        #
-        # Defaults to `28d`. Set to `null` to disable clearing out of old rows.
-        #
-        #user_ips_max_age: 14d
-
-        # Inhibits the /requestToken endpoints from returning an error that might leak
-        # information about whether an e-mail address is in use or not on this
-        # homeserver.
-        # Note that for some endpoints the error situation is the e-mail already being
-        # used, and for others the error is entering the e-mail being unused.
-        # If this option is enabled, instead of returning an error, these endpoints will
-        # act as if no error happened and return a fake session ID ('sid') to clients.
-        #
-        #request_token_inhibit_3pid_errors: true
-
-        # A list of domains that the domain portion of 'next_link' parameters
-        # must match.
-        #
-        # This parameter is optionally provided by clients while requesting
-        # validation of an email or phone number, and maps to a link that
-        # users will be automatically redirected to after validation
-        # succeeds. Clients can make use this parameter to aid the validation
-        # process.
-        #
-        # The whitelist is applied whether the homeserver or an
-        # identity server is handling validation.
-        #
-        # The default value is no whitelist functionality; all domains are
-        # allowed. Setting this value to an empty list will instead disallow
-        # all domains.
-        #
-        #next_link_domain_whitelist: ["matrix.org"]
-
-        # Templates to use when generating email or HTML page contents.
-        #
-        templates:
-          # Directory in which Synapse will try to find template files to use to generate
-          # email or HTML page contents.
-          # If not set, or a file is not found within the template directory, a default
-          # template from within the Synapse package will be used.
-          #
-          # See https://matrix-org.github.io/synapse/latest/templates.html for more
-          # information about using custom templates.
-          #
-          #custom_template_directory: /path/to/custom/templates/
-
-        # List of rooms to exclude from sync responses. This is useful for server
-        # administrators wishing to group users into a room without these users being able
-        # to see it from their client.
-        #
-        # By default, no room is excluded.
-        #
-        #exclude_rooms_from_sync:
-        #    - !foo:example.com
         """
             % locals()
         )