svc:
  name: synapse
  domain: "matrix.msrg.cc"
  docker_host: synapse-admin
  port: 80
  caddy_extra: |
    handle /_matrix/* {
        reverse_proxy synapse:8008
    }
    handle /_synapse/* {
        reverse_proxy synapse:8008
    }
  extra_svcs:
    - domain: "msrg.cc:8008"
      additional_domains:
        - matrix.msrg.cc:8448
        - matrix.msrg.cc:8008
        - msrg.cc:8448
      docker_host: synapse
      port: 8008
  db:
    host: "{{ postgres.host }}"
    database: synapse
    user: "{{ vault_synapse.db.user }}"
    pass: "{{ vault_synapse.db.pass }}"
  config_path: config

svc_env:
  SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}"
  REACT_APP_SERVER: https://matrix.msrg.cc

svc_yml:
  server_name: "msrg.cc"
  pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
  public_baseurl: https://matrix.msrg.cc/
  allow_public_rooms_without_auth: true
  allow_public_rooms_over_federation: true

  listeners:
    - port: 8008
      tls: false
      type: http
      x_forwarded: true
      resources:
        - names:
          - client
          - federation
          - metrics
          compress: false

  admin_contact: "mailto:{{ admin_email }}"

  acme:
      enabled: false

  database:
   name: "psycopg2"
   args:
     user: "{{ svc.db.user }}"
     password: "{{ svc.db.pass }}"
     database: "{{ svc.db.database }}"
     host: "{{ svc.db.host }}"
     cp_min: 5
     cp_max: 10

  log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
  media_store_path: "/media_store"
  max_upload_size: 500M
  enable_registration: false
  enable_metrics: true
  report_stats: true

  macaroon_secret_key: "{{ vault_synapse.macaroon_secret_key }}"
  form_secret: "{{ vault_synapse.form_secret }}"
  signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"

  trusted_key_servers:
    - server_name: "matrix.org"
  suppress_key_server_warning: true

  oidc_providers:
    - idp_id: "auth_serguzim_me"
      idp_name: "auth.serguzim.me"
      issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
      client_id: "{{ vault_synapse.oidc_client.id }}"
      client_secret: "{{ vault_synapse.oidc_client.secret }}"
      scopes:
        - "openid"
        - "profile"
        - "email"
      user_mapping_provider:
        config:
          localpart_template: "{{ '{{ user.preferred_username }}' }}"
          display_name_template: "{{ '{{ user.name }}' }}"

  email:
    smtp_host: mail.serguzim.me
    smtp_port: 587
    smtp_user: "matrix@serguzim.me"
    smtp_pass: "{{ vault_synapse.mail.pass }}"
    require_transport_security: true
    notif_from: "Matrix <matrix@serguzim.me>"

compose:
  watchtower: true
  env: true
  image: ghcr.io/matrix-org/synapse
  volumes:
    - ./config:/config
    - media_store:/media_store
  file:
    services:
      synapse-admin:
         image: awesometechnologies/synapse-admin
         restart: always
         labels:
           com.centurylinklabs.watchtower.enable: true
         env_file:
           - service.env
         networks:
           apps:
             aliases:
               - synapse-admin
    volumes:
      media_store: