# Docs: https://element-hq.github.io/matrix-authentication-service/ http: public_base: https://{{ env "DOMAIN" }}/ trusted_proxies: - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - 127.0.0.0/8 - fd00::/8 - ::1/128 listeners: - name: web resources: - name: discovery - name: human - name: oauth - name: compat - name: graphql playground: false - name: assets binds: - address: "[::]:8080" database: uri: postgresql://synapse:{{ secret "db_password" }}@{{ env "STACK_NAME" }}_db:5432/mas?sslmode=disable matrix: kind: synapse homeserver: {{ or (env "SERVER_NAME") (env "DOMAIN") }} endpoint: http://{{ env "STACK_NAME" }}_app:8008/ secret_file: /run/secrets/mas_synapse_shared secrets: # Plain hex in file (abra: length=64 charset=hex). See .env.sample modifiers. encryption_file: /run/secrets/mas_encryption keys: - key_file: /run/secrets/mas_signing_rsa passwords: enabled: true schemes: - version: 1 algorithm: bcrypt unicode_normalization: true - version: 2 algorithm: argon2id {{ if env "MAS_UPSTREAM_PROVIDER_ID" }} # https://element-hq.github.io/matrix-authentication-service/setup/sso.html upstream_oauth2: providers: - id: {{ env "MAS_UPSTREAM_PROVIDER_ID" }} {{ if env "MAS_UPSTREAM_SYNAPSE_IDP_ID" }}synapse_idp_id: {{ env "MAS_UPSTREAM_SYNAPSE_IDP_ID" }}{{ end }} human_name: {{ or (env "MAS_UPSTREAM_HUMAN_NAME") "SSO" }} issuer: {{ env "MAS_UPSTREAM_ISSUER" }} client_id: {{ env "MAS_UPSTREAM_CLIENT_ID" }} client_secret_file: /run/secrets/mas_upstream_client_secret token_endpoint_auth_method: client_secret_basic scope: "openid profile email" claims_imports: localpart: action: require template: "{{ "{{ user.preferred_username }}" }}" displayname: action: suggest template: "{{ "{{ user.name }}" }}" email: action: suggest template: "{{ "{{ user.email }}" }}" {{ end }}