server_name: "{{ password.server_name }}"
public_baseurl: "https://{{ dns_name }}"
report_stats: false

log_config: "/etc/synapse/{{ password.server_name }}.log.config"
signing_key_path: "/etc/synapse/{{ password.server_name }}.signing.key"
media_store_path: /var/lib/synapse/media_store
pid_file: /var/lib/synapse/homeserver.pid

listeners:
  - path: /var/lib/synapse/socket/main.sock
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false

database:
  name: psycopg2
  args:
    host: localhost
    user: "{{ user }}"
    password: "{{ password.db_pass }}"
    cp_min: 5
    cp_max: 10

allow_public_rooms_over_federation: true
presence:
  enabled: false

#trusted_key_servers:
#  - server_name: "matrix.org"

oidc_providers:
  - idp_id: microsoft
    idp_name: {{ password.oidc_name }}
    issuer: "{{ password.oidc_url }}/v2.0"
    client_id: "{{ password.oidc_client_id }}"
    client_secret: "{{ password.oidc_client_secret }}"
    scopes: ["openid", "profile"]
    authorization_endpoint: "{{ password.oidc_url }}/oauth2/v2.0/authorize"
    token_endpoint: "{{ password.oidc_url }}/oauth2/v2.0/token"
    userinfo_endpoint: "{{ password.oidc_userinfo_endpoint }}"

    user_mapping_provider:
      config:
{% raw %}
        localpart_template: "{{ user.preferred_username.split('@')[0] }}"
        display_name_template: "{{ user.name }}"
{% endraw %}

{% for secret in ["form_secret", "macaroon_secret_key", "registration_shared_secret"] %}
{{ secret }}: "
{%- if secret in config -%}
{{ config[secret] }}
{%- else -%}
{{ lookup("password", "/dev/null", length=64, chars=["ascii_letters", "digits"]) }}
{%- endif -%}
"
{% endfor %}