farialima · March 15, 2018 10:44
diff --git a/gistfile1.txt b/gistfile1.txt
 7c7
 < tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
 ---
 > tls_certificate_path: "/usr/src/synapse/demo-core.watcha.fr.tls.crt"
 10c10
 < tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
 ---
 > tls_private_key_path: "/usr/src/synapse/demo-core.watcha.fr.tls.key"
 13c13
 < tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
 ---
 > tls_dh_params_path: "/usr/src/synapse/demo-core.watcha.fr.tls.dh"
 17a18,45
 > # List of allowed TLS fingerprints for this server to publish along
 > # with the signing keys for this server. Other matrix servers that
 > # make HTTPS requests to this server will check that the TLS
 > # certificates returned by this server match one of the fingerprints.
 > #
 > # Synapse automatically adds the fingerprint of its own certificate
 > # to the list. So if federation traffic is handled directly by synapse
 > # then no modification to the list is required.
 > #
 > # If synapse is run behind a load balancer that handles the TLS then it
 > # will be necessary to add the fingerprints of the certificates used by
 > # the loadbalancers to this list if they are different to the one
 > # synapse is using.
 > #
 > # Homeservers are permitted to cache the list of TLS fingerprints
 > # returned in the key responses up to the "valid_until_ts" returned in
 > # key. It may be necessary to publish the fingerprints of a new
 > # certificate and wait until the "valid_until_ts" of the previous key
 > # responses have passed before deploying it.
 > #
 > # You can calculate a fingerprint from a given TLS listener via:
 > # openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
 > #   openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
 > # or by checking matrix.org/federationtester/api/report?server_name=$host
 > #
 > tls_fingerprints: []
 > # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
 > 
 20a49,54
 > # The domain name of the server, with optional explicit port.
 > # This is used by remote servers to connect to this server,
 > # e.g. matrix.org, localhost:8080, etc.
 > # This is also the last part of your UserID.
 > server_name: "demo-core.watcha.fr"
 > 
 22c56,77
 < pid_file: "/var/run/matrix-synapse.pid"
 ---
 > pid_file: /usr/src/synapse/homeserver.pid
 > 
 > # CPU affinity mask. Setting this restricts the CPUs on which the
 > # process will be scheduled. It is represented as a bitmask, with the
 > # lowest order bit corresponding to the first logical CPU and the
 > # highest order bit corresponding to the last logical CPU. Not all CPUs
 > # may exist on a given system but a mask may specify more CPUs than are
 > # present.
 > #
 > # For example:
 > #    0x00000001  is processor #0,
 > #    0x00000003  is processors #0 and #1,
 > #    0xFFFFFFFF  is all processors (#0 through #31).
 > #
 > # Pinning a Python process to a single CPU is desirable, because Python
 > # is inherently single-threaded due to the GIL, and can suffer a
 > # 30-40% slowdown due to cache blow-out and thread context switching
 > # if the scheduler happens to schedule the underlying threads across
 > # different cores. See
 > # https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/.
 > #
 > # cpu_affinity: 0xFFFFFFFF
 25c80,86
 < web_client: False
 ---
 > web_client: True
 > 
 > # The root directory to server for the above web client.
 > # If left undefined, synapse will serve the matrix-angular-sdk web client.
 > # Make sure matrix-angular-sdk is installed with pip if web_client is True
 > # and web_client_location is undefined
 > # web_client_location: "/path/to/web/root"
 38,45c99,116
 < # A list of other Home Servers to fetch the public room directory from
 < # and include in the public room directory of this home server
 < # This is a temporary stopgap solution to populate new server with a
 < # list of rooms until there exists a good solution of a decentralized
 < # room directory.
 < # secondary_directory_servers:
 < #     - matrix.org
 < #     - vector.im
 ---
 > # Set the limit on the returned events in the timeline in the get
 > # and sync operations. The default value is -1, means no upper limit.
 > # filter_timeline_limit: 5000
 > 
 > # Whether room invites to users on this server should be blocked
 > # (except those sent by local server admins). The default is False.
 > # block_non_admin_invites: True
 > 
 > # Restrict federation to the following whitelist of domains.
 > # N.B. we recommend also firewalling your federation listener to limit
 > # inbound federation traffic as early as possible, rather than relying
 > # purely on this application-layer restriction.  If not specified, the
 > # default is to whitelist everything.
 > #
 > # federation_domain_whitelist:
 > #  - lon.example.com
 > #  - nyc.example.com
 > #  - syd.example.com
 50,85c121,167
 < # WATCHA DISABLED   # Main HTTPS listener
 < # WATCHA DISABLED   # For when matrix traffic is sent directly to synapse.
 < # WATCHA DISABLED   -
 < # WATCHA DISABLED     # The port to listen for HTTPS requests on.
 < # WATCHA DISABLED     port: 8448
 < # WATCHA DISABLED 
 < # WATCHA DISABLED     # Local interface to listen on.
 < # WATCHA DISABLED     # The empty string will cause synapse to listen on all interfaces.
 < # WATCHA DISABLED     bind_address: ''
 < # WATCHA DISABLED 
 < # WATCHA DISABLED     # This is a 'http' listener, allows us to specify 'resources'.
 < # WATCHA DISABLED     type: http
 < # WATCHA DISABLED 
 < # WATCHA DISABLED     tls: true
 < # WATCHA DISABLED 
 < # WATCHA DISABLED     # Use the X-Forwarded-For (XFF) header as the client IP and not the
 < # WATCHA DISABLED     # actual client IP.
 < # WATCHA DISABLED     x_forwarded: false
 < # WATCHA DISABLED 
 < # WATCHA DISABLED     # List of HTTP resources to serve on this listener.
 < # WATCHA DISABLED     resources:
 < # WATCHA DISABLED       -
 < # WATCHA DISABLED         # List of resources to host on this listener.
 < # WATCHA DISABLED         names:
 < # WATCHA DISABLED           - client     # The client-server APIs, both v1 and v2
 < # WATCHA DISABLED           - webclient  # The bundled webclient.
 < # WATCHA DISABLED 
 < # WATCHA DISABLED         # Should synapse compress HTTP responses to clients that support it?
 < # WATCHA DISABLED         # This should be disabled if running synapse behind a load balancer
 < # WATCHA DISABLED         # that can do automatic compression.
 < # WATCHA DISABLED         compress: true
 < # WATCHA DISABLED 
 < # WATCHA DISABLED       - names: [federation]  # Federation APIs
 < # WATCHA DISABLED         compress: false
 < # WATCHA DISABLED 
 < # WATCHA DISABLED   # Unsecure HTTP listener,
 ---
 >   # Main HTTPS listener
 >   # For when matrix traffic is sent directly to synapse.
 >   -
 >     # The port to listen for HTTPS requests on.
 >     port: 8448
 > 
 >     # Local addresses to listen on.
 >     # On Linux and Mac OS, `::` will listen on all IPv4 and IPv6
 >     # addresses by default. For most other OSes, this will only listen
 >     # on IPv6.
 >     bind_addresses:
 >       - '::'
 >       - '0.0.0.0'
 > 
 >     # This is a 'http' listener, allows us to specify 'resources'.
 >     type: http
 > 
 >     tls: true
 > 
 >     # Use the X-Forwarded-For (XFF) header as the client IP and not the
 >     # actual client IP.
 >     x_forwarded: false
 > 
 >     # List of HTTP resources to serve on this listener.
 >     resources:
 >       -
 >         # List of resources to host on this listener.
 >         names:
 >           - client     # The client-server APIs, both v1 and v2
 >           - webclient  # The bundled webclient.
 > 
 >         # Should synapse compress HTTP responses to clients that support it?
 >         # This should be disabled if running synapse behind a load balancer
 >         # that can do automatic compression.
 >         compress: true
 > 
 >       - names: [federation]  # Federation APIs
 >         compress: false
 > 
 >     # optional list of additional endpoints which can be loaded via
 >     # dynamic modules
 >     # additional_resources:
 >     #   "/_matrix/my/custom/endpoint":
 >     #     module: my_module.CustomRequestHandler
 >     #     config: {}
 > 
 >   # Unsecure HTTP listener,
 89c171
 <     bind_address: ''
 ---
 >     bind_addresses: ['::', '0.0.0.0']
 103c185
 <   #   bind_address: 127.0.0.1
 ---
 >   #   bind_addresses: ['::1', '127.0.0.1']
 114c196
 <     database: "/var/lib/matrix-synapse/homeserver.db"
 ---
 >     database: "/usr/src/synapse/homeserver.db"
 120,121d201
 < # A yaml python logging config file
 < log_config: "/etc/matrix-synapse/log.yaml"
 123,126c203,204
 < # Stop twisted from discarding the stack traces of exceptions in
 < # deferreds by waiting a reactor tick before running a deferred's
 < # callbacks.
 < # full_twisted_stacktraces: true
 ---
 > # A yaml python logging config file
 > log_config: "/usr/src/synapse/demo-core.watcha.fr.log.config"
 159c237,254
 < media_store_path: "/var/lib/matrix-synapse/media"
 ---
 > media_store_path: "/usr/src/synapse/media_store"
 > 
 > # Media storage providers allow media to be stored in different
 > # locations.
 > # media_storage_providers:
 > # - module: file_system
 > #   # Whether to write new local files.
 > #   store_local: false
 > #   # Whether to write new remote media
 > #   store_remote: false
 > #   # Whether to block upload requests waiting for write to this
 > #   # provider to complete
 > #   store_synchronous: false
 > #   config:
 > #     directory: /mnt/some/other/directory
 > 
 > # Directory where in-progress uploads are stored.
 > uploads_path: "/usr/src/synapse/uploads"
 209a305,306
 > # - '100.64.0.0/10'
 > # - '169.254.0.0/16'
 260a358
 > # See docs/CAPTCHA_SETUP for full details of configuring this.
 287a386,390
 > # The Username and password if the TURN server needs them and
 > # does not use a token
 > #turn_username: "TURNSERVER_USERNAME"
 > #turn_password: "TURNSERVER_PASSWORD"
 > 
 290a394,400
 > # Whether guests should be allowed to use the TURN server.
 > # This defaults to True, otherwise VoIP will be unreliable for guests.
 > # However, it does introduce a slight security risk as it allows users to
 > # connect to arbitrary endpoints without having first signed up for a
 > # valid account (e.g. by passing a CAPTCHA).
 > turn_allow_guests: True
 > 
 296a407,423
 > # The user must provide all of the below types of 3PID when registering.
 > #
 > # registrations_require_3pid:
 > #     - email
 > #     - msisdn
 > 
 > # Mandate that users are only allowed to associate certain formats of
 > # 3PIDs with accounts on this server.
 > #
 > # allowed_local_3pids:
 > #     - medium: email
 > #       pattern: ".*@matrix\.org"
 > #     - medium: email
 > #       pattern: ".*@vector\.im"
 > #     - medium: msisdn
 > #       pattern: "\+44"
 > 
 299,304c426
 < registration_shared_secret: 'e4L8ddPKy7sLIqja8BaJZoOdgK0uOLo2'
 < 
 < # Sets the expiry for the short term user creation in
 < # milliseconds. For instance the bellow duration is two weeks
 < # in milliseconds.
 < user_creation_max_duration: 1209600000
 ---
 > registration_shared_secret: "FEp2L6Rzw_w-2r+8tBvU@P^~iuaX9QnZ*_+=OBu1j#d4F4LP~@"
 318,320c440,448
 < # WATCHA DISABLED trusted_third_party_id_servers:
 < # WATCHA DISABLED     - matrix.org
 < # WATCHA DISABLED     - vector.im
 ---
 > trusted_third_party_id_servers:
 >     - matrix.org
 >     - vector.im
 >     - riot.im
 > 
 > # Users who register on this homeserver will automatically be joined
 > # to these rooms
 > #auto_join_rooms:
 > #    - "#example:example.com"
 326a455,456
 > report_stats: False
 > 
 342c472
 < # macaroon_secret_key: <PRIVATE STRING>
 ---
 > macaroon_secret_key: "IsxJ-y7HiD;n,KU:BZ0^@Xs13,S2iPwOo510vUOaDbpm:T;w&7"
 350c480
 < signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
 ---
 > signing_key_path: "/usr/src/synapse/demo-core.watcha.fr.signing.key"
 368,373c498,503
 < # WATCHA DISABLED perspectives:
 < # WATCHA DISABLED   servers:
 < # WATCHA DISABLED     "matrix.org":
 < # WATCHA DISABLED       verify_keys:
 < # WATCHA DISABLED         "ed25519:auto":
 < # WATCHA DISABLED           key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
 ---
 > perspectives:
 >   servers:
 >     "matrix.org":
 >       verify_keys:
 >         "ed25519:auto":
 >           key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
 384,385c514,515
 < #   config_path: "/home/erikj/git/synapse/sp_conf.py"
 < #   idp_redirect_url: "http://test/idp"
 ---
 > #   config_path: "/usr/src/synapse/sp_conf.py"
 > #   idp_redirect_url: "http://demo-core.watcha.fr/idp"
 393c523
 < #   service_url: "https://homesever.domain.com:8448"
 ---
 > #   service_url: "https://homeserver.domain.com:8448"
 406,416d535
 < # ldap_config:
 < #   enabled: true
 < #   server: "ldap://localhost"
 < #   port: 389
 < #   tls: false
 < #   search_base: "ou=Users,dc=example,dc=com"
 < #   search_property: "cn"
 < #   email_property: "email"
 < #   full_name_property: "givenName"
 < 
 < 
 420a540,542
 >    # Uncomment and change to a secret random string for extra security.
 >    # DO NOT CHANGE THIS AFTER INITIAL SETUP!
 >    #pepper: ""
 424a547,553
 > # Defining a custom URL for Riot is only needed if email notifications
 > # should contain links to a self-hosted installation of Riot; when set
 > # the "app_name" setting is ignored.
 > #
 > # If your SMTP server requires authentication, the optional smtp_user &
 > # smtp_pass variables should be used
 > #
 428a558,560
 > #   smtp_user: "exampleusername"
 > #   smtp_pass: "examplepassword"
 > #   require_transport_security: False
 434a567,627
 > #   riot_base_url: "http://localhost/riot"
 > 
 > 
 > # password_providers:
 > #     - module: "ldap_auth_provider.LdapAuthProvider"
 > #       config:
 > #         enabled: true
 > #         uri: "ldap://ldap.example.com:389"
 > #         start_tls: true
 > #         base: "ou=users,dc=example,dc=com"
 > #         attributes:
 > #            uid: "cn"
 > #            mail: "email"
 > #            name: "givenName"
 > #         #bind_dn:
 > #         #bind_password:
 > #         #filter: "(objectClass=posixAccount)"
 > 
 > 
 > 
 > # Clients requesting push notifications can either have the body of
 > # the message sent in the notification poke along with other details
 > # like the sender, or just the event ID and room ID (`event_id_only`).
 > # If clients choose the former, this option controls whether the
 > # notification request includes the content of the event (other details
 > # like the sender are still included). For `event_id_only` push, it
 > # has no effect.
 > 
 > # For modern android devices the notification content will still appear
 > # because it is loaded by the app. iPhone, however will send a
 > # notification saying only that a message arrived and who it came from.
 > #
 > #push:
 > #   include_content: true
 > 
 > 
 > # spam_checker:
 > #     module: "my_custom_project.SuperSpamChecker"
 > #     config:
 > #         example_option: 'things'
 > 
 > 
 > # Whether to allow non server admins to create groups on this server
 > enable_group_creation: false
 > 
 > # If enabled, non server admins can only create groups with local parts
 > # starting with this prefix
 > # group_creation_prefix: "unofficial/"
 > 
 > 
 > 
 > # User Directory configuration
 > #
 > # 'search_all_users' defines whether to search all users visible to your HS
 > # when searching the user directory, rather than limiting to users visible
 > # in public rooms.  Defaults to false.  If you set it True, you'll have to run
 > # UPDATE user_directory_stream_pos SET stream_id = NULL;
 > # on your database to tell it to rebuild the user_directory search indexes.
 > #
 > #user_directory:
 > #   search_all_users: false
	7c7
	< tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
	---
	> tls_certificate_path: "/usr/src/synapse/demo-core.watcha.fr.tls.crt"
	10c10
	< tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
	---
	> tls_private_key_path: "/usr/src/synapse/demo-core.watcha.fr.tls.key"
	13c13
	< tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
	---
	> tls_dh_params_path: "/usr/src/synapse/demo-core.watcha.fr.tls.dh"
	17a18,45
	> # List of allowed TLS fingerprints for this server to publish along
	> # with the signing keys for this server. Other matrix servers that
	> # make HTTPS requests to this server will check that the TLS
	> # certificates returned by this server match one of the fingerprints.
	> #
	> # Synapse automatically adds the fingerprint of its own certificate
	> # to the list. So if federation traffic is handled directly by synapse
	> # then no modification to the list is required.
	> #
	> # If synapse is run behind a load balancer that handles the TLS then it
	> # will be necessary to add the fingerprints of the certificates used by
	> # the loadbalancers to this list if they are different to the one
	> # synapse is using.
	> #
	> # Homeservers are permitted to cache the list of TLS fingerprints
	> # returned in the key responses up to the "valid_until_ts" returned in
	> # key. It may be necessary to publish the fingerprints of a new
	> # certificate and wait until the "valid_until_ts" of the previous key
	> # responses have passed before deploying it.
	> #
	> # You can calculate a fingerprint from a given TLS listener via:
	> # openssl s_client -connect $host:$port < /dev/null 2> /dev/null \|
	> # openssl x509 -outform DER \| openssl sha256 -binary \| base64 \| tr -d '='
	> # or by checking matrix.org/federationtester/api/report?server_name=$host
	> #
	> tls_fingerprints: []
	> # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
	>
	20a49,54
	> # The domain name of the server, with optional explicit port.
	> # This is used by remote servers to connect to this server,
	> # e.g. matrix.org, localhost:8080, etc.
	> # This is also the last part of your UserID.
	> server_name: "demo-core.watcha.fr"
	>
	22c56,77
	< pid_file: "/var/run/matrix-synapse.pid"
	---
	> pid_file: /usr/src/synapse/homeserver.pid
	>
	> # CPU affinity mask. Setting this restricts the CPUs on which the
	> # process will be scheduled. It is represented as a bitmask, with the
	> # lowest order bit corresponding to the first logical CPU and the
	> # highest order bit corresponding to the last logical CPU. Not all CPUs
	> # may exist on a given system but a mask may specify more CPUs than are
	> # present.
	> #
	> # For example:
	> # 0x00000001 is processor #0,
	> # 0x00000003 is processors #0 and #1,
	> # 0xFFFFFFFF is all processors (#0 through #31).
	> #
	> # Pinning a Python process to a single CPU is desirable, because Python
	> # is inherently single-threaded due to the GIL, and can suffer a
	> # 30-40% slowdown due to cache blow-out and thread context switching
	> # if the scheduler happens to schedule the underlying threads across
	> # different cores. See
	> # https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/.
	> #
	> # cpu_affinity: 0xFFFFFFFF
	25c80,86
	< web_client: False
	---
	> web_client: True
	>
	> # The root directory to server for the above web client.
	> # If left undefined, synapse will serve the matrix-angular-sdk web client.
	> # Make sure matrix-angular-sdk is installed with pip if web_client is True
	> # and web_client_location is undefined
	> # web_client_location: "/path/to/web/root"
	38,45c99,116
	< # A list of other Home Servers to fetch the public room directory from
	< # and include in the public room directory of this home server
	< # This is a temporary stopgap solution to populate new server with a
	< # list of rooms until there exists a good solution of a decentralized
	< # room directory.
	< # secondary_directory_servers:
	< # - matrix.org
	< # - vector.im
	---
	> # Set the limit on the returned events in the timeline in the get
	> # and sync operations. The default value is -1, means no upper limit.
	> # filter_timeline_limit: 5000
	>
	> # Whether room invites to users on this server should be blocked
	> # (except those sent by local server admins). The default is False.
	> # block_non_admin_invites: True
	>
	> # Restrict federation to the following whitelist of domains.
	> # N.B. we recommend also firewalling your federation listener to limit
	> # inbound federation traffic as early as possible, rather than relying
	> # purely on this application-layer restriction. If not specified, the
	> # default is to whitelist everything.
	> #
	> # federation_domain_whitelist:
	> # - lon.example.com
	> # - nyc.example.com
	> # - syd.example.com
	50,85c121,167
	< # WATCHA DISABLED # Main HTTPS listener
	< # WATCHA DISABLED # For when matrix traffic is sent directly to synapse.
	< # WATCHA DISABLED -
	< # WATCHA DISABLED # The port to listen for HTTPS requests on.
	< # WATCHA DISABLED port: 8448
	< # WATCHA DISABLED
	< # WATCHA DISABLED # Local interface to listen on.
	< # WATCHA DISABLED # The empty string will cause synapse to listen on all interfaces.
	< # WATCHA DISABLED bind_address: ''
	< # WATCHA DISABLED
	< # WATCHA DISABLED # This is a 'http' listener, allows us to specify 'resources'.
	< # WATCHA DISABLED type: http
	< # WATCHA DISABLED
	< # WATCHA DISABLED tls: true
	< # WATCHA DISABLED
	< # WATCHA DISABLED # Use the X-Forwarded-For (XFF) header as the client IP and not the
	< # WATCHA DISABLED # actual client IP.
	< # WATCHA DISABLED x_forwarded: false
	< # WATCHA DISABLED
	< # WATCHA DISABLED # List of HTTP resources to serve on this listener.
	< # WATCHA DISABLED resources:
	< # WATCHA DISABLED -
	< # WATCHA DISABLED # List of resources to host on this listener.
	< # WATCHA DISABLED names:
	< # WATCHA DISABLED - client # The client-server APIs, both v1 and v2
	< # WATCHA DISABLED - webclient # The bundled webclient.
	< # WATCHA DISABLED
	< # WATCHA DISABLED # Should synapse compress HTTP responses to clients that support it?
	< # WATCHA DISABLED # This should be disabled if running synapse behind a load balancer
	< # WATCHA DISABLED # that can do automatic compression.
	< # WATCHA DISABLED compress: true
	< # WATCHA DISABLED
	< # WATCHA DISABLED - names: [federation] # Federation APIs
	< # WATCHA DISABLED compress: false
	< # WATCHA DISABLED
	< # WATCHA DISABLED # Unsecure HTTP listener,
	---
	> # Main HTTPS listener
	> # For when matrix traffic is sent directly to synapse.
	> -
	> # The port to listen for HTTPS requests on.
	> port: 8448
	>
	> # Local addresses to listen on.
	> # On Linux and Mac OS, `::` will listen on all IPv4 and IPv6
	> # addresses by default. For most other OSes, this will only listen
	> # on IPv6.
	> bind_addresses:
	> - '::'
	> - '0.0.0.0'
	>
	> # This is a 'http' listener, allows us to specify 'resources'.
	> type: http
	>
	> tls: true
	>
	> # Use the X-Forwarded-For (XFF) header as the client IP and not the
	> # actual client IP.
	> x_forwarded: false
	>
	> # List of HTTP resources to serve on this listener.
	> resources:
	> -
	> # List of resources to host on this listener.
	> names:
	> - client # The client-server APIs, both v1 and v2
	> - webclient # The bundled webclient.
	>
	> # Should synapse compress HTTP responses to clients that support it?
	> # This should be disabled if running synapse behind a load balancer
	> # that can do automatic compression.
	> compress: true
	>
	> - names: [federation] # Federation APIs
	> compress: false
	>
	> # optional list of additional endpoints which can be loaded via
	> # dynamic modules
	> # additional_resources:
	> # "/_matrix/my/custom/endpoint":
	> # module: my_module.CustomRequestHandler
	> # config: {}
	>
	> # Unsecure HTTP listener,
	89c171
	< bind_address: ''
	---
	> bind_addresses: ['::', '0.0.0.0']
	103c185
	< # bind_address: 127.0.0.1
	---
	> # bind_addresses: ['::1', '127.0.0.1']
	114c196
	< database: "/var/lib/matrix-synapse/homeserver.db"
	---
	> database: "/usr/src/synapse/homeserver.db"
	120,121d201
	< # A yaml python logging config file
	< log_config: "/etc/matrix-synapse/log.yaml"
	123,126c203,204
	< # Stop twisted from discarding the stack traces of exceptions in
	< # deferreds by waiting a reactor tick before running a deferred's
	< # callbacks.
	< # full_twisted_stacktraces: true
	---
	> # A yaml python logging config file
	> log_config: "/usr/src/synapse/demo-core.watcha.fr.log.config"
	159c237,254
	< media_store_path: "/var/lib/matrix-synapse/media"
	---
	> media_store_path: "/usr/src/synapse/media_store"
	>
	> # Media storage providers allow media to be stored in different
	> # locations.
	> # media_storage_providers:
	> # - module: file_system
	> # # Whether to write new local files.
	> # store_local: false
	> # # Whether to write new remote media
	> # store_remote: false
	> # # Whether to block upload requests waiting for write to this
	> # # provider to complete
	> # store_synchronous: false
	> # config:
	> # directory: /mnt/some/other/directory
	>
	> # Directory where in-progress uploads are stored.
	> uploads_path: "/usr/src/synapse/uploads"
	209a305,306
	> # - '100.64.0.0/10'
	> # - '169.254.0.0/16'
	260a358
	> # See docs/CAPTCHA_SETUP for full details of configuring this.
	287a386,390
	> # The Username and password if the TURN server needs them and
	> # does not use a token
	> #turn_username: "TURNSERVER_USERNAME"
	> #turn_password: "TURNSERVER_PASSWORD"
	>
	290a394,400
	> # Whether guests should be allowed to use the TURN server.
	> # This defaults to True, otherwise VoIP will be unreliable for guests.
	> # However, it does introduce a slight security risk as it allows users to
	> # connect to arbitrary endpoints without having first signed up for a
	> # valid account (e.g. by passing a CAPTCHA).
	> turn_allow_guests: True
	>
	296a407,423
	> # The user must provide all of the below types of 3PID when registering.
	> #
	> # registrations_require_3pid:
	> # - email
	> # - msisdn
	>
	> # Mandate that users are only allowed to associate certain formats of
	> # 3PIDs with accounts on this server.
	> #
	> # allowed_local_3pids:
	> # - medium: email
	> # pattern: ".*@matrix\.org"
	> # - medium: email
	> # pattern: ".*@vector\.im"
	> # - medium: msisdn
	> # pattern: "\+44"
	>
	299,304c426
	< registration_shared_secret: 'e4L8ddPKy7sLIqja8BaJZoOdgK0uOLo2'
	<
	< # Sets the expiry for the short term user creation in
	< # milliseconds. For instance the bellow duration is two weeks
	< # in milliseconds.
	< user_creation_max_duration: 1209600000
	---
	> registration_shared_secret: "FEp2L6Rzw_w-2r+8tBvU@P^~iuaX9QnZ*_+=OBu1j#d4F4LP~@"
	318,320c440,448
	< # WATCHA DISABLED trusted_third_party_id_servers:
	< # WATCHA DISABLED - matrix.org
	< # WATCHA DISABLED - vector.im
	---
	> trusted_third_party_id_servers:
	> - matrix.org
	> - vector.im
	> - riot.im
	>
	> # Users who register on this homeserver will automatically be joined
	> # to these rooms
	> #auto_join_rooms:
	> # - "#example:example.com"
	326a455,456
	> report_stats: False
	>
	342c472
	< # macaroon_secret_key: <PRIVATE STRING>
	---
	> macaroon_secret_key: "IsxJ-y7HiD;n,KU:BZ0^@Xs13,S2iPwOo510vUOaDbpm:T;w&7"
	350c480
	< signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
	---
	> signing_key_path: "/usr/src/synapse/demo-core.watcha.fr.signing.key"
	368,373c498,503
	< # WATCHA DISABLED perspectives:
	< # WATCHA DISABLED servers:
	< # WATCHA DISABLED "matrix.org":
	< # WATCHA DISABLED verify_keys:
	< # WATCHA DISABLED "ed25519:auto":
	< # WATCHA DISABLED key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
	---
	> perspectives:
	> servers:
	> "matrix.org":
	> verify_keys:
	> "ed25519:auto":
	> key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
	384,385c514,515
	< # config_path: "/home/erikj/git/synapse/sp_conf.py"
	< # idp_redirect_url: "http://test/idp"
	---
	> # config_path: "/usr/src/synapse/sp_conf.py"
	> # idp_redirect_url: "http://demo-core.watcha.fr/idp"
	393c523
	< # service_url: "https://homesever.domain.com:8448"
	---
	> # service_url: "https://homeserver.domain.com:8448"
	406,416d535
	< # ldap_config:
	< # enabled: true
	< # server: "ldap://localhost"
	< # port: 389
	< # tls: false
	< # search_base: "ou=Users,dc=example,dc=com"
	< # search_property: "cn"
	< # email_property: "email"
	< # full_name_property: "givenName"
	<
	<
	420a540,542
	> # Uncomment and change to a secret random string for extra security.
	> # DO NOT CHANGE THIS AFTER INITIAL SETUP!
	> #pepper: ""
	424a547,553
	> # Defining a custom URL for Riot is only needed if email notifications
	> # should contain links to a self-hosted installation of Riot; when set
	> # the "app_name" setting is ignored.
	> #
	> # If your SMTP server requires authentication, the optional smtp_user &
	> # smtp_pass variables should be used
	> #
	428a558,560
	> # smtp_user: "exampleusername"
	> # smtp_pass: "examplepassword"
	> # require_transport_security: False
	434a567,627
	> # riot_base_url: "http://localhost/riot"
	>
	>
	> # password_providers:
	> # - module: "ldap_auth_provider.LdapAuthProvider"
	> # config:
	> # enabled: true
	> # uri: "ldap://ldap.example.com:389"
	> # start_tls: true
	> # base: "ou=users,dc=example,dc=com"
	> # attributes:
	> # uid: "cn"
	> # mail: "email"
	> # name: "givenName"
	> # #bind_dn:
	> # #bind_password:
	> # #filter: "(objectClass=posixAccount)"
	>
	>
	>
	> # Clients requesting push notifications can either have the body of
	> # the message sent in the notification poke along with other details
	> # like the sender, or just the event ID and room ID (`event_id_only`).
	> # If clients choose the former, this option controls whether the
	> # notification request includes the content of the event (other details
	> # like the sender are still included). For `event_id_only` push, it
	> # has no effect.
	>
	> # For modern android devices the notification content will still appear
	> # because it is loaded by the app. iPhone, however will send a
	> # notification saying only that a message arrived and who it came from.
	> #
	> #push:
	> # include_content: true
	>
	>
	> # spam_checker:
	> # module: "my_custom_project.SuperSpamChecker"
	> # config:
	> # example_option: 'things'
	>
	>
	> # Whether to allow non server admins to create groups on this server
	> enable_group_creation: false
	>
	> # If enabled, non server admins can only create groups with local parts
	> # starting with this prefix
	> # group_creation_prefix: "unofficial/"
	>
	>
	>
	> # User Directory configuration
	> #
	> # 'search_all_users' defines whether to search all users visible to your HS
	> # when searching the user directory, rather than limiting to users visible
	> # in public rooms. Defaults to false. If you set it True, you'll have to run
	> # UPDATE user_directory_stream_pos SET stream_id = NULL;
	> # on your database to tell it to rebuild the user_directory search indexes.
	> #
	> #user_directory:
	> # search_all_users: false