-
Notifications
You must be signed in to change notification settings - Fork 9
/
config.sample.yaml
122 lines (106 loc) · 5.19 KB
/
config.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Configuration file template for the Matrix Content Scanner.
#
# Supported time units:
# * ms, millisecond, milliseconds
# * s, sec, secs, second, seconds
# * m, min, mins, minute, minutes
# * h, hour, hours
# * d, day, days
# * w, week, weeks
# * y, year, years
# If no unit is given, "seconds" are implied.
#
# Examples of supported size units can be found here: https://humanfriendly.readthedocs.io/en/latest/api.html#humanfriendly.parse_size
# Size units use a decimal base, so 1KB means 1000 bytes, while 1KiB means 1024 bytes.
# Configuration for hosting the HTTP(S) API.
web:
host: 127.0.0.1
port: 8080
# Configuration for scanning files.
scan:
# The script to run to scan a file. This script will be called with a path to the
# downloaded file as its only argument, e.g. "./example.sh /temp/foo.bar/my_file".
# Required.
script: "./example.sh"
# Directory in which to download files for scanning. Each file downloaded is removed
# after the scan has completed.
# Required.
temp_directory: "/tmp"
# Command to run to remove files from disk once they have been scanned.
# Optional, defaults to "rm".
removal_command: "srm"
# List of allowed MIME types. If a file has a MIME type that's not in this list, its
# scan is considered failed.
# Unrecognised binary files are considered to be `application/octet-stream`.
# Unrecognised text files are considered to be `text/plain`.
# Optional, defaults to allowing all MIME types.
allowed_mimetypes: ["image/jpeg"]
# List of blocked MIME types.
# If specified, `allowed_mimetypes` must not be specified as well.
# If specified, a file whose MIME type is on this list will produce a scan that is
# considered failed.
# Unrecognised binary files are considered to be `application/octet-stream`.
# Unrecognised text files are considered to be `text/plain`.
# Optional.
# blocked_mimetypes: ["image/jpeg"]
# Configuration of scan result caching.
#
# Results are stored in a cache to avoid having to download and scan a file twice. There
# is a unique entry in this cache for each set of media path (i.e. the
# "server_name/media_id" identifier for the media), thumbnailing parameters and
# encryption metadata. This means that, for example, the result for the scan of the media
# "example.com/abc" and the result for the scan of the *thumbnail* of "example.com/abc"
# will be stored in two separate entries.
#
# Each entry in the cache includes the result of the scan as well as a copy of the media
# that was scanned. If the media fails the scan, however, or is larger than the configured
# maximum size (if set), no copy of the media is stored in the result cache.
result_cache:
# List of exit codes from the scanning script that shouldn't cause the result of the
# scan to be cached for future requests.
# Optional, defaults to an empty list (i.e. results are cached regardless of the
# script's exit code).
exit_codes_to_ignore: [1, 2]
# Maximum number of results that can be stored in the cache. If more files are
# scanned before existing items reach their TTL, the least-recently accessed will be
# evicted.
# Optional, defaults to 1024.
max_size: 2048
# The maximum amount of time an entry will stay in the cache before being evicted.
# Optional, defaults to 1 week.
ttl: "1d"
# The maximum cachable file size. If a file is bigger than this size, a copy of it
# will be not be cached even if the scan succeeds. If the file is requested again, it
# is downloaded again from the homeserver, but is not written to disk or scanned.
# Optional, defaults to no maximum size.
max_file_size: "100MB"
# Configuration for downloading files.
# When downloading files directly from their respective homeservers (which is the default
# behaviour), the homeservers' default URLs are determined using .well-known discovery
# (defaults to using the homeserver's domain if not available).
# See https://spec.matrix.org/latest/client-server-api/#server-discovery for more info.
# Settings in this section (apart from `base_homeserver_url`) apply to .well-known
# discovery requests as well as file download ones.
download:
# If provided, all files are downloaded using the homeserver at this URL. If this
# setting is provided, .well-known discovery is not used to determine the base URL
# to use.
# Optional, defaults to downloading files directly from their respective homeservers.
base_homeserver_url: "https://matrix.org"
# HTTP(S) proxy to use when sending requests.
# Optional, defaults to no proxy.
proxy: "http://10.0.0.1:3128"
# Headers to send in outgoing requests.
# Optional, defaults to no additional headers.
additional_headers:
user-agent: "matrix-content-scanner"
# Configuration for decrypting Olm-encrypted request bodies.
crypto:
# The path to the Olm pickle file. This file contains the key pair to use when
# encrypting and decrypting encrypted POST request bodies.
# A new keypair will be created at startup if the pickle file doesn't already exist.
# Required.
pickle_path: "./pickle"
# The key to use to decode the pickle file.
# Required.
pickle_key: "this_is_a_secret"