Skip to content

Runtime Settings Reference

Runtime settings are hot-reload settings stored in PostgreSQL. They are mainly for changing product policy while the service is running. They are different from YAML/env/CLI startup configuration:

TypeStorageHot reloadSuitable for
Startup configurationYAML, env, secret files, CLI flagsNo; usually requires restartPorts, database, Redis, secrets, TLS, data_dir, cache enablement
Runtime settingsPostgreSQL settings tableYes; replicas sync through LISTEN/NOTIFYRegistration, room creation, permission defaults, proxy switches, CORS, chat retention
Terminal window
synctv settings list
synctv settings get user
synctv settings update user --set enablePasswordSignup=true

If the command supports grouped --set form:

Terminal window
synctv settings update email --set whitelistEnabled=true --set whitelistDomains=example.com

Check the current binary with synctv settings --help.

Runtime settings are written to PostgreSQL and propagated to other replicas through PostgreSQL LISTEN/NOTIFY.

Semantics:

  • Each setting key has a registered typed provider.
  • Writes are type-checked and value-validated before persistence.
  • Cross-key invariants use transactional validation, for example room policy is validated in a single transaction.
  • If a replica misses notifications, it refreshes from a full snapshot.
KeyTypeDefaultValidationMeaning
server.allowRoomCreationbooltrueboolWhether users can create rooms
server.maxRoomsPerUseri64101..=1000Maximum rooms per user
server.maxMembersPerRoomi641001..=10000Maximum members per room
server.maxChatMessagesu64500<=10000; 0 means unlimitedService-level public chat message cap policy; cleanup uses chat.maxMessagesPerRoom
KeyTypeDefaultMeaning
permissions.adminDefaultPermissionsPermission-name arrayBuilt-in admin permission setGlobal default permissions for room admin
permissions.memberDefaultPermissionsPermission-name arrayBuilt-in member permission setGlobal default permissions for room member
permissions.guestDefaultPermissionsPermission-name array[]Global default permissions for room guest; only view_member_list, view_chat_history, and use_webrtc are accepted

These settings are stored as JSON arrays of stable permission names, for example:

["send_chat", "create_media_resource", "view_media_resources", "view_member_list"]

permissions.guestDefaultPermissions has a dedicated guest ceiling. It rejects view_media_resources, send_chat, media-resource, playback-control, and administration permissions. Valid example:

["view_member_list", "view_chat_history", "use_webrtc"]

See Rooms, Permissions, and Preferences for permission names, role defaults, and room override rules.

KeyTypeDefaultValidationMeaning
room.disableCreateRoomboolfalseboolDisable room creation
room.createRoomNeedReviewboolfalseboolRequire review for room creation
room.passwordPolicyenum stringoptionaloptional, required, forbiddenRoom password policy
KeyTypeDefaultMeaning
user.enablePasswordSignupboolfalseAllow local password signup, including OPAQUE registration and direct password transport registration
user.passwordSignupNeedReviewboolfalseRequire review for password signup
user.enableEmailSignupboolfalseAllow email registration where confirmation sets local password credentials
user.emailSignupNeedReviewboolfalseRequire review for email signup
user.enableWebauthnSignupboolfalseAllow WebAuthn/passkey as the initial account registration method; authenticated passkey binding is not signup
user.webauthnSignupNeedReviewboolfalseRequire review for WebAuthn signup; the review queue stores the pending passkey and approval creates the account with its WebAuthn credential
user.enableGuestbooltrueAllow guest capability

All registration modes are disabled by default. Production deployments should enable only the intended entry points and configure review independently for each mode.

KeyTypeDefaultMeaning
oauth2.providersJSON array[]OAuth2/OIDC provider instance registry. Each element is an OAuth2ProviderSettings ProtoJSON object

oauth2.providers is the OAuth2 configuration entry point. instanceName may contain only ASCII letters, digits, _, and -, and must be at most 64 bytes. Each element uses one provider oneof field such as github or oidc:

[
{
"instanceName": "github",
"enableSignup": true,
"signupNeedReview": false,
"github": {
"clientId": "github-client-id",
"clientSecret": "github-client-secret",
"redirectUrl": "https://app.example.com/oauth2/callback"
}
},
{
"instanceName": "corp_oidc",
"enableSignup": false,
"signupNeedReview": false,
"oidc": {
"clientId": "synctv",
"clientSecret": "oidc-client-secret",
"issuer": "https://idp.example.com",
"redirectUrl": "https://app.example.com/oauth2/callback"
}
}
]

A missing provider instance means that login entry point is unavailable. Missing or false enableSignup blocks first-time OAuth2 account creation while existing linked OAuth2 logins continue to work. signupNeedReview=true stores first-time OAuth2 signup in the user registration review queue; approval creates the local account and OAuth2 binding.

User-level 2FA and notification preferences are user preferences, not runtime settings. Provider instance bindings are stored on provider credentials created during provider login. See Rooms, Permissions, and Preferences.

KeyTypeDefaultMeaning
proxy.movieProxybooltrueAllow media proxy paths
proxy.liveProxybooltrueAllow livestream proxy paths

These are business proxy policy switches, not startup setting proxy_slice_cache.enabled. Slice-cache enablement is startup-only.

KeyTypeDefaultMeaning
rtmp.customPublishHoststring""Custom publish host returned to stream publishers
rtmp.tsDisguisedAsPngboolfalseDisguise TS segments as PNG paths or responses
KeyTypeDefaultMeaning
email.whitelistEnabledboolfalseEnable email allowlist
email.whitelistDomainsstring""Email allowlist content as comma-separated domains or email addresses

When email.whitelistEnabled=true but email.whitelistDomains is empty, no email domain is rejected. Matching is enforced only when the allowlist has entries.

SMTP host, password, and sender configuration remain startup settings. See Email and OAuth2.

KeyTypeDefaultMeaning
webrtc.externalIceServersJSON/string structuretwo Google STUN entriesExternal ICE servers returned to native clients

Default value:

[
{ "urls": ["stun:stun.l.google.com:19302"] },
{ "urls": ["stun:stun1.l.google.com:19302"] }
]

Built-in STUN listener configuration is startup configuration. See WebRTC Configuration.

KeyTypeDefaultValidationMeaning
chat.maxMessagesPerRoomu64500<=100000; 0 means unlimitedMaximum retained chat messages per room
chat.maxPinnedMessagesPerRoomu6420<=1000Maximum retained pinned chat messages per room
chat.messageRetentionDaysi64 days901..=3650Maximum chat message retention age
KeyTypeDefaultMeaning
cors.allowedOriginsJSON/string structure[]Runtime CORS allowed origins for proxy-related paths

Main service startup CORS is server.cors_allowed_origins. Runtime CORS is for policy that can change while the service runs.

Terminal window
synctv settings update user --set enablePasswordSignup=true

Confirm Hot-Reload Scope

Ports, secrets, database, Redis, TLS, and cache enablement are startup configuration, not runtime settings.

Read Current Value

Run synctv settings get <key> before changing a value and keep it for rollback.

Watch Replicas

Multi-replica sync depends on PostgreSQL notifications; observe all replicas after changes.

Record Reason

Keep reasons for registration, room creation, proxy, and permission-default policy changes.