forked from spantaleev/matrix-docker-ansible-deploy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
178 lines (152 loc) · 7.66 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# ma1sd is a Federated Matrix Identity Server
# See: https://github.com/ma1uta/ma1sd
matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: false
matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.3.0"
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"
matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src"
matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config"
matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data"
# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/8090 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
matrix_ma1sd_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_ma1sd_container_extra_arguments: []
# List of systemd services that matrix-ma1sd.service depends on
matrix_ma1sd_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-ma1sd.service wants
matrix_ma1sd_systemd_wanted_services_list: []
# Your identity server is private by default.
# To ensure maximum discovery, you can make your identity server
# also forward lookups to the central matrix.org Identity server
# (at the cost of potentially leaking all your contacts information).
# Enabling this is discouraged. Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups
matrix_ma1sd_matrixorg_forwarding_enabled: false
# ma1sd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md
matrix_ma1sd_synapsesql_enabled: false
matrix_ma1sd_synapsesql_type: ""
matrix_ma1sd_synapsesql_connection: ""
# Setting up email-sending settings is required for using ma1sd.
matrix_ma1sd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
matrix_ma1sd_threepid_medium_email_connectors_smtp_host: ""
matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 587
matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 1
matrix_ma1sd_threepid_medium_email_connectors_smtp_login: ""
matrix_ma1sd_threepid_medium_email_connectors_smtp_password: ""
# DNS overwrites are useful for telling ma1sd how it can reach the homeserver directly.
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to ma1sd,
# so that ma1sd can rewrite the original URL to one that would reach the homeserver.
matrix_ma1sd_dns_overwrite_enabled: false
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# Override the default email templates
# To use this, fill in the template variables with the full desired template as a multi-line YAML variable
#
# More info:
# https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md
# https://github.com/ma1uta/ma1sd/tree/master/src/main/resources/threepids/email
matrix_ma1sd_threepid_medium_email_custom_templates_enabled: false
matrix_ma1sd_threepid_medium_email_custom_invite_template: ""
matrix_ma1sd_threepid_medium_email_custom_session_validation_template: ""
matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template: ""
matrix_ma1sd_threepid_medium_email_custom_matrixid_template: ""
# Controls whether the self-check feature should validate SSL certificates.
matrix_ma1sd_self_check_validate_certificates: true
# Controls ma1sd logging verbosity for troubleshooting.
#
# According to: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity
matrix_ma1sd_verbose_logging: false
# Default ma1sd configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_ma1sd_configuration_yaml: |
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/ma1sd/sign.key
storage:
provider:
sqlite:
database: /var/ma1sd/ma1sd.db
{% if matrix_ma1sd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
invite: '/var/ma1sd/invite-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/ma1sd/validate-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/ma1sd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
type: {{ matrix_ma1sd_synapsesql_type }}
connection: {{ matrix_ma1sd_synapsesql_connection }}
matrix_ma1sd_configuration_extension_yaml: |
# Your custom YAML configuration for ma1sd goes here.
# This configuration extends the default starting configuration (`matrix_ma1sd_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_ma1sd_configuration_yaml`.
#
# Example configuration extension follows:
#
# ldap:
# enabled: true
# connection:
# host: ldapHostnameOrIp
# tls: false
# port: 389
# baseDNs: ['OU=Users,DC=example,DC=org']
# bindDn: CN=My Ma1sd User,OU=Users,DC=example,DC=org
# bindPassword: TheUserPassword
matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final ma1sd configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`.
matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml|from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}"