diff --git a/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml b/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml index e69de29..e155dfa 100644 --- a/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml +++ b/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml @@ -0,0 +1,86 @@ +--- +# The bare domain name which represents your Matrix identity. +# Matrix user ids for your server will be of the form (`@user:`). +matrix_domain: 'cttue.de' + +# This is where Matrix services +matrix_server_fqn_matrix: 'matrix.cttue.de' + +# This is where you access the Element web UI from (if enabled via `matrix_client_element_enabled: true`; enabled by default). +# This and the Matrix FQN (see above) are expected to be on the same server. +matrix_server_fqn_element: 'element.cttue.de' + +# The Matrix homeserver software to install. +# See `roles/matrix-base/defaults/main.yml` for valid options. +matrix_homeserver_implementation: synapse + +# docker already installed +matrix_docker_installation_enabled: true + +# A secret used as a base, for generating various other secrets. +# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). +matrix_homeserver_generic_secret_key: '0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iUET5UXgG3ku8IPbVsDvxKICQ' + +# A Postgres password to use for the superuser Postgres user (called `matrix` by default). +# +# The playbook creates additional Postgres users and databases (one for each enabled service) +# using this superuser account. +matrix_postgres_connection_password: 'SIHm7TtFF1ntGxKu' + +#################### jwilder/nginx-proxy related ################### + +# Disable generation and retrieval of SSL certs +matrix_ssl_retrieval_method: none + +# Configure Nginx to only use plain HTTP +matrix_nginx_proxy_https_enabled: false + +# Don't bind any HTTP or federation port to the host +matrix_nginx_proxy_container_http_host_bind_port: '' +matrix_nginx_proxy_container_federation_host_bind_port: '' + +# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. +matrix_nginx_proxy_trust_forwarded_proto: true + +# Trust and use the other reverse proxy's `X-Forwarded-For` header. +matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for' + +# Disable Coturn because it needs SSL certs +# (Clients can, though exposing IP address, use Matrix.org TURN) +matrix_coturn_enabled: true + +# All containers need to be on the same Docker network as nginx-proxy +matrix_docker_network: 'cttue_web_services' + +matrix_nginx_proxy_container_extra_arguments: + - '-e "VIRTUAL_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' + - '-e "VIRTUAL_PORT=8080"' + - '-e "LETSENCRYPT_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' + +# change federation to 443 +matrix_synapse_http_listener_resource_names: ["client","federation"] +matrix_federation_public_port: 443 +matrix_synapse_federation_port_enabled: false + +# Expose server's public rooms directory via federation +matrix_synapse_allow_public_rooms_over_federation: true + + +################ Custom synapse configuration (for OpenID SSO) ############### +matrix_synapse_configuration_extension_yaml: | + oidc_providers: + - idp_id: cttue + idp_name: "Chaostreff Tübingen SSO" + issuer: "https://auth.cttue.de/auth/realms/cttue" + client_id: "matrix" + client_secret: "EItmul7WaoTW6rzxxnLpGS1G9OqzmSR8" + scopes: ["openid", "profile"] + authorization_endpoint: "https://auth.cttue.de/auth/realms/cttue/protocol/openid-connect/auth" + token_endpoint: "https://auth.cttue.de/auth/realms/cttue/protocol/openid-connect/token" + userinfo_endpoint: "https://auth.cttue.de/auth/realms/cttue/protocol/openid-connect/userinfo" + user_mapping_provider: + config: + localpart_template: "{{ user.preferred_username }}" + display_name_template: "{{ user.name }}" + email_template: "{{ user.email }}" +