|
|
|
@ -1,14 +1,14 @@ |
|
|
|
--- |
|
|
|
--- |
|
|
|
# The bare domain name which represents your Matrix identity. |
|
|
|
# The bare domain name which represents your Matrix identity. |
|
|
|
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`). |
|
|
|
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`). |
|
|
|
matrix_domain: 'cttue.de' |
|
|
|
matrix_domain: "cttue.de" |
|
|
|
|
|
|
|
|
|
|
|
# This is where Matrix services |
|
|
|
# This is where Matrix services |
|
|
|
matrix_server_fqn_matrix: 'matrix.cttue.de' |
|
|
|
matrix_server_fqn_matrix: "matrix.cttue.de" |
|
|
|
|
|
|
|
|
|
|
|
# This is where you access the Element web UI from (if enabled via `matrix_client_element_enabled: true`; enabled by default). |
|
|
|
# This is where you access the Element web UI from (if enabled via `matrix_client_element_enabled: true`; enabled by default). |
|
|
|
# This and the Matrix FQN (see above) are expected to be on the same server. |
|
|
|
# This and the Matrix FQN (see above) are expected to be on the same server. |
|
|
|
matrix_server_fqn_element: 'element.cttue.de' |
|
|
|
matrix_server_fqn_element: "element.cttue.de" |
|
|
|
|
|
|
|
|
|
|
|
# The Matrix homeserver software to install. |
|
|
|
# The Matrix homeserver software to install. |
|
|
|
# See `roles/matrix-base/defaults/main.yml` for valid options. |
|
|
|
# See `roles/matrix-base/defaults/main.yml` for valid options. |
|
|
|
@ -19,13 +19,13 @@ matrix_docker_installation_enabled: true |
|
|
|
|
|
|
|
|
|
|
|
# A secret used as a base, for generating various other secrets. |
|
|
|
# A secret used as a base, for generating various other secrets. |
|
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). |
|
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). |
|
|
|
matrix_homeserver_generic_secret_key: '0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iUET5UXgG3ku8IPbVsDvxKICQ' |
|
|
|
matrix_homeserver_generic_secret_key: "0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iUET5UXgG3ku8IPbVsDvxKICQ" |
|
|
|
|
|
|
|
|
|
|
|
# A Postgres password to use for the superuser Postgres user (called `matrix` by default). |
|
|
|
# A Postgres password to use for the superuser Postgres user (called `matrix` by default). |
|
|
|
# |
|
|
|
# |
|
|
|
# The playbook creates additional Postgres users and databases (one for each enabled service) |
|
|
|
# The playbook creates additional Postgres users and databases (one for each enabled service) |
|
|
|
# using this superuser account. |
|
|
|
# using this superuser account. |
|
|
|
matrix_postgres_connection_password: 'SIHm7TtFF1ntGxKu' |
|
|
|
matrix_postgres_connection_password: "SIHm7TtFF1ntGxKu" |
|
|
|
|
|
|
|
|
|
|
|
#################### jwilder/nginx-proxy related ################### |
|
|
|
#################### jwilder/nginx-proxy related ################### |
|
|
|
|
|
|
|
|
|
|
|
@ -36,21 +36,40 @@ matrix_ssl_retrieval_method: none |
|
|
|
matrix_nginx_proxy_https_enabled: false |
|
|
|
matrix_nginx_proxy_https_enabled: false |
|
|
|
|
|
|
|
|
|
|
|
# Don't bind any HTTP or federation port to the host |
|
|
|
# Don't bind any HTTP or federation port to the host |
|
|
|
matrix_nginx_proxy_container_http_host_bind_port: '' |
|
|
|
matrix_nginx_proxy_container_http_host_bind_port: "" |
|
|
|
matrix_nginx_proxy_container_federation_host_bind_port: '' |
|
|
|
matrix_nginx_proxy_container_federation_host_bind_port: "" |
|
|
|
|
|
|
|
|
|
|
|
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. |
|
|
|
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. |
|
|
|
matrix_nginx_proxy_trust_forwarded_proto: true |
|
|
|
matrix_nginx_proxy_trust_forwarded_proto: true |
|
|
|
|
|
|
|
|
|
|
|
# Trust and use the other reverse proxy's `X-Forwarded-For` header. |
|
|
|
# Trust and use the other reverse proxy's `X-Forwarded-For` header. |
|
|
|
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for' |
|
|
|
matrix_nginx_proxy_x_forwarded_for: "$proxy_add_x_forwarded_for" |
|
|
|
|
|
|
|
|
|
|
|
# Disable Coturn because it needs SSL certs |
|
|
|
# Disable Coturn because it needs SSL certs |
|
|
|
# (Clients can, though exposing IP address, use Matrix.org TURN) |
|
|
|
# (Clients can, though exposing IP address, use Matrix.org TURN) |
|
|
|
matrix_coturn_enabled: true |
|
|
|
matrix_coturn_enabled: true |
|
|
|
|
|
|
|
matrix_coturn_turn_external_ip_address: "89.163.204.197" |
|
|
|
|
|
|
|
matrix_coturn_turn_udp_min_port: 49152 |
|
|
|
|
|
|
|
matrix_coturn_turn_udp_max_port: 49272 |
|
|
|
|
|
|
|
matrix_coturn_container_extra_arguments: |
|
|
|
|
|
|
|
- '-e "VIRTUAL_HOST=turn.cttue.de"' |
|
|
|
|
|
|
|
- '-e "VIRTUAL_PORT=3478"' |
|
|
|
|
|
|
|
- '-e "LETSENCRYPT_HOST=turn.cttue.de"' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
matrix_coturn_container_additional_volumes: |
|
|
|
|
|
|
|
- { |
|
|
|
|
|
|
|
"src": "/srv/docker-containers/nginx-proxy/certs/turn.cttue.de", |
|
|
|
|
|
|
|
"dst": "/certs", |
|
|
|
|
|
|
|
"options": "ro", |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
matrix_coturn_tls_enabled: false |
|
|
|
|
|
|
|
matrix_coturn_tls_cert_path: "/certs/fullchain.pem" |
|
|
|
|
|
|
|
matrix_coturn_tls_key_path: "/certs/key.pem" |
|
|
|
|
|
|
|
|
|
|
|
# All containers need to be on the same Docker network as nginx-proxy |
|
|
|
# All containers need to be on the same Docker network as nginx-proxy |
|
|
|
matrix_docker_network: 'cttue_web_services' |
|
|
|
matrix_docker_network: "cttue_web_services" |
|
|
|
|
|
|
|
matrix_coturn_docker_network: "cttue_web_services" |
|
|
|
|
|
|
|
|
|
|
|
matrix_nginx_proxy_container_extra_arguments: |
|
|
|
matrix_nginx_proxy_container_extra_arguments: |
|
|
|
- '-e "VIRTUAL_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' |
|
|
|
- '-e "VIRTUAL_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' |
|
|
|
@ -65,7 +84,6 @@ matrix_synapse_federation_port_enabled: false |
|
|
|
# Expose server's public rooms directory via federation |
|
|
|
# Expose server's public rooms directory via federation |
|
|
|
matrix_synapse_allow_public_rooms_over_federation: true |
|
|
|
matrix_synapse_allow_public_rooms_over_federation: true |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################ Custom synapse configuration (for OpenID SSO) ############### |
|
|
|
################ Custom synapse configuration (for OpenID SSO) ############### |
|
|
|
matrix_synapse_configuration_extension_yaml: | |
|
|
|
matrix_synapse_configuration_extension_yaml: | |
|
|
|
oidc_providers: |
|
|
|
oidc_providers: |
|
|
|
@ -85,3 +103,4 @@ matrix_synapse_configuration_extension_yaml: | |
|
|
|
display_name_template: "{% raw %}{{ user.name }}{% endraw %}" |
|
|
|
display_name_template: "{% raw %}{{ user.name }}{% endraw %}" |
|
|
|
email_template: "{% raw %}{{ user.email }}{% endraw %}" |
|
|
|
email_template: "{% raw %}{{ user.email }}{% endraw %}" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
