|
|
|
|
@ -15,8 +15,8 @@ matrix_server_fqn_element: "element.cttue.de" |
|
|
|
|
matrix_homeserver_implementation: synapse |
|
|
|
|
|
|
|
|
|
# docker already installed |
|
|
|
|
#matrix_docker_installation_enabled: true # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_playbook_docker_installation_enabled: true |
|
|
|
|
matrix_docker_installation_enabled: true |
|
|
|
|
|
|
|
|
|
# A secret used as a base, for generating various other secrets. |
|
|
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). |
|
|
|
|
matrix_homeserver_generic_secret_key: "0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iUET5UXgG3ku8IPbVsDvxKICQ" |
|
|
|
|
@ -25,25 +25,25 @@ matrix_homeserver_generic_secret_key: "0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iU |
|
|
|
|
# |
|
|
|
|
# The playbook creates additional Postgres users and databases (one for each enabled service) |
|
|
|
|
# using this superuser account. |
|
|
|
|
postgres_connection_password: "SIHm7TtFF1ntGxKu" |
|
|
|
|
matrix_postgres_connection_password: "SIHm7TtFF1ntGxKu" |
|
|
|
|
|
|
|
|
|
#################### jwilder/nginx-proxy related ################### |
|
|
|
|
|
|
|
|
|
# Disable generation and retrieval of SSL certs |
|
|
|
|
# matrix_ssl_retrieval_method: none # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_ssl_retrieval_method: none |
|
|
|
|
|
|
|
|
|
# Configure Nginx to only use plain HTTP |
|
|
|
|
# matrix_nginx_proxy_https_enabled: false # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_nginx_proxy_https_enabled: false |
|
|
|
|
|
|
|
|
|
# Don't bind any HTTP or federation port to the host |
|
|
|
|
# matrix_nginx_proxy_container_http_host_bind_port: "" # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
# matrix_nginx_proxy_container_federation_host_bind_port: "" # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_nginx_proxy_container_http_host_bind_port: "" |
|
|
|
|
matrix_nginx_proxy_container_federation_host_bind_port: "" |
|
|
|
|
|
|
|
|
|
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. |
|
|
|
|
# matrix_nginx_proxy_trust_forwarded_proto: true # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_nginx_proxy_trust_forwarded_proto: true |
|
|
|
|
|
|
|
|
|
# Trust and use the other reverse proxy's `X-Forwarded-For` header. |
|
|
|
|
# matrix_nginx_proxy_x_forwarded_for: "$proxy_add_x_forwarded_for" # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_nginx_proxy_x_forwarded_for: "$proxy_add_x_forwarded_for" |
|
|
|
|
|
|
|
|
|
# Disable Coturn because it needs SSL certs |
|
|
|
|
# (Clients can, though exposing IP address, use Matrix.org TURN) |
|
|
|
|
@ -68,16 +68,13 @@ matrix_coturn_tls_cert_path: "/certs/fullchain.pem" |
|
|
|
|
matrix_coturn_tls_key_path: "/certs/key.pem" |
|
|
|
|
|
|
|
|
|
# All containers need to be on the same Docker network as nginx-proxy |
|
|
|
|
#matrix_docker_network: "cttue_web_services" # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_homeserver_container_network: "cttue_web_services" |
|
|
|
|
# matrix_coturn_docker_network: "cttue_web_services" # this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
matrix_coturn_container_network: "cttue_web_services" |
|
|
|
|
matrix_docker_network: "cttue_web_services" |
|
|
|
|
matrix_coturn_docker_network: "cttue_web_services" |
|
|
|
|
|
|
|
|
|
# this one was changed during the upgrade - 30. Jan 2025 - Cal |
|
|
|
|
# matrix_nginx_proxy_container_extra_arguments: |
|
|
|
|
# - '-e "VIRTUAL_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' |
|
|
|
|
# - '-e "VIRTUAL_PORT=8080"' |
|
|
|
|
# - '-e "LETSENCRYPT_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' |
|
|
|
|
matrix_nginx_proxy_container_extra_arguments: |
|
|
|
|
- '-e "VIRTUAL_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' |
|
|
|
|
- '-e "VIRTUAL_PORT=8080"' |
|
|
|
|
- '-e "LETSENCRYPT_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' |
|
|
|
|
|
|
|
|
|
# change federation to 443 |
|
|
|
|
matrix_synapse_http_listener_resource_names: ["client", "federation"] |
|
|
|
|
@ -118,6 +115,3 @@ matrix_synapse_configuration_extension_yaml: | |
|
|
|
|
email_template: "{% raw %}{{ user.email }}{% endraw %}" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# config for traefik |
|
|
|
|
matrix_playbook_reverse_proxy_type: playbook-managed-traefik |
|
|
|
|
traefik_config_certificatesResolvers_acme_email: pascal@cttue.de |
|
|
|
|
|
Pascal