You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
3.6 KiB
87 lines
3.6 KiB
---
|
|
# The bare domain name which represents your Matrix identity.
|
|
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
|
matrix_domain: 'cttue.de'
|
|
|
|
# This is where Matrix services
|
|
matrix_server_fqn_matrix: 'matrix.cttue.de'
|
|
|
|
# This is where you access the Element web UI from (if enabled via `matrix_client_element_enabled: true`; enabled by default).
|
|
# This and the Matrix FQN (see above) are expected to be on the same server.
|
|
matrix_server_fqn_element: 'element.cttue.de'
|
|
|
|
# The Matrix homeserver software to install.
|
|
# See `roles/matrix-base/defaults/main.yml` for valid options.
|
|
matrix_homeserver_implementation: synapse
|
|
|
|
# docker already installed
|
|
matrix_docker_installation_enabled: true
|
|
|
|
# A secret used as a base, for generating various other secrets.
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
|
matrix_homeserver_generic_secret_key: '0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iUET5UXgG3ku8IPbVsDvxKICQ'
|
|
|
|
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
|
|
#
|
|
# The playbook creates additional Postgres users and databases (one for each enabled service)
|
|
# using this superuser account.
|
|
matrix_postgres_connection_password: 'SIHm7TtFF1ntGxKu'
|
|
|
|
#################### jwilder/nginx-proxy related ###################
|
|
|
|
# Disable generation and retrieval of SSL certs
|
|
matrix_ssl_retrieval_method: none
|
|
|
|
# Configure Nginx to only use plain HTTP
|
|
matrix_nginx_proxy_https_enabled: false
|
|
|
|
# Don't bind any HTTP or federation port to the host
|
|
matrix_nginx_proxy_container_http_host_bind_port: ''
|
|
matrix_nginx_proxy_container_federation_host_bind_port: ''
|
|
|
|
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
|
|
matrix_nginx_proxy_trust_forwarded_proto: true
|
|
|
|
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
|
|
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
|
|
|
|
# Disable Coturn because it needs SSL certs
|
|
# (Clients can, though exposing IP address, use Matrix.org TURN)
|
|
matrix_coturn_enabled: false
|
|
|
|
# All containers need to be on the same Docker network as nginx-proxy
|
|
matrix_docker_network: 'cttue_web_services'
|
|
|
|
matrix_nginx_proxy_container_extra_arguments:
|
|
- '-e "VIRTUAL_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"'
|
|
- '-e "VIRTUAL_PORT=8080"'
|
|
- '-e "LETSENCRYPT_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"'
|
|
|
|
# change federation to 443
|
|
matrix_synapse_http_listener_resource_names: ["client","federation"]
|
|
matrix_federation_public_port: 443
|
|
matrix_synapse_federation_port_enabled: false
|
|
|
|
# Expose server's public rooms directory via federation
|
|
matrix_synapse_allow_public_rooms_over_federation: true
|
|
|
|
|
|
################ Custom synapse configuration (for OpenID SSO) ###############
|
|
matrix_synapse_configuration_extension_yaml: |
|
|
oidc_providers:
|
|
- idp_id: cttue
|
|
idp_name: "Chaostreff Tübingen SSO"
|
|
issuer: "https://auth.cttue.de/realms/cttue"
|
|
client_id: "matrix"
|
|
client_secret: "EItmul7WaoTW6rzxxnLpGS1G9OqzmSR8"
|
|
scopes: ["openid", "profile"]
|
|
authorization_endpoint: "https://auth.cttue.de/realms/cttue/protocol/openid-connect/auth"
|
|
token_endpoint: "https://auth.cttue.de/realms/cttue/protocol/openid-connect/token"
|
|
userinfo_endpoint: "https://auth.cttue.de/realms/cttue/protocol/openid-connect/userinfo"
|
|
backchannel_logout_enabled: true
|
|
user_mapping_provider:
|
|
config:
|
|
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
|
|
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
|
|
email_template: "{% raw %}{{ user.email }}{% endraw %}"
|
|
|
|
|