forked from spantaleev/matrix-docker-ansible-deploy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
178 lines (152 loc) · 7.69 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# mxisd is a Federated Matrix Identity Server
# See: https://github.com/kamax-matrix/mxisd
matrix_mxisd_enabled: true
matrix_mxisd_container_image_self_build: false
matrix_mxisd_docker_image: "kamax/mxisd:1.4.6"
matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}"
matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
matrix_mxisd_docker_src_files_path: "{{ matrix_mxisd_base_path }}/docker-src"
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
# Controls whether the matrix-mxisd container exposes its HTTP port (tcp/8090 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
matrix_mxisd_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_mxisd_container_extra_arguments: []
# List of systemd services that matrix-mxisd.service depends on
matrix_mxisd_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mxisd.service wants
matrix_mxisd_systemd_wanted_services_list: []
# Your identity server is private by default.
# To ensure maximum discovery, you can make your identity server
# also forward lookups to the central matrix.org Identity server
# (at the cost of potentially leaking all your contacts information).
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
matrix_mxisd_matrixorg_forwarding_enabled: false
# mxisd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md
matrix_mxisd_synapsesql_enabled: false
matrix_mxisd_synapsesql_type: ""
matrix_mxisd_synapsesql_connection: ""
# Setting up email-sending settings is required for using mxisd.
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
matrix_mxisd_threepid_medium_email_connectors_smtp_login: ""
matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
# DNS overwrites are useful for telling mxisd how it can reach the homeserver directly.
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
# so that mxisd can rewrite the original URL to one that would reach the homeserver.
matrix_mxisd_dns_overwrite_enabled: false
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# Override the default email templates
# To use this, fill in the template variables with the full desired template as a multi-line YAML variable
#
# More info:
# https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notification/template-generator.md
# https://github.com/kamax-matrix/mxisd/tree/master/src/main/resources/threepids/email
matrix_mxisd_threepid_medium_email_custom_templates_enabled: false
matrix_mxisd_threepid_medium_email_custom_invite_template: ""
matrix_mxisd_threepid_medium_email_custom_session_validation_template: ""
matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template: ""
matrix_mxisd_threepid_medium_email_custom_matrixid_template: ""
# Controls whether the self-check feature should validate SSL certificates.
matrix_mxisd_self_check_validate_certificates: true
# Controls mxisd logging verbosity for troubleshooting.
#
# According to: https://github.com/kamax-matrix/mxisd/blob/master/docs/troubleshooting.md#increase-verbosity
matrix_mxisd_verbose_logging: false
# Default mxisd configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mxisd_configuration_yaml: |
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/mxisd/sign.key
storage:
provider:
sqlite:
database: /var/mxisd/mxisd.db
{% if matrix_mxisd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_mxisd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_mxisd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_mxisd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_mxisd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_mxisd_threepid_medium_email_custom_invite_template %}
invite: '/var/mxisd/invite-template.eml'
{% endif %}
{% if matrix_mxisd_threepid_medium_email_custom_session_validation_template or matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_mxisd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/mxisd/validate-template.eml'
{% endif %}
{% if matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/mxisd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_mxisd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/mxisd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_mxisd_synapsesql_enabled }}
type: {{ matrix_mxisd_synapsesql_type }}
connection: {{ matrix_mxisd_synapsesql_connection }}
matrix_mxisd_configuration_extension_yaml: |
# Your custom YAML configuration for mxisd goes here.
# This configuration extends the default starting configuration (`matrix_mxisd_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mxisd_configuration_yaml`.
#
# Example configuration extension follows:
#
# ldap:
# enabled: true
# connection:
# host: ldapHostnameOrIp
# tls: false
# port: 389
# baseDNs: ['OU=Users,DC=example,DC=org']
# bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
# bindPassword: TheUserPassword
matrix_mxisd_configuration_extension: "{{ matrix_mxisd_configuration_extension_yaml|from_yaml if matrix_mxisd_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final mxisd configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mxisd_configuration_yaml`.
matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}"