matrix-docker-ansible-deploy/inventory/host_vars/matrix.finallycoffee.eu/vars.yml

#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu

matrix_ssl_retrieval_method: none
matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: "127.0.10.1:8080"
matrix_nginx_proxy_container_federation_host_bind_port: "127.0.10.1:8448"
matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

#matrix_nginx_proxy_proxy_synapse_metrics: true
matrix_nginx_proxy_proxy_matrix_metrics_enabled: true
matrix_synapse_metrics_enabled: true
matrix_synapse_metrics_proxying_enabled: true

matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
matrix_playbook_docker_installation_enabled: false

#matrix_client_element_version: v1.8.4
#matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21"
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.77.0"
#matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages"
#matrix_synapse_default_room_version: "10"
#matrix_mautrix_telegram_version: v0.10.0
matrix_dimension_scheme: https

devture_timesync_installation_enabled: false
matrix_playbook_reverse_proxy_type: playbook-managed-nginx
# per https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#adapting-the-configuration-for-existing-synapse-installations
#matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
devture_systemd_service_manager_up_verification_delay_seconds: 120

web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp


#
# General Synapse config
#
#matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
devture_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
# matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 200
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
  - "turn:voip.matrix.finallycoffee.eu?transport=udp"
  - "turn:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
  - "#welcome:finallycoffee.eu"
  - "#announcements:finallycoffee.eu"

## Synapse rate limits
matrix_synapse_rc_federation:
  window_size: 1000
  sleep_limit: 50
  sleep_delay: 500
  reject_limit: 50
  concurrent: 10
matrix_synapse_rc_message:
  per_second: 0.5
  burst_count: 25
matrix_synapse_rc_joins:
  local:
    per_second: 0.5
    burst_count: 20
  remote:
    per_second: 0.05
    burst_count: 20
matrix_synapse_rc_joins_per_room:
  per_second: 1
  burst_count: 10
matrix_synapse_rc_invites:
  per_room:
    per_second: 0.5
    burst_count: 10
  per_user:
    per_second: 0.006
    burst_count: 10
  per_issuer:
    per_second: 2
    burst_count: 20

## Synapse cache tuning
matrix_synapse_caches_global_factor: 1.5
matrix_synapse_event_cache_size: "300K"

## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_workers_count: 1
matrix_synapse_workers_media_repository_workers_count: 2
matrix_synapse_workers_federation_sender_workers_count: 2
matrix_synapse_workers_pusher_workers_count: 1
matrix_synapse_workers_appservice_workers_count: 1

# Static secret auth for matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
matrix_synapse_ext_password_provider_rest_auth_enabled: true
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false

# Enable experimental spaces support
matrix_synapse_configuration_extension_yaml: |
  database:
    args:
      cp_max: 20
  experimental_features:
    spaces_enabled: true
  caches:
    per_cache_factors:
      device_id_exists: 3
      get_users_in_room: 4
      _get_joined_users_from_context: 4
      _get_joined_profile_from_event_id: 3
      "*stateGroupMembersCache*": 2
      _matches_user_in_member_list: 3
      get_users_who_share_room_with_user: 3
      is_interested_in_room: 2
      get_user_by_id: 1.5
      room_push_rule_cache: 1.5
    expire_caches: true
    cache_entry_ttl: 45m
    sync_response_cache_duration: 2m
  

#
# synapse-admin tool
#
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_http_host_bind_port: 8985


#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false


#
# dimension (integration manager) config
#
matrix_dimension_enabled: true
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
matrix_dimension_configuration_extension_yaml: |
    telegram:
        botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"


#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_mute_bridging: true
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
matrix_mautrix_whatsapp_bridge_allow_user_invite: true
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
  - "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
    bridge:
        displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
        max_connection_attempts: 5
        connection_timeout: 30
        contact_wait_delay: 5
        private_chat_portal_meta: true
        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
    logging:
        print_level: info
    metrics:
        enabled: true
        listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
    whatsapp:
        os_name: Linux mautrix-whatsapp
        browser_name: Chrome


#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
    bridge:
        displayname_template: "{displayname} (via Telegram)"
        parallel_file_transfer: false
        inline_images: false
        image_as_file_size: 20
        delivery_receipts: true
        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
        animated_sticker:
            target: webm
        encryption:
            allow: true
            default: true
        permissions:
            "@transcaffeine:finallycoffee.eu": "admin"
            "gruenhage.xyz": "full"
            "boobies.software": "full"
    logging:
        root:
            level: INFO
    metrics:
        enabled: true
        listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
#        permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"


#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
    - "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
    bridge:
        displayname_template: "{displayname} (via Signal)"
        community_id: "+signal:finallycoffee.eu"
        encryption:
            allow: true
            default: true
            key_sharing:
                allow: true
                require_verification: false
        delivery_receipts: true
        permissions:
          "@ilosai:fairydust.space": "user"
    logging:
        root:
            level: INFO
    metrics:
        enabled: true
        listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}


#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
matrix_mx_puppet_instagram_container_extra_arguments:
  - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
    bridge:
        enableGroupSync: true
        avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
    metrics:
        enabled: true
        port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
        path: /metrics
    presence:
        enabled: true
        interval: 3000


#
# mx-puppet-skype configuration
#
#matrix_mx_puppet_skype_enabled: false
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
# matrix_mx_puppet_skype_container_extra_arguments:
#   - "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
# matrix_mx_puppet_skype_configuration_extension_yaml: |
#     bridge:
#         enableGroupSync: true
#         avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
#     metrics:
#         enabled: true
#         port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
#         path: /metrics


#
# mx-puppet-discord configuration
#
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
matrix_mx_puppet_discord_container_extra_arguments:
  - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
    bridge:
        enableGroupSync: true
        avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
    metrics:
        enabled: true
        port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
        path: /metrics
    limits:
        maxAutojoinUsers: 500
        roomUserAutojoinDelay: 50
    presence:
        enabled: true
        interval: 3000


#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
matrix_mx_puppet_slack_container_extra_arguments:
  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
matrix_mx_puppet_slack_configuration_extension_yaml: |
    bridge:
        enableGroupSync: true
    metrics:
        enabled: true
        port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
        path: /metrics
    limits:
        maxAutojoinUsers: 500
        roomUserAutojoinDelay: 50
    presence:
        enabled: true
        interval: 3000


#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
    Decentralised, encrypted chat &amp; collaboration,<br />
    hosted on finallycoffee.eu, powered by element.io &amp;
    <a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
      <img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
    </a>
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
  - "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
  - "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
  - "https://{{ matrix_server_fqn_dimension }}/widgets"
  - "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_roomdir_servers:
  - "matrix.org"
  - "finallycoffee.eu"
  - "entropia.de"
matrix_client_element_enable_presence_by_hs_url:
  https://matrix.org: false


# Matrix ma1sd extended configuration
matrix_ma1sd_configuration_extension_yaml: |
    hashing:
      enabled: true
      pepperLength: 20
      rotationPolicy: per_requests
      requests: 10
      hashStorageType: sql
      algorithms:
          - none
          - sha256


# Matrix mail notification relay setup
matrix_mailer_enabled: true
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"