Compare commits
3 Commits
9beed4b804
...
ecc1141bf9
Author | SHA1 | Date | |
---|---|---|---|
ecc1141bf9 | |||
737776d4e1 | |||
62fec7115c |
@ -31,12 +31,12 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
|
|||||||
| Type | Host | Priority | Weight | Port | Target |
|
| Type | Host | Priority | Weight | Port | Target |
|
||||||
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
||||||
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
||||||
| CNAME | `dimension` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `jitsi` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `stats` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `goneb` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `goneb` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `sygnal` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `sygnal` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `hydrogen` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `hydrogen` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
|
|
||||||
## Subdomains setup
|
## Subdomains setup
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
|
|||||||
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
|
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
|
||||||
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
|
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
|
||||||
|
|
||||||
matrix_appservice_irc_version: release-0.27.0
|
matrix_appservice_irc_version: release-0.26.1
|
||||||
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
|
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
|
||||||
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
- name: Ensure matrix-heisenbridge is stopped
|
- name: Ensure matrix-heisenbridge is stopped
|
||||||
service:
|
service:
|
||||||
name: matrix-heisenbridge
|
name: heisenbridge
|
||||||
state: stopped
|
state: stopped
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
when: "matrix_heisenbridge_service_stat.stat.exists"
|
when: "matrix_heisenbridge_service_stat.stat.exists"
|
||||||
|
@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
|
|||||||
matrix_client_hydrogen_container_image_self_build: true
|
matrix_client_hydrogen_container_image_self_build: true
|
||||||
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
|
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
|
||||||
|
|
||||||
matrix_client_hydrogen_version: v0.2.0
|
matrix_client_hydrogen_version: v0.1.57
|
||||||
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
|
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
|
||||||
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
|
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
|
||||||
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
|
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
matrix_prometheus_enabled: false
|
matrix_prometheus_enabled: false
|
||||||
|
|
||||||
matrix_prometheus_version: v2.28.0
|
matrix_prometheus_version: v2.27.1
|
||||||
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
|
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
|
||||||
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
|
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -19,8 +19,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-redis \
|
|||||||
{% if matrix_redis_container_redis_bind_port %}
|
{% if matrix_redis_container_redis_bind_port %}
|
||||||
-p {{ matrix_redis_container_redis_bind_port }}:6379 \
|
-p {{ matrix_redis_container_redis_bind_port }}:6379 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
--mount type=bind,src={{ matrix_redis_base_path }}/redis.conf,dst=/usr/local/etc/redis/redis.conf,ro \
|
-v {{ matrix_redis_base_path }}/redis.conf:/usr/local/etc/redis/redis.conf \
|
||||||
--mount type=bind,src={{ matrix_redis_data_path }},dst=/data \
|
|
||||||
{% for arg in matrix_redis_container_extra_arguments %}
|
{% for arg in matrix_redis_container_extra_arguments %}
|
||||||
{{ arg }} \
|
{{ arg }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||||||
# amd64 gets released first.
|
# amd64 gets released first.
|
||||||
# arm32 relies on self-building, so the same version can be built immediately.
|
# arm32 relies on self-building, so the same version can be built immediately.
|
||||||
# arm64 users need to wait for a prebuilt image to become available.
|
# arm64 users need to wait for a prebuilt image to become available.
|
||||||
matrix_synapse_version: v1.37.0
|
matrix_synapse_version: v1.36.0
|
||||||
matrix_synapse_version_arm64: v1.37.0
|
matrix_synapse_version_arm64: v1.36.0
|
||||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -7,22 +7,6 @@
|
|||||||
#
|
#
|
||||||
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
||||||
|
|
||||||
|
|
||||||
## Modules ##
|
|
||||||
|
|
||||||
# Server admins can expand Synapse's functionality with external modules.
|
|
||||||
#
|
|
||||||
# See https://matrix-org.github.io/synapse/develop/modules.html for more
|
|
||||||
# documentation on how to configure or create custom modules for Synapse.
|
|
||||||
#
|
|
||||||
modules:
|
|
||||||
# - module: my_super_module.MySuperClass
|
|
||||||
# config:
|
|
||||||
# do_thing: true
|
|
||||||
# - module: my_other_super_module.SomeClass
|
|
||||||
# config: {}
|
|
||||||
|
|
||||||
|
|
||||||
## Server ##
|
## Server ##
|
||||||
|
|
||||||
# The public-facing domain of the server
|
# The public-facing domain of the server
|
||||||
@ -590,9 +574,13 @@ retention:
|
|||||||
# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
|
# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
|
||||||
# certificate, signed by a recognised Certificate Authority.
|
# certificate, signed by a recognised Certificate Authority.
|
||||||
#
|
#
|
||||||
# Be sure to use a `.pem` file that includes the full certificate chain including
|
# See 'ACME support' below to enable auto-provisioning this certificate via
|
||||||
# any intermediate certificates (for instance, if using certbot, use
|
# Let's Encrypt.
|
||||||
# `fullchain.pem` as your certificate, not `cert.pem`).
|
#
|
||||||
|
# If supplying your own, be sure to use a `.pem` file that includes the
|
||||||
|
# full certificate chain including any intermediate certificates (for
|
||||||
|
# instance, if using certbot, use `fullchain.pem` as your certificate,
|
||||||
|
# not `cert.pem`).
|
||||||
#
|
#
|
||||||
tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }}
|
tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }}
|
||||||
|
|
||||||
@ -643,6 +631,80 @@ tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }}
|
|||||||
# - myCA2.pem
|
# - myCA2.pem
|
||||||
# - myCA3.pem
|
# - myCA3.pem
|
||||||
|
|
||||||
|
# ACME support: This will configure Synapse to request a valid TLS certificate
|
||||||
|
# for your configured `server_name` via Let's Encrypt.
|
||||||
|
#
|
||||||
|
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
|
||||||
|
# ACME v2. This means that this feature currently won't work with installs set
|
||||||
|
# up after November 2019. For more info, and alternative solutions, see
|
||||||
|
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
|
||||||
|
#
|
||||||
|
# Note that provisioning a certificate in this way requires port 80 to be
|
||||||
|
# routed to Synapse so that it can complete the http-01 ACME challenge.
|
||||||
|
# By default, if you enable ACME support, Synapse will attempt to listen on
|
||||||
|
# port 80 for incoming http-01 challenges - however, this will likely fail
|
||||||
|
# with 'Permission denied' or a similar error.
|
||||||
|
#
|
||||||
|
# There are a couple of potential solutions to this:
|
||||||
|
#
|
||||||
|
# * If you already have an Apache, Nginx, or similar listening on port 80,
|
||||||
|
# you can configure Synapse to use an alternate port, and have your web
|
||||||
|
# server forward the requests. For example, assuming you set 'port: 8009'
|
||||||
|
# below, on Apache, you would write:
|
||||||
|
#
|
||||||
|
# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
|
||||||
|
#
|
||||||
|
# * Alternatively, you can use something like `authbind` to give Synapse
|
||||||
|
# permission to listen on port 80.
|
||||||
|
#
|
||||||
|
acme:
|
||||||
|
# ACME support is disabled by default. Uncomment the following line
|
||||||
|
# (and tls_certificate_path and tls_private_key_path above) to enable it.
|
||||||
|
#
|
||||||
|
#enabled: true
|
||||||
|
|
||||||
|
# Endpoint to use to request certificates. If you only want to test,
|
||||||
|
# use Let's Encrypt's staging url:
|
||||||
|
# https://acme-staging.api.letsencrypt.org/directory
|
||||||
|
#
|
||||||
|
#url: https://acme-v01.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
# Port number to listen on for the HTTP-01 challenge. Change this if
|
||||||
|
# you are forwarding connections through Apache/Nginx/etc.
|
||||||
|
#
|
||||||
|
#port: 80
|
||||||
|
|
||||||
|
# Local addresses to listen on for incoming connections.
|
||||||
|
# Again, you may want to change this if you are forwarding connections
|
||||||
|
# through Apache/Nginx/etc.
|
||||||
|
#
|
||||||
|
#bind_addresses: ['::', '0.0.0.0']
|
||||||
|
|
||||||
|
# How many days remaining on a certificate before it is renewed.
|
||||||
|
#
|
||||||
|
#reprovision_threshold: 30
|
||||||
|
|
||||||
|
# The domain that the certificate should be for. Normally this
|
||||||
|
# should be the same as your Matrix domain (i.e., 'server_name'), but,
|
||||||
|
# by putting a file at 'https://<server_name>/.well-known/matrix/server',
|
||||||
|
# you can delegate incoming traffic to another server. If you do that,
|
||||||
|
# you should give the target of the delegation here.
|
||||||
|
#
|
||||||
|
# For example: if your 'server_name' is 'example.com', but
|
||||||
|
# 'https://example.com/.well-known/matrix/server' delegates to
|
||||||
|
# 'matrix.example.com', you should put 'matrix.example.com' here.
|
||||||
|
#
|
||||||
|
# If not set, defaults to your 'server_name'.
|
||||||
|
#
|
||||||
|
#domain: matrix.example.com
|
||||||
|
|
||||||
|
# file to use for the account key. This will be generated if it doesn't
|
||||||
|
# exist.
|
||||||
|
#
|
||||||
|
# If unspecified, we will use CONFDIR/client.key.
|
||||||
|
#
|
||||||
|
#account_key_file: /data/acme_account.key
|
||||||
|
|
||||||
|
|
||||||
## Federation ##
|
## Federation ##
|
||||||
|
|
||||||
@ -895,10 +957,6 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire
|
|||||||
|
|
||||||
# The largest allowed upload size in bytes
|
# The largest allowed upload size in bytes
|
||||||
#
|
#
|
||||||
# If you are using a reverse proxy you may also need to set this value in
|
|
||||||
# your reverse proxy's config. Notably Nginx has a small max body size by default.
|
|
||||||
# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html.
|
|
||||||
#
|
|
||||||
max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M"
|
max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M"
|
||||||
|
|
||||||
# Maximum number of pixels that will be thumbnailed
|
# Maximum number of pixels that will be thumbnailed
|
||||||
@ -1987,17 +2045,6 @@ sso:
|
|||||||
# - https://riot.im/develop
|
# - https://riot.im/develop
|
||||||
# - https://my.custom.client/
|
# - https://my.custom.client/
|
||||||
|
|
||||||
# Uncomment to keep a user's profile fields in sync with information from
|
|
||||||
# the identity provider. Currently only syncing the displayname is
|
|
||||||
# supported. Fields are checked on every SSO login, and are updated
|
|
||||||
# if necessary.
|
|
||||||
#
|
|
||||||
# Note that enabling this option will override user profile information,
|
|
||||||
# regardless of whether users have opted-out of syncing that
|
|
||||||
# information when first signing in. Defaults to false.
|
|
||||||
#
|
|
||||||
#update_profile_information: true
|
|
||||||
|
|
||||||
# Directory in which Synapse will try to find the template files below.
|
# Directory in which Synapse will try to find the template files below.
|
||||||
# If not set, or the files named below are not found within the template
|
# If not set, or the files named below are not found within the template
|
||||||
# directory, default templates from within the Synapse package will be used.
|
# directory, default templates from within the Synapse package will be used.
|
||||||
@ -2279,10 +2326,6 @@ ui_auth:
|
|||||||
# the user-interactive authentication process, by allowing for multiple
|
# the user-interactive authentication process, by allowing for multiple
|
||||||
# (and potentially different) operations to use the same validation session.
|
# (and potentially different) operations to use the same validation session.
|
||||||
#
|
#
|
||||||
# This is ignored for potentially "dangerous" operations (including
|
|
||||||
# deactivating an account, modifying an account password, and
|
|
||||||
# adding a 3PID).
|
|
||||||
#
|
|
||||||
# Uncomment below to allow for credential validation to last for 15
|
# Uncomment below to allow for credential validation to last for 15
|
||||||
# seconds.
|
# seconds.
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user