#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
matrix_playbook_ssl_enabled: true
devture_traefik_config_entrypoint_web_secure_enabled: false
devture_traefik_container_web_host_bind_port: '127.0.10.1:8080'
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.10.2:8448'
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
forwardedHeaders:
insecure: true
matrix_synapse_metrics_proxying_enabled: true
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
matrix_playbook_docker_installation_enabled: false
#matrix_client_element_version: v1.8.4
#matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21"
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.77.0"
#matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages"
#matrix_synapse_default_room_version: "10"
matrix_dimension_scheme: https
devture_timesync_installation_enabled: false
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
devture_systemd_service_manager_up_verification_delay_seconds: 180
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp
#
# General Synapse config
#
devture_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
# matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 200
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turn:voip.matrix.finallycoffee.eu?transport=udp"
- "turn:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
matrix_synapse_rc_federation:
window_size: 1000
sleep_limit: 50
sleep_delay: 500
reject_limit: 50
concurrent: 10
matrix_synapse_rc_message:
per_second: 0.5
burst_count: 25
matrix_synapse_rc_joins:
local:
per_second: 0.5
burst_count: 20
remote:
per_second: 0.05
burst_count: 20
matrix_synapse_rc_joins_per_room:
per_second: 1
burst_count: 10
matrix_synapse_rc_invites:
per_room:
per_second: 0.5
burst_count: 10
per_user:
per_second: 0.006
burst_count: 10
per_issuer:
per_second: 2
burst_count: 20
## Synapse cache tuning
matrix_synapse_caches_global_factor: 1.5
matrix_synapse_event_cache_size: "300K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_workers_count: 1
matrix_synapse_workers_media_repository_workers_count: 2
matrix_synapse_workers_federation_sender_workers_count: 2
matrix_synapse_workers_pusher_workers_count: 1
matrix_synapse_workers_appservice_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
matrix_synapse_ext_password_provider_rest_auth_enabled: true
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
matrix_synapse_configuration_extension_yaml: |
database:
args:
cp_max: 20
caches:
per_cache_factors:
device_id_exists: 3
get_users_in_room: 4
_get_joined_users_from_context: 4
_get_joined_profile_from_event_id: 3
"*stateGroupMembersCache*": 2
_matches_user_in_member_list: 3
get_users_who_share_room_with_user: 3
is_interested_in_room: 2
get_user_by_id: 1.5
room_push_rule_cache: 1.5
expire_caches: true
cache_entry_ttl: 45m
sync_response_cache_duration: 2m
#
# synapse-admin tool
#
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: true
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
matrix_dimension_configuration_extension_yaml: |
telegram:
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_mute_bridging: true
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
matrix_mautrix_whatsapp_bridge_allow_user_invite: true
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
"gruenhage.xyz": "full"
"boobies.software": "full"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
permissions:
"@ilosai:fairydust.space": "user"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
matrix_mx_puppet_instagram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
metrics:
enabled: true
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
path: /metrics
presence:
enabled: true
interval: 3000
#
# mx-puppet-discord configuration
#
matrix_mx_puppet_discord_enabled: false
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
matrix_mx_puppet_discord_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
metrics:
enabled: true
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
matrix_mx_puppet_slack_oauth_redirect_path: '/bridge/slack/oauth'
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
matrix_mx_puppet_slack_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
matrix_mx_puppet_slack_configuration_extension_yaml: |
bridge:
enableGroupSync: true
metrics:
enabled: true
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat & collaboration,
hosted on finallycoffee.eu, powered by element.io &
![[matrix]](welcome/images/matrix.svg)
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_auth_header_logo_url: "welcome/images/logo.png"
matrix_client_element_branding_welcome_background_url: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcome_background_url }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_auth_header_logo_url }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_room_directory_servers:
- "matrix.org"
- "finallycoffee.eu"
- "entropia.de"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
matrix_ma1sd_configuration_extension_yaml: |
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
requests: 10
hashStorageType: sql
algorithms:
- none
- sha256
# Matrix mail notification relay setup
exim_relay_enabled: true
exim_relay_sender_address: "Matrix on finallycoffee.eu "
exim_relay_relay_use: true
exim_relay_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
exim_relay_relay_host_port: 587
exim_relay_relay_auth: true
exim_relay_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
exim_relay_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"