#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
matrix_playbook_ssl_enabled: true
traefik_config_entrypoint_web_secure_enabled: false
traefik_container_web_host_bind_port: '127.0.10.1:8080'
traefik_config_entrypoint_web_forwardedHeaders_insecure: true
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.10.2:8448'
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
forwardedHeaders:
insecure: true
matrix_synapse_metrics_proxying_enabled: true
matrix_sliding_sync_enabled: true
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
matrix_playbook_docker_installation_enabled: false
#matrix_dimension_scheme: https
devture_timesync_installation_enabled: false
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
devture_systemd_service_manager_up_verification_delay_seconds: 300
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp
#
# General Synapse config
#
postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
# matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 200
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turn:voip.matrix.finallycoffee.eu?transport=udp"
- "turn:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
#matrix_synapse_rc_federation:
# window_size: 1000
# sleep_limit: 50
# sleep_delay: 500
# reject_limit: 50
# concurrent: 10
#matrix_synapse_rc_message:
# per_second: 0.5
# burst_count: 25
#matrix_synapse_rc_joins:
# local:
# per_second: 0.5
# burst_count: 20
# remote:
# per_second: 0.05
# burst_count: 20
#matrix_synapse_rc_joins_per_room:
# per_second: 1
# burst_count: 10
#matrix_synapse_rc_invites:
# per_room:
# per_second: 0.5
# burst_count: 10
# per_user:
# per_second: 0.006
# burst_count: 10
# per_issuer:
# per_second: 2
# burst_count: 20
## Synapse cache tuning
#matrix_synapse_caches_global_factor: 1.5
#matrix_synapse_event_cache_size: "300K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_workers_count: 1
matrix_synapse_workers_media_repository_workers_count: 1
matrix_synapse_workers_federation_sender_workers_count: 1
matrix_synapse_workers_pusher_workers_count: 0
matrix_synapse_workers_appservice_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
#matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
#matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
#matrix_synapse_ext_password_provider_rest_auth_enabled: true
#matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
#matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
#matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
#matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
matrix_synapse_configuration_extension_yaml: |
database:
args:
cp_min: 10
cp_max: 30
cp_reconnect: True
# caches:
# per_cache_factors:
# device_id_exists: 3
# get_users_in_room: 4
# _get_joined_users_from_context: 4
# _get_joined_profile_from_event_id: 3
# "*stateGroupMembersCache*": 2
# _matches_user_in_member_list: 3
# get_users_who_share_room_with_user: 3
# is_interested_in_room: 2
# get_user_by_id: 1.5
# room_push_rule_cache: 1.5
# expire_caches: true
# cache_entry_ttl: 45m
# sync_response_cache_duration: 2m
#
# synapse-admin tool
#
#matrix_synapse_admin_enabled: true
#matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: false
#matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
#matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
#matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
#matrix_dimension_configuration_extension_yaml: |
# telegram:
# botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
"boobies.software": "full"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
permissions:
"@ilosai:fairydust.space": "user"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
matrix_bridges_encryption_enabled: true
matrix_bridges_encryption_default: true
matrix_appservice_double_puppet_enabled: true
matrix_mautrix_slack_enabled: true
matrix_mautrix_slack_appservice_bot_username: slack
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: false
#matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
#matrix_mx_puppet_instagram_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
#matrix_mx_puppet_instagram_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
# path: /metrics
# presence:
# enabled: true
# interval: 3000
#
#
##
## mx-puppet-discord configuration
##
matrix_mx_puppet_discord_enabled: false
#matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
#matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
#matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
#matrix_mx_puppet_discord_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
#matrix_mx_puppet_discord_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
# path: /metrics
# limits:
# maxAutojoinUsers: 500
# roomUserAutojoinDelay: 50
# presence:
# enabled: true
# interval: 3000
#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: false
#matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
#matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
#matrix_mx_puppet_slack_oauth_redirect_path: '/bridge/slack/oauth'
#matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
#matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
#matrix_mx_puppet_slack_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
# - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
#matrix_mx_puppet_slack_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
# path: /metrics
# limits:
# maxAutojoinUsers: 500
# roomUserAutojoinDelay: 50
# presence:
# enabled: true
# interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat & collaboration,
hosted on finallycoffee.eu, powered by element.io &
![[matrix]](welcome/images/matrix.svg)
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_auth_header_logo_url: "welcome/images/logo.png"
matrix_client_element_branding_welcome_background_url: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcome_background_url }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_auth_header_logo_url }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_room_directory_servers:
- "matrix.org"
- "finallycoffee.eu"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
#matrix_ma1sd_configuration_extension_yaml: |
# hashing:
# enabled: true
# pepperLength: 20
# rotationPolicy: per_requests
# requests: 10
# hashStorageType: sql
# algorithms:
# - none
# - sha256
# Matrix mail notification relay setup
exim_relay_enabled: true
exim_relay_sender_address: "system-matrix@{{ matrix_domain }}"
exim_relay_relay_use: true
exim_relay_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
exim_relay_relay_host_port: 587
exim_relay_relay_auth: true
exim_relay_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
exim_relay_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"