386 lines
14 KiB
YAML
386 lines
14 KiB
YAML
#
|
|
# General config
|
|
# Domain of the matrix server and SSL config
|
|
#
|
|
matrix_domain: finallycoffee.eu
|
|
|
|
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
|
|
matrix_playbook_ssl_enabled: true
|
|
devture_traefik_config_entrypoint_web_secure_enabled: false
|
|
devture_traefik_container_web_host_bind_port: '127.0.10.1:8080'
|
|
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
|
|
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.10.2:8448'
|
|
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
|
|
forwardedHeaders:
|
|
insecure: true
|
|
|
|
matrix_synapse_metrics_proxying_enabled: true
|
|
|
|
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
|
|
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
|
|
matrix_playbook_docker_installation_enabled: false
|
|
|
|
#matrix_client_element_version: v1.8.4
|
|
#matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21"
|
|
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.77.0"
|
|
#matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages"
|
|
#matrix_synapse_default_room_version: "10"
|
|
matrix_dimension_scheme: https
|
|
|
|
devture_timesync_installation_enabled: false
|
|
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
|
|
devture_systemd_service_manager_up_verification_delay_seconds: 180
|
|
|
|
web_user: "web"
|
|
revproxy_autoload_dir: "/vault/services/web/sites.d"
|
|
postgres_dump_dir: /vault/temp
|
|
|
|
|
|
#
|
|
# General Synapse config
|
|
#
|
|
devture_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
|
|
# A secret used to protect access keys issued by the server.
|
|
# matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
|
|
# Make synapse accept larger media aswell
|
|
matrix_synapse_max_upload_size_mb: 200
|
|
# Enable metrics at (default) :9100/_synapse/metrics
|
|
matrix_synapse_metrics_enabled: true
|
|
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
|
matrix_synapse_turn_uris:
|
|
- "turn:voip.matrix.finallycoffee.eu?transport=udp"
|
|
- "turn:voip.matrix.finallycoffee.eu?transport=tcp"
|
|
# Auto-join all users into those rooms
|
|
matrix_synapse_auto_join_rooms:
|
|
- "#welcome:finallycoffee.eu"
|
|
- "#announcements:finallycoffee.eu"
|
|
|
|
## Synapse rate limits
|
|
matrix_synapse_rc_federation:
|
|
window_size: 1000
|
|
sleep_limit: 50
|
|
sleep_delay: 500
|
|
reject_limit: 50
|
|
concurrent: 10
|
|
matrix_synapse_rc_message:
|
|
per_second: 0.5
|
|
burst_count: 25
|
|
matrix_synapse_rc_joins:
|
|
local:
|
|
per_second: 0.5
|
|
burst_count: 20
|
|
remote:
|
|
per_second: 0.05
|
|
burst_count: 20
|
|
matrix_synapse_rc_joins_per_room:
|
|
per_second: 1
|
|
burst_count: 10
|
|
matrix_synapse_rc_invites:
|
|
per_room:
|
|
per_second: 0.5
|
|
burst_count: 10
|
|
per_user:
|
|
per_second: 0.006
|
|
burst_count: 10
|
|
per_issuer:
|
|
per_second: 2
|
|
burst_count: 20
|
|
|
|
## Synapse cache tuning
|
|
matrix_synapse_caches_global_factor: 1.5
|
|
matrix_synapse_event_cache_size: "300K"
|
|
|
|
## Synapse workers
|
|
matrix_synapse_workers_enabled: true
|
|
matrix_synapse_workers_preset: "little-federation-helper"
|
|
matrix_synapse_workers_generic_workers_count: 1
|
|
matrix_synapse_workers_media_repository_workers_count: 2
|
|
matrix_synapse_workers_federation_sender_workers_count: 2
|
|
matrix_synapse_workers_pusher_workers_count: 1
|
|
matrix_synapse_workers_appservice_workers_count: 1
|
|
|
|
# Static secret auth for matrix-synapse-shared-secret-auth
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
|
matrix_synapse_ext_password_provider_rest_auth_enabled: true
|
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
|
|
|
matrix_synapse_configuration_extension_yaml: |
|
|
database:
|
|
args:
|
|
cp_max: 20
|
|
caches:
|
|
per_cache_factors:
|
|
device_id_exists: 3
|
|
get_users_in_room: 4
|
|
_get_joined_users_from_context: 4
|
|
_get_joined_profile_from_event_id: 3
|
|
"*stateGroupMembersCache*": 2
|
|
_matches_user_in_member_list: 3
|
|
get_users_who_share_room_with_user: 3
|
|
is_interested_in_room: 2
|
|
get_user_by_id: 1.5
|
|
room_push_rule_cache: 1.5
|
|
expire_caches: true
|
|
cache_entry_ttl: 45m
|
|
sync_response_cache_duration: 2m
|
|
|
|
|
|
#
|
|
# synapse-admin tool
|
|
#
|
|
matrix_synapse_admin_enabled: true
|
|
matrix_synapse_admin_container_http_host_bind_port: 8985
|
|
|
|
|
|
#
|
|
# VoIP / CoTURN config
|
|
#
|
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
|
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
|
# Disable coturn, as we use own instance
|
|
matrix_coturn_enabled: false
|
|
|
|
|
|
#
|
|
# dimension (integration manager) config
|
|
#
|
|
matrix_dimension_enabled: true
|
|
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
|
|
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
|
|
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
|
|
matrix_dimension_configuration_extension_yaml: |
|
|
telegram:
|
|
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
|
|
|
|
|
|
#
|
|
# mautrix-whatsapp config
|
|
#
|
|
matrix_mautrix_whatsapp_enabled: true
|
|
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
|
|
matrix_mautrix_whatsapp_bridge_mute_bridging: true
|
|
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
|
|
matrix_mautrix_whatsapp_bridge_allow_user_invite: true
|
|
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
|
|
matrix_mautrix_whatsapp_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
|
|
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
|
bridge:
|
|
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
|
|
max_connection_attempts: 5
|
|
connection_timeout: 30
|
|
contact_wait_delay: 5
|
|
private_chat_portal_meta: true
|
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
|
logging:
|
|
print_level: info
|
|
metrics:
|
|
enabled: true
|
|
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
|
|
whatsapp:
|
|
os_name: Linux mautrix-whatsapp
|
|
browser_name: Chrome
|
|
|
|
|
|
#
|
|
# mautrix-telegram config
|
|
#
|
|
matrix_mautrix_telegram_enabled: true
|
|
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
|
|
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
|
|
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
|
|
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
|
|
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
|
|
matrix_mautrix_telegram_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
|
|
matrix_mautrix_telegram_configuration_extension_yaml: |
|
|
bridge:
|
|
displayname_template: "{displayname} (via Telegram)"
|
|
parallel_file_transfer: false
|
|
inline_images: false
|
|
image_as_file_size: 20
|
|
delivery_receipts: true
|
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
|
animated_sticker:
|
|
target: webm
|
|
encryption:
|
|
allow: true
|
|
default: true
|
|
permissions:
|
|
"@transcaffeine:finallycoffee.eu": "admin"
|
|
"gruenhage.xyz": "full"
|
|
"boobies.software": "full"
|
|
logging:
|
|
root:
|
|
level: INFO
|
|
metrics:
|
|
enabled: true
|
|
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
|
|
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
|
|
|
|
|
|
#
|
|
# mautrix-signal config
|
|
#
|
|
matrix_mautrix_signal_enabled: true
|
|
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
|
|
matrix_mautrix_signal_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
|
|
matrix_mautrix_signal_configuration_extension_yaml: |
|
|
bridge:
|
|
displayname_template: "{displayname} (via Signal)"
|
|
community_id: "+signal:finallycoffee.eu"
|
|
encryption:
|
|
allow: true
|
|
default: true
|
|
key_sharing:
|
|
allow: true
|
|
require_verification: false
|
|
delivery_receipts: true
|
|
permissions:
|
|
"@ilosai:fairydust.space": "user"
|
|
logging:
|
|
root:
|
|
level: INFO
|
|
metrics:
|
|
enabled: true
|
|
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
|
|
|
|
|
|
#
|
|
# mx-puppet-instagram configuration
|
|
#
|
|
matrix_mx_puppet_instagram_enabled: true
|
|
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
|
|
matrix_mx_puppet_instagram_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
|
|
matrix_mx_puppet_instagram_configuration_extension_yaml: |
|
|
bridge:
|
|
enableGroupSync: true
|
|
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
|
|
metrics:
|
|
enabled: true
|
|
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
|
|
path: /metrics
|
|
presence:
|
|
enabled: true
|
|
interval: 3000
|
|
|
|
|
|
#
|
|
# mx-puppet-discord configuration
|
|
#
|
|
matrix_mx_puppet_discord_enabled: false
|
|
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
|
|
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
|
|
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
|
|
matrix_mx_puppet_discord_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
|
|
matrix_mx_puppet_discord_configuration_extension_yaml: |
|
|
bridge:
|
|
enableGroupSync: true
|
|
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
|
|
metrics:
|
|
enabled: true
|
|
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
|
|
path: /metrics
|
|
limits:
|
|
maxAutojoinUsers: 500
|
|
roomUserAutojoinDelay: 50
|
|
presence:
|
|
enabled: true
|
|
interval: 3000
|
|
|
|
|
|
#
|
|
# mx-puppet-slack configuration
|
|
#
|
|
matrix_mx_puppet_slack_enabled: true
|
|
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
|
|
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
|
|
matrix_mx_puppet_slack_oauth_redirect_path: '/bridge/slack/oauth'
|
|
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
|
|
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
|
|
matrix_mx_puppet_slack_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
|
|
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
|
bridge:
|
|
enableGroupSync: true
|
|
metrics:
|
|
enabled: true
|
|
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
|
|
path: /metrics
|
|
limits:
|
|
maxAutojoinUsers: 500
|
|
roomUserAutojoinDelay: 50
|
|
presence:
|
|
enabled: true
|
|
interval: 3000
|
|
|
|
|
|
#
|
|
# Element web configuration
|
|
#
|
|
# Branding config
|
|
matrix_client_element_brand: "Chat"
|
|
matrix_client_element_default_theme: "dark"
|
|
matrix_client_element_themes_enabled: true
|
|
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
|
|
matrix_client_element_welcome_text: |
|
|
Decentralised, encrypted chat & collaboration,<br />
|
|
hosted on finallycoffee.eu, powered by element.io &
|
|
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
|
|
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
|
|
</a>
|
|
matrix_client_element_welcome_logo: "welcome/images/logo.png"
|
|
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
|
|
matrix_client_element_branding_auth_header_logo_url: "welcome/images/logo.png"
|
|
matrix_client_element_branding_welcome_background_url: "welcome/images/background.jpg"
|
|
matrix_client_element_container_extra_arguments:
|
|
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcome_background_url }}:ro"
|
|
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_auth_header_logo_url }}:ro"
|
|
# Integration and capabilites config
|
|
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
|
|
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
|
|
matrix_client_element_integrations_widgets_urls:
|
|
- "https://{{ matrix_server_fqn_dimension }}/widgets"
|
|
- "https://scalar.vector.im/api"
|
|
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
|
|
matrix_client_element_disable_custom_urls: false
|
|
matrix_client_element_room_directory_servers:
|
|
- "matrix.org"
|
|
- "finallycoffee.eu"
|
|
- "entropia.de"
|
|
matrix_client_element_enable_presence_by_hs_url:
|
|
https://matrix.org: false
|
|
|
|
|
|
# Matrix ma1sd extended configuration
|
|
matrix_ma1sd_configuration_extension_yaml: |
|
|
hashing:
|
|
enabled: true
|
|
pepperLength: 20
|
|
rotationPolicy: per_requests
|
|
requests: 10
|
|
hashStorageType: sql
|
|
algorithms:
|
|
- none
|
|
- sha256
|
|
|
|
|
|
# Matrix mail notification relay setup
|
|
exim_relay_enabled: true
|
|
exim_relay_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
|
|
exim_relay_relay_use: true
|
|
exim_relay_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
|
|
exim_relay_relay_host_port: 587
|
|
exim_relay_relay_auth: true
|
|
exim_relay_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
|
|
exim_relay_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"
|