51312b8250
As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
176 lines
8.8 KiB
YAML
176 lines
8.8 KiB
YAML
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.34.1.1-py3"
|
|
|
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
|
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
|
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
|
|
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
|
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
|
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
|
|
|
# Controls whether the Synapse container exposes the Client/Server API port (tcp/8008).
|
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
|
# the Client/Server API's port to the local host (`127.0.0.1:8008`).
|
|
matrix_synapse_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
|
|
|
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages"
|
|
|
|
# Specifies which template files to use when configuring Synapse.
|
|
# If you'd like to have your own different configuration, feel free to copy and paste
|
|
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
|
|
# and then change the specific host's `vars.yaml` file like this:
|
|
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
|
|
|
|
matrix_synapse_macaroon_secret_key: ""
|
|
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
|
|
# These are the identity servers that would be trusted by Synapse if mxisd is NOT enabled
|
|
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
|
|
|
# These are the identity servers that would be trusted by Synapse if mxisd IS enabled
|
|
matrix_synapse_id_servers_own: "['{{ hostname_matrix }}']"
|
|
|
|
# The final list of identity servers to use for Synapse.
|
|
# The first one would also be used as riot-web's default identity server.
|
|
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_own if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
|
|
|
matrix_synapse_max_upload_size_mb: 10
|
|
matrix_synapse_max_log_file_size_mb: 100
|
|
matrix_synapse_max_log_files_count: 10
|
|
|
|
# Log levels
|
|
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
|
|
# warning: setting log level to DEBUG will make synapse log sensitive information such
|
|
# as access tokens
|
|
matrix_synapse_log_level: "INFO"
|
|
matrix_synapse_storage_sql_log_level: "INFO"
|
|
matrix_synapse_root_log_level: "INFO"
|
|
|
|
# Rate limits
|
|
matrix_synapse_rc_messages_per_second: 0.2
|
|
matrix_synapse_rc_message_burst_count: 10.0
|
|
|
|
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
|
# (things like number of users, number of messages sent, uptime, load, etc.)
|
|
matrix_synapse_report_stats: false
|
|
|
|
# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
|
|
# If users participate in large rooms with many other servers,
|
|
# disabling this will decrease server load significantly.
|
|
matrix_synapse_use_presence: true
|
|
|
|
# Controls whether people with access to the homeserver can register by themselves.
|
|
matrix_synapse_enable_registration: false
|
|
|
|
# Users who register on this homeserver will automatically be joined to these rooms.
|
|
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
|
|
matrix_synapse_auto_join_rooms: []
|
|
|
|
# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created
|
|
# automatically if they don't already exist.
|
|
matrix_synapse_autocreate_auto_join_rooms: true
|
|
|
|
# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup.
|
|
matrix_synapse_password_config_pepper: ""
|
|
|
|
# Controls the number of events that Matrix Synapse caches in memory.
|
|
matrix_synapse_event_cache_size: "100K"
|
|
|
|
# Controls cache sizes for Matrix Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
|
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
|
# To learn more, see:
|
|
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
|
# - https://github.com/matrix-org/synapse/issues/3939
|
|
matrix_synapse_cache_factor: 0.5
|
|
|
|
# Controls whether Matrix Synapse will federate at all.
|
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
|
matrix_synapse_federation_enabled: true
|
|
|
|
# A list of domain names that are allowed to federate with the given Matrix Synapse server.
|
|
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
|
|
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
|
|
matrix_synapse_federation_domain_whitelist: ~
|
|
|
|
# A list of additional "volumes" to mount in the container.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
|
matrix_synapse_container_additional_volumes: []
|
|
|
|
# A list of additional loggers to register in synapse.log.config.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
|
|
matrix_synapse_additional_loggers: []
|
|
|
|
# A list of service config files
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains fs paths
|
|
matrix_synapse_app_service_config_files: []
|
|
|
|
# This is set dynamically during execution depending on whether
|
|
# any password providers have been enabled or not.
|
|
matrix_synapse_password_providers_enabled: false
|
|
|
|
|
|
# Enable this to activate the REST auth password provider module.
|
|
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
|
|
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.1/rest_auth_provider.py"
|
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
|
|
|
# Enable this to activate the Shared Secret Auth password provider module.
|
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
|
|
|
# Enable this to activate LDAP password provider
|
|
matrix_synapse_ext_password_provider_ldap_enabled: false
|
|
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
|
|
matrix_synapse_ext_password_provider_ldap_start_tls: true
|
|
matrix_synapse_ext_password_provider_ldap_base: ""
|
|
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
|
|
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
|
|
matrix_synapse_ext_password_provider_ldap_bind_password: ""
|
|
matrix_synapse_ext_password_provider_ldap_filter: ""
|
|
|
|
|
|
matrix_s3_media_store_enabled: false
|
|
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
|
matrix_s3_media_store_bucket_name: "your-bucket-name"
|
|
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
|
|
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
|
|
matrix_s3_media_store_region: "eu-central-1"
|
|
|
|
|
|
# Matrix mautrix is a Matrix <-> Telegram bridge
|
|
# Enable telegram bridge
|
|
matrix_mautrix_telegram_enabled: false
|
|
|
|
matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.4.0"
|
|
|
|
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
|
|
|
# Get your own API keys at https://my.telegram.org/apps
|
|
matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
|
|
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
|
|
# Mautrix telegram public endpoint to log in to telegram
|
|
# Use an uuid so it's not easily discoverable
|
|
matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
|
|
|
|
|
|
# Matrix mautrix is a Matrix <-> Whatsapp bridge
|
|
# Enable whatsapp bridge
|
|
matrix_mautrix_whatsapp_enabled: false
|
|
|
|
matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
|
|
|
|
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" |