7d3adc4512
We do use some `:latest` images by default for the following services: - matrix-dimension - Goofys (in the matrix-synapse role) - matrix-bridge-appservice-irc - matrix-bridge-appservice-discord - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-whatsapp It's terribly unfortunate that those software projects don't release anything other than `:latest`, but that's how it is for now. Updating that software requires that users manually do `docker pull` on the server. The playbook didn't force-repull images that it already had. With this patch, it starts doing so. Any image tagged `:latest` will be force re-pulled by the playbook every time it's executed. It should be noted that even though we ask the `docker_image` module to force-pull, it only reports "changed" when it actually pulls something new. This is nice, because it lets people know exactly when something gets updated, as opposed to giving the indication that it's always updating the images (even though it isn't).
171 lines
7.4 KiB
YAML
171 lines
7.4 KiB
YAML
# mxisd is a Federated Matrix Identity Server
|
|
# See: https://github.com/kamax-matrix/mxisd
|
|
|
|
matrix_mxisd_enabled: true
|
|
|
|
matrix_mxisd_docker_image: "kamax/mxisd:1.4.4"
|
|
matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}"
|
|
|
|
matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
|
|
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
|
|
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
|
|
|
|
# Controls whether the matrix-mxisd container exposes its HTTP port (tcp/8090 in the container).
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
|
|
matrix_mxisd_container_http_host_bind_port: ''
|
|
|
|
# A list of extra arguments to pass to the container
|
|
matrix_mxisd_container_extra_arguments: []
|
|
|
|
# List of systemd services that matrix-mxisd.service depends on
|
|
matrix_mxisd_systemd_required_services_list: ['docker.service']
|
|
|
|
# List of systemd services that matrix-mxisd.service wants
|
|
matrix_mxisd_systemd_wanted_services_list: []
|
|
|
|
# Your identity server is private by default.
|
|
# To ensure maximum discovery, you can make your identity server
|
|
# also forward lookups to the central matrix.org Identity server
|
|
# (at the cost of potentially leaking all your contacts information).
|
|
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
|
|
matrix_mxisd_matrixorg_forwarding_enabled: false
|
|
|
|
# mxisd has serveral supported identity stores.
|
|
# One of them is storing identities directly in Synapse's database.
|
|
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md
|
|
matrix_mxisd_synapsesql_enabled: false
|
|
matrix_mxisd_synapsesql_type: ""
|
|
matrix_mxisd_synapsesql_connection: ""
|
|
|
|
# Setting up email-sending settings is required for using mxisd.
|
|
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
|
|
matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
|
|
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
|
|
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
|
|
matrix_mxisd_threepid_medium_email_connectors_smtp_login: ""
|
|
matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
|
|
|
|
# DNS overwrites are useful for telling mxisd how it can reach the homeserver directly.
|
|
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
|
|
# so that mxisd can rewrite the original URL to one that would reach the homeserver.
|
|
matrix_mxisd_dns_overwrite_enabled: false
|
|
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
|
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
|
|
|
|
# Override the default email templates
|
|
# To use this, fill in the template variables with the full desired template as a multi-line YAML variable
|
|
#
|
|
# More info:
|
|
# https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notification/template-generator.md
|
|
# https://github.com/kamax-matrix/mxisd/tree/master/src/main/resources/threepids/email
|
|
matrix_mxisd_threepid_medium_email_custom_templates_enabled: false
|
|
matrix_mxisd_threepid_medium_email_custom_invite_template: ""
|
|
matrix_mxisd_threepid_medium_email_custom_session_validation_template: ""
|
|
matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template: ""
|
|
matrix_mxisd_threepid_medium_email_custom_matrixid_template: ""
|
|
|
|
# Controls whether the self-check feature should validate SSL certificates.
|
|
matrix_mxisd_self_check_validate_certificates: true
|
|
|
|
# Default mxisd configuration template which covers the generic use case.
|
|
# You can customize it by controlling the various variables inside it.
|
|
#
|
|
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
|
|
# or completely replace this variable with your own template.
|
|
matrix_mxisd_configuration_yaml: |
|
|
#jinja2: lstrip_blocks: True
|
|
matrix:
|
|
domain: {{ matrix_domain }}
|
|
|
|
server:
|
|
name: {{ matrix_server_fqn_matrix }}
|
|
|
|
key:
|
|
path: /var/mxisd/sign.key
|
|
|
|
storage:
|
|
provider:
|
|
sqlite:
|
|
database: /var/mxisd/mxisd.db
|
|
|
|
{% if matrix_mxisd_dns_overwrite_enabled %}
|
|
dns:
|
|
overwrite:
|
|
homeserver:
|
|
client:
|
|
- name: {{ matrix_mxisd_dns_overwrite_homeserver_client_name }}
|
|
value: {{ matrix_mxisd_dns_overwrite_homeserver_client_value }}
|
|
{% endif %}
|
|
|
|
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
|
|
forward:
|
|
servers: ['matrix-org']
|
|
{% endif %}
|
|
|
|
threepid:
|
|
medium:
|
|
email:
|
|
identity:
|
|
from: {{ matrix_mxisd_threepid_medium_email_identity_from }}
|
|
connectors:
|
|
smtp:
|
|
host: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_host }}
|
|
port: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_port }}
|
|
tls: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_tls }}
|
|
login: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_login }}
|
|
password: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_password }}
|
|
{% if matrix_mxisd_threepid_medium_email_custom_templates_enabled %}
|
|
generators:
|
|
template:
|
|
{% if matrix_mxisd_threepid_medium_email_custom_invite_template %}
|
|
invite: '/var/mxisd/invite-template.eml'
|
|
{% endif %}
|
|
{% if matrix_mxisd_threepid_medium_email_custom_session_validation_template or matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
|
session:
|
|
{% if matrix_mxisd_threepid_medium_email_custom_session_validation_template %}
|
|
validation: '/var/mxisd/validate-template.eml'
|
|
{% endif %}
|
|
{% if matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
|
unbind:
|
|
frandulent: '/var/mxisd/unbind-fraudulent.eml'
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if matrix_mxisd_threepid_medium_email_custom_matrixid_template %}
|
|
generic:
|
|
matrixId: '/var/mxisd/mxid-template.eml'
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
synapseSql:
|
|
enabled: {{ matrix_mxisd_synapsesql_enabled }}
|
|
type: {{ matrix_mxisd_synapsesql_type }}
|
|
connection: {{ matrix_mxisd_synapsesql_connection }}
|
|
|
|
matrix_mxisd_configuration_extension_yaml: |
|
|
# Your custom YAML configuration for mxisd goes here.
|
|
# This configuration extends the default starting configuration (`matrix_mxisd_configuration_yaml`).
|
|
#
|
|
# You can override individual variables from the default configuration, or introduce new ones.
|
|
#
|
|
# If you need something more special, you can take full control by
|
|
# completely redefining `matrix_mxisd_configuration_yaml`.
|
|
#
|
|
# Example configuration extension follows:
|
|
#
|
|
# ldap:
|
|
# enabled: true
|
|
# connection:
|
|
# host: ldapHostnameOrIp
|
|
# tls: false
|
|
# port: 389
|
|
# baseDNs: ['OU=Users,DC=example,DC=org']
|
|
# bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
|
|
# bindPassword: TheUserPassword
|
|
|
|
matrix_mxisd_configuration_extension: "{{ matrix_mxisd_configuration_extension_yaml|from_yaml if matrix_mxisd_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
|
|
|
# Holds the final mxisd configuration (a combination of the default and its extension).
|
|
# You most likely don't need to touch this variable. Instead, see `matrix_mxisd_configuration_yaml`.
|
|
matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}"
|