839b401b28
Until now, we were starting from a fresh configuration, as generated by Synapse and manipulating it with regex and line replacements, until we made it work. This is more fragile and less predictable, so we're moving to a static configuration file generated from a Jinja template. The upside is that configuration will be stable and predictable. The downside of this new approach is that any manual configuration changes after the playbook is done, will be thrown away on future playbook invocations. There are 2 ways to work around the need for manual configuration changes though: - making them part of this playbook and its default template configuration files (which benefits everyone) - going your own way for a given host and overriding the template files that gets used (that is, the `matrix_synapse_template_synapse_homeserver` or `matrix_synapse_template_synapse_log` variables)
107 lines
4.9 KiB
YAML
107 lines
4.9 KiB
YAML
# The bare hostname which represents your identity.
|
|
# This is something like "example.com".
|
|
# Note: this playbook does not touch the server referenced here.
|
|
hostname_identity: "{{ host_specific_hostname_identity }}"
|
|
|
|
# This is where your data lives and what we set up here.
|
|
# This and the Riot hostname (see below) are expected to be on the same server.
|
|
hostname_matrix: "matrix.{{ hostname_identity }}"
|
|
|
|
# This is where you access the web UI from and what we set up here.
|
|
# This and the Matrix hostname (see above) are expected to be on the same server.
|
|
hostname_riot: "riot.{{ hostname_identity }}"
|
|
|
|
matrix_user_username: "matrix"
|
|
matrix_user_uid: 991
|
|
matrix_user_gid: 991
|
|
|
|
# The defaults below cause a postgres server to be configured (running within a container).
|
|
# Using an external server is possible by tweaking all of the parameters below.
|
|
matrix_postgres_use_external: false
|
|
matrix_postgres_connection_hostname: "postgres"
|
|
matrix_postgres_connection_username: "synapse"
|
|
matrix_postgres_connection_password: "synapse-password"
|
|
matrix_postgres_db_name: "homeserver"
|
|
|
|
matrix_base_data_path: "/matrix"
|
|
matrix_ssl_certs_path: "{{ matrix_base_data_path }}/ssl"
|
|
matrix_ssl_support_email: "{{ host_specific_matrix_ssl_support_email }}"
|
|
matrix_environment_variables_data_path: "{{ matrix_base_data_path }}/environment-variables"
|
|
|
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
|
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
|
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
|
|
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
|
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
|
|
|
# Specifies which template files to use when configuring Synapse.
|
|
# If you'd like to have your own different configuration, feel free to copy and paste
|
|
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
|
|
# and then change the specific host's `vars.yaml` file like this:
|
|
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
|
|
|
|
matrix_synapse_macaroon_secret_key: ""
|
|
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
|
|
matrix_max_upload_size_mb: 10
|
|
matrix_max_log_file_size_mb: 100
|
|
matrix_max_log_files_count: 10
|
|
|
|
matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres"
|
|
matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
|
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"
|
|
matrix_nginx_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
|
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
|
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
|
|
matrix_scratchpad_dir: "{{ matrix_base_data_path }}/scratchpad"
|
|
|
|
|
|
docker_postgres_image_v9: "postgres:9.6.9-alpine"
|
|
docker_postgres_image_v10: "postgres:10.4-alpine"
|
|
docker_postgres_image_latest: "{{ docker_postgres_image_v10 }}"
|
|
|
|
docker_matrix_image: "matrixdotorg/synapse:v0.31.2"
|
|
docker_nginx_image: "nginx:1.15.0-alpine"
|
|
docker_riot_image: "avhost/docker-matrix-riot:v0.15.5"
|
|
docker_s3fs_image: "xueshanf/s3fs:latest"
|
|
docker_goofys_image: "cloudproto/goofys:latest"
|
|
docker_coturn_image: "instrumentisto/coturn:4.5.0.7"
|
|
|
|
|
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
|
matrix_coturn_turn_static_auth_secret: ""
|
|
|
|
# UDP port-range to use for TURN
|
|
matrix_coturn_turn_udp_min_port: 49152
|
|
matrix_coturn_turn_udp_max_port: 49172
|
|
|
|
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
|
|
|
|
matrix_s3_media_store_enabled: false
|
|
matrix_s3_media_store_bucket_name: "your-bucket-name"
|
|
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
|
|
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
|
|
matrix_s3_media_store_region: "eu-central-1"
|
|
|
|
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
|
|
# If you wish to connect to your Matrix server by other means,
|
|
# you may wish to disable this.
|
|
matrix_riot_web_enabled: true
|
|
|
|
# By default, this playbook sets up its own nginx proxy server on port 80/443.
|
|
# This is fine if you're dedicating the whole server to Matrix.
|
|
# But in case that's not the case, you may wish to prevent that
|
|
# and take care of proxying by yourself.
|
|
matrix_nginx_proxy_enabled: true
|
|
|
|
# Specifies when to attempt to retrieve new SSL certificates from Let's Encrypt.
|
|
matrix_ssl_renew_cron_time_definition: "15 4 */5 * *"
|
|
|
|
# Specifies when to reload the matrix-nginx-proxy service so that
|
|
# a new SSL certificate could go into effect.
|
|
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|