338 lines
13 KiB
YAML
338 lines
13 KiB
YAML
#
|
|
# General config
|
|
# Domain of the matrix server and SSL config
|
|
#
|
|
matrix_domain: finallycoffee.eu
|
|
matrix_ssl_retrieval_method: none
|
|
matrix_nginx_proxy_enabled: false
|
|
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
|
|
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
|
|
|
|
web_user: "web"
|
|
revproxy_autoload_dir: "/vault/services/web/sites.d"
|
|
|
|
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
|
|
matrix_mautrix_telegram_version: v0.10.0
|
|
|
|
#
|
|
# General Synapse config
|
|
#
|
|
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
|
|
# A secret used to protect access keys issued by the server.
|
|
matrix_synapse_macaroon_secret_key: "{{ vault_matrix_synapse_macaroon_secret_key }}"
|
|
# Make synapse accept larger media aswell
|
|
matrix_synapse_max_upload_size_mb: 100
|
|
# Enable metrics at (default) :9100/_synapse/metrics
|
|
matrix_synapse_metrics_enabled: true
|
|
matrix_synapse_enable_group_creation: true
|
|
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
|
matrix_synapse_turn_uris:
|
|
- "turns:voip.matrix.finallycoffee.eu?transport=udp"
|
|
- "turns:voip.matrix.finallycoffee.eu?transport=tcp"
|
|
# Auto-join all users into those rooms
|
|
matrix_synapse_auto_join_rooms:
|
|
- "#welcome:finallycoffee.eu"
|
|
- "#announcements:finallycoffee.eu"
|
|
|
|
## Synapse rate limits
|
|
matrix_synapse_rc_federation:
|
|
window_size: 1000
|
|
sleep_limit: 25
|
|
sleep_delay: 500
|
|
reject_limit: 50
|
|
concurrent: 5
|
|
matrix_synapse_rc_message:
|
|
per_second: 0.5
|
|
burst_count: 25
|
|
|
|
## Synapse cache tuning
|
|
matrix_synapse_caches_global_factor: 0.7
|
|
matrix_synapse_event_cache_size: "200K"
|
|
|
|
## Synapse workers
|
|
matrix_synapse_workers_enabled: true
|
|
matrix_synapse_workers_preset: "little-federation-helper"
|
|
matrix_synapse_workers_generic_worker_client_server_count: 0
|
|
matrix_synapse_workers_media_repository_workers_count: 0
|
|
matrix_synapse_workers_federation_sender_workers_count: 1
|
|
matrix_synapse_workers_pusher_workers_count: 0
|
|
matrix_synapse_workers_appservice_workers_count: 1
|
|
|
|
# Static secret auth for matrix-synapse-shared-secret-auth
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
|
matrix_synapse_ext_password_provider_rest_auth_enabled: true
|
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
|
|
|
# Enable experimental spaces support
|
|
matrix_synapse_configuration_extension_yaml: |
|
|
experimental_features:
|
|
spaces_enabled: true
|
|
|
|
#
|
|
# synapse-admin tool
|
|
#
|
|
matrix_synapse_admin_enabled: true
|
|
matrix_synapse_admin_container_http_host_bind_port: 8985
|
|
|
|
|
|
#
|
|
# VoIP / CoTURN config
|
|
#
|
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
|
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
|
# Disable coturn, as we use own instance
|
|
matrix_coturn_enabled: false
|
|
|
|
|
|
#
|
|
# dimension (integration manager) config
|
|
#
|
|
matrix_dimension_enabled: true
|
|
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
|
|
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
|
|
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
|
|
matrix_dimension_configuration_extension_yaml: |
|
|
telegram:
|
|
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
|
|
|
|
|
|
#
|
|
# mautrix-whatsapp config
|
|
#
|
|
matrix_mautrix_whatsapp_enabled: true
|
|
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
|
|
matrix_mautrix_whatsapp_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
|
|
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
|
bridge:
|
|
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
|
|
max_connection_attempts: 5
|
|
connection_timeout: 30
|
|
contact_wait_delay: 5
|
|
private_chat_portal_meta: true
|
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
|
logging:
|
|
print_level: info
|
|
metrics:
|
|
enabled: true
|
|
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
|
|
whatsapp:
|
|
os_name: Linux mautrix-whatsapp
|
|
browser_name: Chrome
|
|
|
|
|
|
#
|
|
# mautrix-telegram config
|
|
#
|
|
matrix_mautrix_telegram_enabled: true
|
|
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
|
|
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
|
|
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
|
|
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
|
|
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
|
|
matrix_mautrix_telegram_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
|
|
matrix_mautrix_telegram_configuration_extension_yaml: |
|
|
bridge:
|
|
displayname_template: "{displayname} (via Telegram)"
|
|
parallel_file_transfer: false
|
|
inline_images: false
|
|
image_as_file_size: 20
|
|
delivery_receipts: true
|
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
|
animated_sticker:
|
|
target: webm
|
|
encryption:
|
|
allow: true
|
|
default: true
|
|
permissions:
|
|
"@transcaffeine:finallycoffee.eu": "admin"
|
|
logging:
|
|
root:
|
|
level: INFO
|
|
metrics:
|
|
enabled: true
|
|
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
|
|
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
|
|
|
|
|
|
#
|
|
# mautrix-signal config
|
|
#
|
|
matrix_mautrix_signal_enabled: true
|
|
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
|
|
matrix_mautrix_signal_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
|
|
matrix_mautrix_signal_configuration_extension_yaml: |
|
|
bridge:
|
|
displayname_template: "{displayname} (via Signal)"
|
|
community_id: "+signal:finallycoffee.eu"
|
|
encryption:
|
|
allow: true
|
|
default: true
|
|
key_sharing:
|
|
allow: true
|
|
require_verification: false
|
|
delivery_receipts: true
|
|
logging:
|
|
root:
|
|
level: INFO
|
|
metrics:
|
|
enabled: true
|
|
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
|
|
|
|
|
|
#
|
|
# mx-puppet-instagram configuration
|
|
#
|
|
matrix_mx_puppet_instagram_enabled: true
|
|
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
|
|
matrix_mx_puppet_instagram_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
|
|
matrix_mx_puppet_instagram_configuration_extension_yaml: |
|
|
bridge:
|
|
enableGroupSync: true
|
|
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
|
|
metrics:
|
|
enabled: true
|
|
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
|
|
path: /metrics
|
|
presence:
|
|
enabled: true
|
|
interval: 3000
|
|
|
|
|
|
#
|
|
# mx-puppet-skype configuration
|
|
#
|
|
matrix_mx_puppet_skype_enabled: true
|
|
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
|
|
matrix_mx_puppet_skype_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
|
|
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
|
bridge:
|
|
enableGroupSync: true
|
|
avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
|
|
metrics:
|
|
enabled: true
|
|
port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
|
|
path: /metrics
|
|
|
|
|
|
#
|
|
# mx-puppet-discord configuration
|
|
#
|
|
matrix_mx_puppet_discord_enabled: true
|
|
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
|
|
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
|
|
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
|
|
matrix_mx_puppet_discord_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
|
|
matrix_mx_puppet_discord_configuration_extension_yaml: |
|
|
bridge:
|
|
enableGroupSync: true
|
|
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
|
|
metrics:
|
|
enabled: true
|
|
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
|
|
path: /metrics
|
|
limits:
|
|
maxAutojoinUsers: 500
|
|
roomUserAutojoinDelay: 50
|
|
presence:
|
|
enabled: true
|
|
interval: 3000
|
|
|
|
|
|
#
|
|
# mx-puppet-slack configuration
|
|
#
|
|
matrix_mx_puppet_slack_enabled: true
|
|
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
|
|
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
|
|
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
|
|
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
|
|
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
|
|
matrix_mx_puppet_slack_container_extra_arguments:
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
|
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
|
|
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
|
bridge:
|
|
enableGroupSync: true
|
|
metrics:
|
|
enabled: true
|
|
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
|
|
path: /metrics
|
|
limits:
|
|
maxAutojoinUsers: 500
|
|
roomUserAutojoinDelay: 50
|
|
presence:
|
|
enabled: true
|
|
interval: 3000
|
|
|
|
|
|
#
|
|
# Element web configuration
|
|
#
|
|
# Branding config
|
|
matrix_client_element_brand: "Chat"
|
|
matrix_client_element_default_theme: "dark"
|
|
matrix_client_element_themes_enabled: true
|
|
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
|
|
matrix_client_element_welcome_text: |
|
|
Decentralised, encrypted chat & collaboration,<br />
|
|
hosted on finallycoffee.eu, powered by element.io &
|
|
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
|
|
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
|
|
</a>
|
|
matrix_client_element_welcome_logo: "welcome/images/logo.png"
|
|
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
|
|
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
|
|
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
|
|
matrix_client_element_container_extra_arguments:
|
|
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
|
|
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
|
|
# Integration and capabilites config
|
|
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
|
|
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
|
|
matrix_client_element_integrations_widgets_urls:
|
|
- "https://{{ matrix_server_fqn_dimension }}/widgets"
|
|
- "https://scalar.vector.im/api"
|
|
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
|
|
matrix_client_element_disable_custom_urls: false
|
|
matrix_client_element_roomdir_servers:
|
|
- "matrix.org"
|
|
- "finallycoffee.eu"
|
|
- "entropia.de"
|
|
matrix_client_element_enable_presence_by_hs_url:
|
|
https://matrix.org: false
|
|
|
|
|
|
# Matrix ma1sd extended configuration
|
|
matrix_ma1sd_configuration_extension_yaml: |
|
|
hashing:
|
|
enabled: true
|
|
pepperLength: 20
|
|
rotationPolicy: per_requests
|
|
requests: 10
|
|
hashStorageType: sql
|
|
algorithms:
|
|
- none
|
|
- sha256
|
|
|
|
|
|
# Matrix mail notification relay setup
|
|
matrix_mailer_enabled: true
|
|
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
|
|
matrix_mailer_relay_use: true
|
|
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
|
|
matrix_mailer_relay_host_port: 587
|
|
matrix_mailer_relay_auth: true
|
|
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
|
|
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"
|