overmind
/
matrix-docker-ansible-deploy
peilaus alkaen https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Koodi Ongelmat 0 Julkaisut 0 Wiki Toiminta
Selaa lähdekoodia

added header flags back in.

element-call-integration
wjbeckett 1 vuosi sitten
vanhempi
6c8923ae28
commit
2b4fdea70f
6 muutettua tiedostoa jossa 78 lisäystä ja 78 poistoa
Jaettu näkymä
Diff Options
Show Stats Download Patch File Download Diff File
  1. +20
    -20
      roles/custom/matrix-element-call/defaults/main.yml
  2. +6
    -6
      roles/custom/matrix-element-call/templates/element-call-labels.j2
  3. +20
    -20
      roles/custom/matrix-jwt-service/defaults/main.yml
  4. +6
    -6
      roles/custom/matrix-jwt-service/templates/labels.j2
  5. +20
    -20
      roles/custom/matrix-livekit-server/defaults/main.yml
  6. +6
    -6
      roles/custom/matrix-livekit-server/templates/labels.j2

+ 20
- 20
roles/custom/matrix-element-call/defaults/main.yml Näytä tiedosto

@@ -38,18 +38,18 @@ matrix_element_call_container_labels_traefik_tls_certResolver: default # noqa v

# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom`
#matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}"
#matrix_element_call_container_labels_traefik_additional_response_headers_auto: |
# {{
# {}
# | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {})
# | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {})
# | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {})
# | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {})
# | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {})
# | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {})
# }}
#matrix_element_call_container_labels_traefik_additional_response_headers_custom: {}
matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}"
matrix_element_call_container_labels_traefik_additional_response_headers_auto: |
{{
{}
| combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {})
| combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {})
| combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {})
| combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {})
| combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {})
| combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {})
}}
matrix_element_call_container_labels_traefik_additional_response_headers_custom: {}

# matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
@@ -75,27 +75,27 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
#matrix_element_call_http_header_xss_protection: "1; mode=block"
matrix_element_call_http_header_xss_protection: ''

# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
#matrix_element_call_http_header_frame_options: SAMEORIGIN
matrix_element_call_http_header_frame_options: ''

# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
#matrix_element_call_http_header_content_type_options: nosniff
matrix_element_call_http_header_content_type_options: ''

# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
#matrix_element_call_http_header_content_security_policy: frame-ancestors 'self'
matrix_element_call_http_header_content_security_policy: ''

# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
#matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}"
matrix_element_call_http_header_content_permission_policy: ''

# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
#matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}"
matrix_element_call_http_header_strict_transport_security: ''

# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
@@ -106,7 +106,7 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `matrix_element_call_content_permission_policy`
#matrix_element_call_floc_optout_enabled: true
matrix_element_call_floc_optout_enabled: false

# Controls if HSTS preloading is enabled
#
@@ -118,7 +118,7 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `matrix_element_call_http_header_strict_transport_security`
#matrix_element_call_hsts_preload_enabled: true
matrix_element_call_hsts_preload_enabled: false

# Enable or disable metrics collection
matrix_element_call_metrics_enabled: false


+ 6
- 6
roles/custom/matrix-element-call/templates/element-call-labels.j2 Näytä tiedosto

@@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-element-call-strip-prefix.stripprefix.prefixes={
{% set middlewares = middlewares + ['matrix-element-call-strip-prefix'] %}
{% endif %}

#{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
#{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %}
#traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
#{% endfor %}
#{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %}
#{% endif %}
{% if matrix_element_call_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_element_call_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-element-call-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-element-call-add-headers'] %}
{% endif %}

traefik.http.routers.matrix-element-call.rule={{ matrix_element_call_container_labels_traefik_rule }}
{% if matrix_element_call_container_labels_traefik_priority | int > 0 %}


+ 20
- 20
roles/custom/matrix-jwt-service/defaults/main.yml Näytä tiedosto

@@ -34,18 +34,18 @@ matrix_jwt_service_container_labels_traefik_tls_certResolver: default # noqa va

# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_jwt_service_container_labels_traefik_additional_response_headers_custom`
#matrix_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_jwt_service_container_labels_traefik_additional_response_headers_custom) }}"
#matrix_jwt_service_container_labels_traefik_additional_response_headers_auto: |
# {{
# {}
# | combine ({'X-XSS-Protection': matrix_jwt_service_http_header_xss_protection} if matrix_jwt_service_http_header_xss_protection else {})
# | combine ({'X-Frame-Options': matrix_jwt_service_http_header_frame_options} if matrix_jwt_service_http_header_frame_options else {})
# | combine ({'X-Content-Type-Options': matrix_jwt_service_http_header_content_type_options} if matrix_jwt_service_http_header_content_type_options else {})
# | combine ({'Content-Security-Policy': matrix_jwt_service_http_header_content_security_policy} if matrix_jwt_service_http_header_content_security_policy else {})
## | combine ({'Permission-Policy': matrix_jwt_service_http_header_content_permission_policy} if matrix_jwt_service_http_header_content_permission_policy else {})
# | combine ({'Strict-Transport-Security': matrix_jwt_service_http_header_strict_transport_security} if matrix_jwt_service_http_header_strict_transport_security and matrix_jwt_service_container_labels_traefik_tls else {})
# }}
#matrix_jwt_service_container_labels_traefik_additional_response_headers_custom: {}
matrix_jwt_service_container_labels_traefik_additional_response_headers: "{{ matrix_jwt_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_jwt_service_container_labels_traefik_additional_response_headers_custom) }}"
matrix_jwt_service_container_labels_traefik_additional_response_headers_auto: |
{{
{}
| combine ({'X-XSS-Protection': matrix_jwt_service_http_header_xss_protection} if matrix_jwt_service_http_header_xss_protection else {})
| combine ({'X-Frame-Options': matrix_jwt_service_http_header_frame_options} if matrix_jwt_service_http_header_frame_options else {})
| combine ({'X-Content-Type-Options': matrix_jwt_service_http_header_content_type_options} if matrix_jwt_service_http_header_content_type_options else {})
| combine ({'Content-Security-Policy': matrix_jwt_service_http_header_content_security_policy} if matrix_jwt_service_http_header_content_security_policy else {})
| combine ({'Permission-Policy': matrix_jwt_service_http_header_content_permission_policy} if matrix_jwt_service_http_header_content_permission_policy else {})
| combine ({'Strict-Transport-Security': matrix_jwt_service_http_header_strict_transport_security} if matrix_jwt_service_http_header_strict_transport_security and matrix_jwt_service_container_labels_traefik_tls else {})
}}
matrix_jwt_service_container_labels_traefik_additional_response_headers_custom: {}

# matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
@@ -71,27 +71,27 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
#matrix_jwt_service_http_header_xss_protection: "1; mode=block"
matrix_jwt_service_http_header_xss_protection: ''

# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
#matrix_jwt_service_http_header_frame_options: SAMEORIGIN
matrix_jwt_service_http_header_frame_options: ''

# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
#matrix_jwt_service_http_header_content_type_options: nosniff
matrix_jwt_service_http_header_content_type_options: ''

# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
#matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self'
matrix_jwt_service_http_header_content_security_policy: ''

# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
#matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}"
matrix_jwt_service_http_header_content_permission_policy: ''

# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
#matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}"
matrix_jwt_service_http_header_strict_transport_security: ''

# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
@@ -102,7 +102,7 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `matrix_jwt_service_content_permission_policy`
#matrix_jwt_service_floc_optout_enabled: true
matrix_jwt_service_floc_optout_enabled: false

# Controls if HSTS preloading is enabled
#
@@ -114,4 +114,4 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `matrix_jwt_service_http_header_strict_transport_security`
#matrix_jwt_service_hsts_preload_enabled: true
matrix_jwt_service_hsts_preload_enabled: true

+ 6
- 6
roles/custom/matrix-jwt-service/templates/labels.j2 Näytä tiedosto

@@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-jwt-service-strip-prefix.stripprefix.prefixes={{
{% set middlewares = middlewares + ['matrix-jwt-service-strip-prefix'] %}
{% endif %}

#{% if matrix_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
#{% for name, value in matrix_jwt_service_container_labels_traefik_additional_response_headers.items() %}
#traefik.http.middlewares.matrix-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
#{% endfor %}
#{% set middlewares = middlewares + ['matrix-jwt-service-add-headers'] %}
#{% endif %}
{% if matrix_jwt_service_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_jwt_service_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-jwt-service-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-jwt-service-add-headers'] %}
{% endif %}

traefik.http.routers.matrix-jwt-service.rule={{ matrix_jwt_service_container_labels_traefik_rule }}
{% if matrix_jwt_service_container_labels_traefik_priority | int > 0 %}


+ 20
- 20
roles/custom/matrix-livekit-server/defaults/main.yml Näytä tiedosto

@@ -32,18 +32,18 @@ matrix_livekit_server_container_labels_traefik_tls_certResolver: default # noqa

# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_livekit_server_container_labels_traefik_additional_response_headers_custom`
#matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}"
#matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: |
# {{
# {}
# | combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {})
# | combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {})
# | combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {})
# | combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {})
# | combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {})
# | combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {})
# }}
#matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {}
matrix_livekit_server_container_labels_traefik_additional_response_headers: "{{ matrix_livekit_server_container_labels_traefik_additional_response_headers_auto | combine(matrix_livekit_server_container_labels_traefik_additional_response_headers_custom) }}"
matrix_livekit_server_container_labels_traefik_additional_response_headers_auto: |
{{
{}
| combine ({'X-XSS-Protection': matrix_livekit_server_http_header_xss_protection} if matrix_livekit_server_http_header_xss_protection else {})
| combine ({'X-Frame-Options': matrix_livekit_server_http_header_frame_options} if matrix_livekit_server_http_header_frame_options else {})
| combine ({'X-Content-Type-Options': matrix_livekit_server_http_header_content_type_options} if matrix_livekit_server_http_header_content_type_options else {})
| combine ({'Content-Security-Policy': matrix_livekit_server_http_header_content_security_policy} if matrix_livekit_server_http_header_content_security_policy else {})
| combine ({'Permission-Policy': matrix_livekit_server_http_header_content_permission_policy} if matrix_livekit_server_http_header_content_permission_policy else {})
| combine ({'Strict-Transport-Security': matrix_livekit_server_http_header_strict_transport_security} if matrix_livekit_server_http_header_strict_transport_security and matrix_livekit_server_container_labels_traefik_tls else {})
}}
matrix_livekit_server_container_labels_traefik_additional_response_headers_custom: {}

# matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
@@ -69,27 +69,27 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
#matrix_livekit_server_http_header_xss_protection: "1; mode=block"
matrix_livekit_server_http_header_xss_protection: ''

# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
#matrix_livekit_server_http_header_frame_options: SAMEORIGIN
matrix_livekit_server_http_header_frame_options: ''

# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
#matrix_livekit_server_http_header_content_type_options: nosniff
matrix_livekit_server_http_header_content_type_options: ''

# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
#matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self'
matrix_livekit_server_http_header_content_security_policy: ''

# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
#matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}"
matrix_livekit_server_http_header_content_permission_policy: ''

# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
#matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}"
matrix_livekit_server_http_header_strict_transport_security: ''

# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
@@ -100,7 +100,7 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `matrix_livekit_server_content_permission_policy`
#matrix_livekit_server_floc_optout_enabled: true
matrix_livekit_server_floc_optout_enabled: false

# Controls if HSTS preloading is enabled
#
@@ -112,4 +112,4 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `matrix_livekit_server_http_header_strict_transport_security`
#matrix_livekit_server_hsts_preload_enabled: true
matrix_livekit_server_hsts_preload_enabled: true

+ 6
- 6
roles/custom/matrix-livekit-server/templates/labels.j2 Näytä tiedosto

@@ -20,12 +20,12 @@ traefik.http.middlewares.matrix-livekit-server-strip-prefix.stripprefix.prefixes
{% set middlewares = middlewares + ['matrix-livekit-server-strip-prefix'] %}
{% endif %}

#{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
#{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %}
#traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
#{% endfor %}
#{% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %}
#{% endif %}
{% if matrix_livekit_server_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_livekit_server_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-livekit-server-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-livekit-server-add-headers'] %}
{% endif %}

traefik.http.routers.matrix-livekit-server.rule={{ matrix_livekit_server_container_labels_traefik_rule }}
{% if matrix_livekit_server_container_labels_traefik_priority | int > 0 %}


Kirjoita Esikatselu
Ladataan…
Peruuta
Tallenna