matrix-docker-ansible-deploy/roles/matrix-server/defaults/main.yml

# The bare hostname which represents your identity.
# This is something like "example.com".
# Note: this playbook does not touch the server referenced here.
hostname_identity: "{{ host_specific_hostname_identity }}"

# This is where your data lives and what we set up here.
# This and the Riot hostname (see below) are expected to be on the same server.
hostname_matrix: "matrix.{{ hostname_identity }}"

# This is where you access the web UI from and what we set up here.
# This and the Matrix hostname (see above) are expected to be on the same server.
hostname_riot: "riot.{{ hostname_identity }}"

matrix_user_username: "matrix"
matrix_user_uid: 991
matrix_user_gid: 991

# The defaults below cause a postgres server to be configured (running within a container).
# Using an external server is possible by tweaking all of the parameters below.
matrix_postgres_use_external: false
matrix_postgres_connection_hostname: "matrix-postgres"
matrix_postgres_connection_username: "synapse"
matrix_postgres_connection_password: "synapse-password"
matrix_postgres_db_name: "homeserver"

matrix_base_data_path: "/matrix"
matrix_ssl_certs_path: "{{ matrix_base_data_path }}/ssl"
matrix_ssl_support_email: "{{ host_specific_matrix_ssl_support_email }}"
matrix_environment_variables_data_path: "{{ matrix_base_data_path }}/environment-variables"

matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"

# Specifies which template files to use when configuring Synapse.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
# and then change the specific host's `vars.yaml` file like this:
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"

matrix_synapse_macaroon_secret_key: ""
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"

# These are the identity servers that would be trusted by Synapse if mxisd is NOT enabled
matrix_synapse_id_servers_public: ['vector.im', 'riot.im', 'matrix.org']

# These are the identity servers that would be trusted by Synapse if mxisd IS enabled
matrix_synapse_id_servers_own: "['{{ hostname_matrix }}']"

# The final list of identity servers to use for Synapse.
# The first one would also be used as riot-web's default identity server.
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_own if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"

matrix_synapse_max_upload_size_mb: 10
matrix_synapse_max_log_file_size_mb: 100
matrix_synapse_max_log_files_count: 10

# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
matrix_synapse_container_additional_volumes: []

# A list of additional loggers to register in synapse.log.config.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
matrix_synapse_additional_loggers: []

# This is set dynamically during execution depending on whether
# any password providers have been enabled or not.
matrix_synapse_password_providers_enabled: false

# Enable this to activate the REST auth password provider module.
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
matrix_synapse_ext_password_provider_rest_auth_enabled: false
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.1/rest_auth_provider.py"
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false

# Enable this to activate the Shared Secret Auth password provider module.
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0/shared_secret_authenticator.py"
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""

matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres"
matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"
matrix_nginx_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
matrix_scratchpad_dir: "{{ matrix_base_data_path }}/scratchpad"

matrix_docker_image_postgres_v9: "postgres:9.6.10-alpine"
matrix_docker_image_postgres_v10: "postgres:10.5-alpine"
matrix_docker_image_postgres_latest: "{{ matrix_docker_image_postgres_v10 }}"

matrix_docker_image_synapse: "matrixdotorg/synapse:v0.33.2"
matrix_docker_image_nginx: "nginx:1.15.2-alpine"
matrix_docker_image_riot: "avhost/docker-matrix-riot:v0.16.0"
matrix_docker_image_s3fs: "xueshanf/s3fs:latest"
matrix_docker_image_goofys: "cloudproto/goofys:latest"
matrix_docker_image_coturn: "instrumentisto/coturn:4.5.0.7"
matrix_docker_image_mailer: "panubo/postfix:latest"
matrix_docker_image_mxisd: "kamax/mxisd:1.1.1"

# The Docker network that all services would be put into
matrix_docker_network: "matrix"

# A shared secret (between Synapse and Coturn) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: ""

# UDP port-range to use for TURN
matrix_coturn_turn_udp_min_port: 49152
matrix_coturn_turn_udp_max_port: 49172

matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"


matrix_s3_media_store_enabled: false
matrix_s3_media_store_bucket_name: "your-bucket-name"
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
matrix_s3_media_store_region: "eu-central-1"


# By default, this playbook sets up a postfix mailer server (running in a container).
# This is so that Matrix Synapse can send email reminders for unread messages.
# Other services (like mxisd), however, also use that mailer to send emails through it.
matrix_mailer_enabled: true

matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
matrix_mailer_relay_use: false
matrix_mailer_relay_host_name: "mail.example.com"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: false
matrix_mailer_relay_auth_username: ""
matrix_mailer_relay_auth_password: ""


# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`).
# If you wish to use the public identity servers (matrix.org, vector.im, riot.im) instead of your own,
# you may wish to disable this.
matrix_mxisd_enabled: true

matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"

# Your identity server is private by default.
# To ensure maximum discovery, you can make your identity server
# also forward lookups to the central matrix.org Identity server
# (at the cost of potentially leaking all your contacts information).
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
matrix_mxisd_matrixorg_forwarding_enabled: false

# Specifies which template files to use when configuring mxisd.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
# and then change the specific host's `vars.yaml` file like this:
# matrix_mxisd_template_config: "{{ playbook_dir }}/inventory/host_vars/<host>/mxisd.yaml.j2"
matrix_mxisd_template_config: "{{ role_path }}/templates/mxisd/mxisd.yaml.j2"


# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
# If you wish to connect to your Matrix server by other means,
# you may wish to disable this.
matrix_riot_web_enabled: true

matrix_riot_web_default_identity_server_url: "https://{{ matrix_synapse_trusted_third_party_id_servers[0] }}"


# By default, this playbook sets up its own nginx proxy server on port 80/443.
# This is fine if you're dedicating the whole server to Matrix.
# But in case that's not the case, you may wish to prevent that
# and take care of proxying by yourself.
matrix_nginx_proxy_enabled: true

# Specifies when to attempt to retrieve new SSL certificates from Let's Encrypt.
matrix_ssl_renew_cron_time_definition: "15 4 */5 * *"

# Specifies when to reload the matrix-nginx-proxy service so that
# a new SSL certificate could go into effect.
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"