overmind
/
matrix-docker-ansible-deploy
Mirror von https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Aktivität
Matrix Docker Ansible eploy
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
1367 Commits
13 Branches
78 MiB
 
 
Struktur: 20bf99eef3
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „20bf99eef3“
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-synapse/defaults/main.yml

394 Zeilen
18 KiB
Originalformat Blame Verlauf 

  1. # Synapse is a Matrix homeserver

  2. # See: https://github.com/matrix-org/synapse

  3. 

  4. matrix_synapse_enabled: true

  5. 

  6. matrix_synapse_container_image_self_build: false

  7. 

  8. matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.3"

  9. matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

  10. 

  11. matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"

  12. matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src"

  13. matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"

  14. matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"

  15. matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"

  16. matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"

  17. matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"

  18. 

  19. # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container).

  20. #

  21. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.

  22. matrix_synapse_container_client_api_host_bind_port: ''

  23. 

  24. # Controls whether the matrix-synapse container exposes the plain (unencrypted) Server/Server (Federation) API port (tcp/8048 in the container).

  25. #

  26. # Takes effect only if federation is enabled (matrix_synapse_federation_enabled).

  27. #

  28. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.

  29. matrix_synapse_container_federation_api_plain_host_bind_port: ''

  30. 

  31. # Controls whether the matrix-synapse container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container).

  32. #

  33. # Takes effect only if federation is enabled (matrix_synapse_federation_enabled)

  34. # and TLS support is enabled (matrix_synapse_tls_federation_listener_enabled).

  35. #

  36. # Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose.

  37. matrix_synapse_container_federation_api_tls_host_bind_port: ''

  38. 

  39. # Controls whether the matrix-synapse container exposes the metrics port (tcp/9100 in the container).

  40. #

  41. # Takes effect only if metrics are enabled (matrix_synapse_metrics_enabled).

  42. #

  43. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.

  44. matrix_synapse_container_metrics_api_host_bind_port: ''

  45. 

  46. # Controls whether the matrix-synapse container exposes the manhole port (tcp/9000 in the container).

  47. #

  48. # Takes effect only if the manhole is enabled (matrix_synapse_manhole_enabled).

  49. #

  50. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.

  51. matrix_synapse_container_manhole_api_host_bind_port: ''

  52. 

  53. # A list of extra arguments to pass to the container

  54. matrix_synapse_container_extra_arguments: []

  55. 

  56. # List of systemd services that matrix-synapse.service depends on

  57. matrix_synapse_systemd_required_services_list: ['docker.service']

  58. 

  59. # List of systemd services that matrix-synapse.service wants

  60. matrix_synapse_systemd_wanted_services_list: []

  61. 

  62. matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.7/site-packages"

  63. 

  64. # Specifies which template files to use when configuring Synapse.

  65. # If you'd like to have your own different configuration, feel free to copy and paste

  66. # the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)

  67. # and then change the specific host's `vars.yaml` file like this:

  68. # matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"

  69. matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"

  70. matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"

  71. 

  72. matrix_synapse_macaroon_secret_key: ""

  73. matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"

  74. matrix_synapse_allow_guest_access: false

  75. matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"

  76. 

  77. matrix_synapse_id_servers_public: ['matrix.org', 'vector.im']

  78. 

  79. # The list of identity servers to use for Synapse.

  80. # We assume this role runs standalone without a local Identity server, so we point Synapse to public ones.

  81. # This most likely gets overwritten later, so that a local Identity server is used.

  82. matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_public }}"

  83. 

  84. matrix_synapse_max_upload_size_mb: 10

  85. 

  86. # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.

  87. matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}"

  88. 

  89. # Log levels

  90. # Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels

  91. # warning: setting log level to DEBUG will make synapse log sensitive information such

  92. # as access tokens.

  93. #

  94. # Increasing verbosity may lead to an excessive amount of log messages being generated,

  95. # some of which may get dropped by systemd-journald on certain distributions (like CentOS 7).

  96. # You can work around it by adding `RateLimitInterval=0` and `RateLimitBurst=0` under `[Storage]` in

  97. # `/etc/systemd/journald.conf` and restarting the logging service (`systemctl restart systemd-journald`).

  98. matrix_synapse_log_level: "WARNING"

  99. matrix_synapse_storage_sql_log_level: "WARNING"

  100. matrix_synapse_root_log_level: "WARNING"

  101. 

  102. # Rate limits

  103. matrix_synapse_rc_message:

  104.   per_second: 0.2

  105.   burst_count: 10

  106. 

  107. matrix_synapse_rc_registration:

  108.   per_second: 0.17

  109.   burst_count: 3

  110. 

  111. matrix_synapse_rc_login:

  112.   address:

  113.     per_second: 0.17

  114.     burst_count: 3

  115.   account:

  116.     per_second: 0.17

  117.     burst_count: 3

  118.   failed_attempts:

  119.     per_second: 0.17

  120.     burst_count: 3

  121. 

  122. matrix_synapse_rc_federation:

  123.   window_size: 1000

  124.   sleep_limit: 10

  125.   sleep_delay: 500

  126.   reject_limit: 50

  127.   concurrent: 3

  128. 

  129. matrix_synapse_federation_rr_transactions_per_room_per_second: 50

  130. 

  131. # Controls whether the TLS federation listener is enabled (tcp/8448).

  132. # Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`).

  133. # Note that federation may potentially be enabled as non-TLS on tcp/8048 as well.

  134. # If you're serving Synapse behind an HTTPS-capable reverse-proxy,

  135. # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).

  136. matrix_synapse_tls_federation_listener_enabled: true

  137. matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"

  138. matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"

  139. 

  140. # Enable this to allow Synapse to report utilization statistics about your server to matrix.org

  141. # (things like number of users, number of messages sent, uptime, load, etc.)

  142. matrix_synapse_report_stats: false

  143. 

  144. # Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.

  145. # If users participate in large rooms with many other servers,

  146. # disabling this will decrease server load significantly.

  147. matrix_synapse_use_presence: true

  148. 

  149. # Controls whether accessing the server's public rooms directory can be done without authentication.

  150. # For private servers, you most likely wish to require authentication,

  151. # unless you know what list of rooms you're publishing to the world and explicitly want to do it.

  152. matrix_synapse_allow_public_rooms_without_auth: false

  153. 

  154. # Controls whether remote servers can fetch this server's public rooms directory via federation.

  155. # For private servers, you most likely wish to forbid it.

  156. matrix_synapse_allow_public_rooms_over_federation: false

  157. 

  158. # Controls whether people with access to the homeserver can register by themselves.

  159. matrix_synapse_enable_registration: false

  160. 

  161. # Allows non-server-admin users to create groups on this server

  162. matrix_synapse_enable_group_creation: false

  163. 

  164. # A list of 3PID types which users must supply when registering (possible values: email, msisdn).

  165. matrix_synapse_registrations_require_3pid: []

  166. 

  167. # A list of patterns 3pids must match in order to permit registration, e.g.:

  168. #  - medium: email

  169. #    pattern: '.*@example\.com'

  170. #  - medium: msisdn

  171. #    pattern: '\+44'

  172. matrix_synapse_allowed_local_3pids: []

  173. 

  174. # The server to use for email threepid validation. When empty, Synapse does it by itself.

  175. # Otherwise, this should be pointed to an identity server.

  176. matrix_synapse_account_threepid_delegates_email: ''

  177. 

  178. # The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it.

  179. # To make it work, this should be pointed to an identity server.

  180. matrix_synapse_account_threepid_delegates_msisdn: ''

  181. 

  182. # Users who register on this homeserver will automatically be joined to these rooms.

  183. # Rooms are to be specified using addresses (e.g. `#address:example.com`)

  184. matrix_synapse_auto_join_rooms: []

  185. 

  186. # Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created

  187. # automatically if they don't already exist.

  188. matrix_synapse_autocreate_auto_join_rooms: true

  189. 

  190. # Controls password-peppering for Synapse. Not to be changed after initial setup.

  191. matrix_synapse_password_config_pepper: ""

  192. 

  193. # Controls if Synapse allows people to authenticate against its local database.

  194. # It may be useful to disable this if you've configured additional password providers

  195. # and only wish authentication to happen through them.

  196. matrix_synapse_password_config_localdb_enabled: true

  197. 

  198. # Controls the number of events that Synapse caches in memory.

  199. matrix_synapse_event_cache_size: "100K"

  200. 

  201. # Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.

  202. # Raise this to increase cache sizes or lower it to potentially lower memory use.

  203. # To learn more, see:

  204. # - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram

  205. # - https://github.com/matrix-org/synapse/issues/3939

  206. matrix_synapse_cache_factor: 0.5

  207. 

  208. # Controls whether Synapse will federate at all.

  209. # Disable this to completely isolate your server from the rest of the Matrix network.

  210. # Also see: `matrix_synapse_tls_federation_listener_enabled` if you wish to keep federation enabled,

  211. # but want to stop the TLS listener (port 8448).

  212. matrix_synapse_federation_enabled: true

  213. 

  214. # A list of domain names that are allowed to federate with the given Synapse server.

  215. # An empty list value (`[]`) will also effectively stop federation, but if that's the desired

  216. # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.

  217. matrix_synapse_federation_domain_whitelist: ~

  218. 

  219. # A list of additional "volumes" to mount in the container.

  220. # This list gets populated dynamically based on Synapse extensions that have been enabled.

  221. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}

  222. #

  223. # Note: internally, this uses the `-v` flag for mounting the specified volumes.

  224. # It's better (safer) to use the `--mount` flag for mounting volumes.

  225. # To use `--mount`, specify it in `matrix_synapse_container_extra_arguments`.

  226. # Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']

  227. matrix_synapse_container_additional_volumes: []

  228. 

  229. # A list of additional loggers to register in synapse.log.config.

  230. # This list gets populated dynamically based on Synapse extensions that have been enabled.

  231. # Contains definition objects like this: `{"name": "..", "level": "DEBUG"}

  232. matrix_synapse_additional_loggers: []

  233. 

  234. # A list of appservice config files (in-container filesystem paths).

  235. # This list gets populated dynamically based on Synapse extensions that have been enabled.

  236. # You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.

  237. matrix_synapse_app_service_config_files: []

  238. 

  239. # This is set dynamically during execution depending on whether

  240. # any password providers have been enabled or not.

  241. matrix_synapse_password_providers_enabled: false

  242. 

  243. # Whether clients can request to include message content in push notifications

  244. # sent through third party servers. Setting this to false requires mobile clients

  245. # to load message content directly from the homeserver.

  246. matrix_synapse_push_include_content: true

  247. 

  248. # If url previews should be generated. This will cause a request from Synapse to

  249. # URLs shared by users.

  250. matrix_synapse_url_preview_enabled: true

  251. 

  252. # Enable exposure of metrics to Prometheus

  253. # See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md

  254. matrix_synapse_metrics_enabled: false

  255. matrix_synapse_metrics_port: 9100

  256. 

  257. # Enable the Synapse manhole

  258. # See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md

  259. matrix_synapse_manhole_enabled: false

  260. 

  261. 

  262. # Send ERROR logs to sentry.io for easier tracking

  263. # To set this up: go to sentry.io, create a python project, and set

  264. # matrix_synapse_sentry_dsn to the URL it gives you.

  265. # See https://github.com/matrix-org/synapse/issues/4632 for important privacy concerns

  266. matrix_synapse_sentry_dsn: ""

  267. 

  268. # Postgres database information

  269. matrix_synapse_database_host: ""

  270. matrix_synapse_database_user: ""

  271. matrix_synapse_database_password: ""

  272. matrix_synapse_database_database: ""

  273. 

  274. matrix_synapse_turn_uris: []

  275. matrix_synapse_turn_shared_secret: ""

  276. matrix_synapse_turn_allow_guests: False

  277. 

  278. matrix_synapse_email_enabled: false

  279. matrix_synapse_email_smtp_host: ""

  280. matrix_synapse_email_smtp_port: 587

  281. matrix_synapse_email_smtp_require_transport_security: false

  282. matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"

  283. matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_riot }}"

  284. 

  285. 

  286. # Enable this to activate the REST auth password provider module.

  287. # See: https://github.com/ma1uta/matrix-synapse-rest-password-provider

  288. matrix_synapse_ext_password_provider_rest_auth_enabled: false

  289. matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/ma1uta/matrix-synapse-rest-password-provider/ed377fb70513c2e51b42055eb364195af1ccaf33/rest_auth_provider.py"

  290. matrix_synapse_ext_password_provider_rest_auth_endpoint: ""

  291. matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false

  292. matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true

  293. matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false

  294. 

  295. # Enable this to activate the Shared Secret Auth password provider module.

  296. # See: https://github.com/devture/matrix-synapse-shared-secret-auth

  297. matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false

  298. matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"

  299. matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""

  300. 

  301. # Enable this to activate LDAP password provider

  302. matrix_synapse_ext_password_provider_ldap_enabled: false

  303. matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"

  304. matrix_synapse_ext_password_provider_ldap_start_tls: true

  305. matrix_synapse_ext_password_provider_ldap_base: ""

  306. matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"

  307. matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"

  308. matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"

  309. matrix_synapse_ext_password_provider_ldap_bind_dn: ""

  310. matrix_synapse_ext_password_provider_ldap_bind_password: ""

  311. matrix_synapse_ext_password_provider_ldap_filter: ""

  312. 

  313. # Enable this to activate the Synapse Antispam spam-checker module.

  314. # See: https://github.com/t2bot/synapse-simple-antispam

  315. matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false

  316. matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam"

  317. matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "f058d9ce2c7d4195ae461dcdd02df11a2d06a36b"

  318. matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: []

  319. 

  320. matrix_s3_media_store_enabled: false

  321. matrix_s3_media_store_custom_endpoint_enabled: false

  322. matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"

  323. matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}"

  324. matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"

  325. matrix_s3_media_store_bucket_name: "your-bucket-name"

  326. matrix_s3_media_store_aws_access_key: "your-aws-access-key"

  327. matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"

  328. matrix_s3_media_store_region: "eu-central-1"

  329. 

  330. # Controls whether the self-check feature should validate SSL certificates.

  331. matrix_synapse_self_check_validate_certificates: true

  332. 

  333. # Controls whether searching the public room list is enabled.

  334. matrix_synapse_enable_room_list_search: true

  335. 

  336. # Controls who's allowed to create aliases on this server.

  337. matrix_synapse_alias_creation_rules:

  338.   - user_id: "*"

  339.     alias: "*"

  340.     room_id: "*"

  341.     action: allow

  342. 

  343. # Controls who can publish and which rooms can be published in the public room list.

  344. matrix_synapse_room_list_publication_rules:

  345.   - user_id: "*"

  346.     alias: "*"

  347.     room_id: "*"

  348.     action: allow

  349. 

  350. matrix_synapse_default_room_version: "5"

  351. 

  352. # Controls the Synapse `spam_checker` setting.

  353. #

  354. # If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.

  355. # If not, you can also control its value manually.

  356. matrix_synapse_spam_checker: ~

  357. 

  358. matrix_synapse_trusted_key_servers:

  359.   - server_name: "matrix.org"

  360. 

  361. matrix_synapse_redaction_retention_period: 7d

  362. 

  363. matrix_synapse_user_ips_max_age: 28d

  364. 

  365. # Default Synapse configuration template which covers the generic use case.

  366. # You can customize it by controlling the various variables inside it.

  367. #

  368. # For a more advanced customization, you can extend the default (see `matrix_synapse_configuration_extension_yaml`)

  369. # or completely replace this variable with your own template.

  370. matrix_synapse_configuration_yaml: "{{ lookup('template', 'templates/synapse/homeserver.yaml.j2') }}"

  371. 

  372. matrix_synapse_configuration_extension_yaml: |

  373.   # Your custom YAML configuration for Synapse goes here.

  374.   # This configuration extends the default starting configuration (`matrix_synapse_configuration_yaml`).

  375.   #

  376.   # You can override individual variables from the default configuration, or introduce new ones.

  377.   #

  378.   # If you need something more special, you can take full control by

  379.   # completely redefining `matrix_synapse_configuration_yaml`.

  380.   #

  381.   # Example configuration extension follows:

  382.   #

  383.   # server_notices:

  384.   #   system_mxid_localpart: notices

  385.   #   system_mxid_display_name: "Server Notices"

  386.   #   system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"

  387.   #   room_name: "Server Notices"

  388. 

  389. matrix_synapse_configuration_extension: "{{ matrix_synapse_configuration_extension_yaml|from_yaml if matrix_synapse_configuration_extension_yaml|from_yaml is mapping else {} }}"

  390. 

  391. # Holds the final Synapse configuration (a combination of the default and its extension).

  392. # You most likely don't need to touch this variable. Instead, see `matrix_synapse_configuration_yaml`.

  393. matrix_synapse_configuration: "{{ matrix_synapse_configuration_yaml|from_yaml|combine(matrix_synapse_configuration_extension, recursive=True) }}"