overmind
/
matrix-docker-ansible-deploy
espelho de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Derivar 0
Código Questões 0 Lançamentos 0 Wiki Trabalho
Matrix Docker Ansible eploy
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
10703 Cometimentos
13 Ramos
36 MiB
 
 
Árvore: 68ccfd4b3e
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de '68ccfd4b3e'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-matrixto/defaults/main.yml

173 linhas
10 KiB
Em bruto Responsabilidade Histórico 

  1. # SPDX-FileCopyrightText: 2023 - 2024 Nikita Chernyi

  2. # SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev

  3. # SPDX-FileCopyrightText: 2024 Sergio Durigan Junior

  4. # SPDX-FileCopyrightText: 2025 MASH project contributors

  5. # SPDX-FileCopyrightText: 2025 Suguru Hirahara

  6. #

  7. # SPDX-License-Identifier: AGPL-3.0-or-later

  8. 

  9. ---

  10. # Project source code URL: https://app.radicle.xyz/nodes/seed.radicle.garden/rad%3Az3Re1EQbd186vUQDwHByYiLadsVWY

  11. 

  12. matrix_matrixto_enabled: true

  13. 

  14. matrix_matrixto_identifier: matrix-matrixto

  15. matrix_matrixto_base_path: "/{{ matrix_matrixto_identifier }}"

  16. 

  17. matrix_matrixto_version: 1.2.17-1

  18. 

  19. matrix_matrixto_scheme: https

  20. 

  21. # The hostname at which Matrix.to is served.

  22. matrix_matrixto_hostname: ""

  23. 

  24. # The path at which Matrix.to is exposed.

  25. # This value must either be `/` or not end with a slash (e.g. `/matrixto`).

  26. #

  27. # Hosting Matrix.to under a subpath does not seem to be possible due to Matrix.to's

  28. # technical limitations.

  29. matrix_matrixto_path_prefix: /

  30. 

  31. # There does not exist a known pre-built container image. It needs to be built locally.

  32. matrix_matrixto_container_image_self_build: true

  33. matrix_matrixto_container_image_self_build_name: "shirahara/matrixto:{{ matrix_matrixto_container_image_self_build_repo_version }}"

  34. matrix_matrixto_container_image_self_build_repo: "https://seed.radicle.garden/z3Re1EQbd186vUQDwHByYiLadsVWY.git"

  35. matrix_matrixto_container_image_self_build_repo_version: "{{ matrix_matrixto_version if matrix_matrixto_version != 'latest' else 'main' }}"

  36. matrix_matrixto_container_image_self_build_src_files_path: "{{ matrix_matrixto_base_path }}/docker-src"

  37. 

  38. # Controls whether the container exposes its HTTP port (tcp/8080 in the container).

  39. #

  40. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:2586"), or empty string to not expose.

  41. matrix_matrixto_container_http_host_bind_port: ""

  42. 

  43. # The base container network. It will be auto-created by this role if it doesn't exist already.

  44. matrix_matrixto_container_network: "{{ matrix_matrixto_identifier }}"

  45. 

  46. # The port number in the container

  47. matrix_matrixto_container_http_port: 5000

  48. 

  49. # A list of additional container networks that the container would be connected to.

  50. # The role does not create these networks, so make sure they already exist.

  51. # Use this to expose this container to another reverse proxy, which runs in a different container network.

  52. matrix_matrixto_container_additional_networks: "{{ matrix_matrixto_container_additional_networks_auto + matrix_matrixto_container_additional_networks_custom }}"

  53. matrix_matrixto_container_additional_networks_auto: []

  54. matrix_matrixto_container_additional_networks_custom: []

  55. 

  56. # A list of additional "volumes" to mount in the container.

  57. # This list gets populated dynamically at runtime. You can provide a different default value,

  58. # if you wish to mount your own files into the container.

  59. # Contains definition objects like this: `{"type": "bind", "src": "/outside", "dst": "/inside", "options": "readonly"}.

  60. # See the `--mount` documentation for the `docker run` command.

  61. matrix_matrixto_container_additional_volumes: "{{ matrix_matrixto_container_additional_volumes_auto + matrix_matrixto_container_additional_volumes_custom }}"

  62. matrix_matrixto_container_additional_volumes_auto: []

  63. matrix_matrixto_container_additional_volumes_custom: []

  64. 

  65. # matrix_matrixto_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.

  66. # See `../templates/labels.j2` for details.

  67. #

  68. # To inject your own other container labels, see `matrix_matrixto_container_labels_additional_labels`.

  69. matrix_matrixto_container_labels_traefik_enabled: true

  70. matrix_matrixto_container_labels_traefik_docker_network: "{{ matrix_matrixto_container_network }}"

  71. matrix_matrixto_container_labels_traefik_hostname: "{{ matrix_matrixto_hostname }}"

  72. # The path prefix must either be `/` or not end with a slash (e.g. `/matrixto`).

  73. matrix_matrixto_container_labels_traefik_path_prefix: "{{ matrix_matrixto_path_prefix }}"

  74. matrix_matrixto_container_labels_traefik_rule: "Host(`{{ matrix_matrixto_container_labels_traefik_hostname }}`){% if matrix_matrixto_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_matrixto_container_labels_traefik_path_prefix }}`){% endif %}"

  75. matrix_matrixto_container_labels_traefik_priority: 0

  76. matrix_matrixto_container_labels_traefik_entrypoints: web-secure

  77. matrix_matrixto_container_labels_traefik_tls: "{{ matrix_matrixto_container_labels_traefik_entrypoints != 'web' }}"

  78. matrix_matrixto_container_labels_traefik_tls_certResolver: default  # noqa var-naming

  79. 

  80. # Controls which additional headers to attach to all HTTP requests.

  81. # To add your own custom request headers, use `matrix_matrixto_container_labels_traefik_additional_request_headers_custom`

  82. matrix_matrixto_container_labels_traefik_additional_request_headers: "{{ matrix_matrixto_container_labels_traefik_additional_request_headers_auto | combine(matrix_matrixto_container_labels_traefik_additional_request_headers_custom) }}"

  83. matrix_matrixto_container_labels_traefik_additional_request_headers_auto: {}

  84. matrix_matrixto_container_labels_traefik_additional_request_headers_custom: {}

  85. 

  86. # Controls which additional headers to attach to all HTTP responses.

  87. # To add your own custom response headers, use `matrix_matrixto_container_labels_traefik_additional_response_headers_custom`

  88. matrix_matrixto_container_labels_traefik_additional_response_headers: "{{ matrix_matrixto_container_labels_traefik_additional_response_headers_auto | combine(matrix_matrixto_container_labels_traefik_additional_response_headers_custom) }}"

  89. matrix_matrixto_container_labels_traefik_additional_response_headers_auto: |

  90.   {{

  91.     {}

  92.     | combine ({'X-XSS-Protection': matrix_matrixto_http_header_xss_protection} if matrix_matrixto_http_header_xss_protection else {})

  93.     | combine ({'X-Content-Type-Options': matrix_matrixto_http_header_content_type_options} if matrix_matrixto_http_header_content_type_options else {})

  94.     | combine ({'Content-Security-Policy': matrix_matrixto_http_header_content_security_policy} if matrix_matrixto_http_header_content_security_policy else {})

  95.     | combine ({'Permissions-Policy': matrix_matrixto_http_header_permissions_policy} if matrix_matrixto_http_header_permissions_policy else {})

  96.     | combine ({'Strict-Transport-Security': matrix_matrixto_http_header_strict_transport_security} if matrix_matrixto_http_header_strict_transport_security and matrix_matrixto_container_labels_traefik_tls else {})

  97.   }}

  98. matrix_matrixto_container_labels_traefik_additional_response_headers_custom: {}

  99. 

  100. # matrix_matrixto_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.

  101. # See `../templates/labels.j2` for details.

  102. #

  103. # Example:

  104. # matrix_matrixto_container_labels_additional_labels: |

  105. #   my.label=1

  106. #   another.label="here"

  107. matrix_matrixto_container_labels_additional_labels: "com.centurylinklabs.watchtower.enable=false"

  108. 

  109. # A list of extra arguments to pass to the container (`docker run` command)

  110. matrix_matrixto_container_extra_arguments: []

  111. 

  112. # Specifies the value of the `X-XSS-Protection` header

  113. # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

  114. #

  115. # Learn more about it is here:

  116. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

  117. # - https://portswigger.net/web-security/cross-site-scripting/reflected

  118. matrix_matrixto_http_header_xss_protection: "1; mode=block"

  119. 

  120. # Specifies the value of the `X-Content-Type-Options` header.

  121. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

  122. matrix_matrixto_http_header_content_type_options: nosniff

  123. 

  124. # Specifies the value of the `Content-Security-Policy` header.

  125. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

  126. matrix_matrixto_http_header_content_security_policy: frame-ancestors 'self'

  127. 

  128. # Specifies the value of the `Permissions-Policy` header.

  129. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy

  130. matrix_matrixto_http_header_permissions_policy: "{{ 'interest-cohort=()' if matrix_matrixto_floc_optout_enabled else '' }}"

  131. 

  132. # Specifies the value of the `Strict-Transport-Security` header.

  133. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  134. matrix_matrixto_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_matrixto_hsts_preload_enabled else '' }}"

  135. 

  136. # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses

  137. #

  138. # Learn more about what it is here:

  139. # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

  140. # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network

  141. # - https://amifloced.org/

  142. #

  143. # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.

  144. # See: `matrix_matrixto_http_header_permissions_policy`

  145. matrix_matrixto_floc_optout_enabled: true

  146. 

  147. # Controls if HSTS preloading is enabled

  148. #

  149. # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and

  150. # indicates a willingness to be "preloaded" into browsers:

  151. # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

  152. # For more information visit:

  153. # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

  154. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  155. # - https://hstspreload.org/#opt-in

  156. # See: `matrix_matrixto_http_header_strict_transport_security`

  157. matrix_matrixto_hsts_preload_enabled: false

  158. 

  159. # List of systemd services that the Matrix.to systemd service depends on

  160. matrix_matrixto_systemd_required_services_list: "{{ matrix_matrixto_systemd_required_services_list_default + matrix_matrixto_systemd_required_services_list_auto + matrix_matrixto_systemd_required_services_list_custom }}"

  161. matrix_matrixto_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"

  162. matrix_matrixto_systemd_required_services_list_auto: []

  163. matrix_matrixto_systemd_required_services_list_custom: []

  164. 

  165. # List of systemd services that the Matrix.to systemd service wants

  166. matrix_matrixto_systemd_wanted_services_list: "{{ matrix_matrixto_systemd_wanted_services_list_default + matrix_matrixto_systemd_wanted_services_list_auto + matrix_matrixto_systemd_wanted_services_list_custom }}"

  167. matrix_matrixto_systemd_wanted_services_list_default: []

  168. matrix_matrixto_systemd_wanted_services_list_auto: []

  169. matrix_matrixto_systemd_wanted_services_list_custom: []

  170. 

  171. # Additional environment variables.

  172. matrix_matrixto_environment_variables_additional_variables: ""