overmind
/
matrix-docker-ansible-deploy
réplica de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Código Incidencias 0 Lanzamientos 0 Wiki Actividad
Matrix Docker Ansible eploy
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
10622 Commits
16 Ramas
963 MiB
 
 
Árbol: 8a9d58ae3a
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '8a9d58ae3a'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-matrixto/defaults/main.yml

182 líneas
10 KiB
Original Blame Histórico 

  1. # SPDX-FileCopyrightText: 2023 - 2024 Nikita Chernyi

  2. # SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev

  3. # SPDX-FileCopyrightText: 2024 Sergio Durigan Junior

  4. # SPDX-FileCopyrightText: 2025 MASH project contributors

  5. # SPDX-FileCopyrightText: 2025 Suguru Hirahara

  6. #

  7. # SPDX-License-Identifier: AGPL-3.0-or-later

  8. 

  9. ---

  10. # Project source code URL: https://app.radicle.xyz/nodes/seed.radicle.garden/rad%3Az3Re1EQbd186vUQDwHByYiLadsVWY

  11. 

  12. matrixto_enabled: true

  13. 

  14. matrixto_identifier: matrixto

  15. matrixto_base_path: "/{{ matrixto_identifier }}"

  16. 

  17. matrixto_version: 1.2.17-1

  18. 

  19. matrixto_uid: ""

  20. matrixto_gid: ""

  21. 

  22. matrixto_scheme: https

  23. 

  24. # The hostname at which Matrix.to is served.

  25. matrixto_hostname: ""

  26. 

  27. # The path at which Matrix.to is exposed.

  28. # This value must either be `/` or not end with a slash (e.g. `/matrixto`).

  29. #

  30. # Hosting Matrix.to under a subpath does not seem to be possible due to Matrix.to's

  31. # technical limitations.

  32. matrixto_path_prefix: /

  33. 

  34. matrixto_container_image: "{{ matrixto_container_image_registry_prefix }}shirahara/matrixto:{{ matrixto_container_image_tag }}"

  35. matrixto_container_image_tag: "{{ matrixto_version }}"

  36. matrixto_container_image_registry_prefix: "{{ matrixto_container_image_registry_prefix_upstream }}"

  37. matrixto_container_image_registry_prefix_upstream: "{{ matrixto_container_image_registry_prefix_upstream_default }}"

  38. matrixto_container_image_registry_prefix_upstream_default: ""

  39. matrixto_container_image_force_pull: "{{ matrixto_container_image.endswith(':latest') }}"

  40. 

  41. matrixto_container_image_self_build: true

  42. matrixto_container_image_self_build_name: "shirahara/matrixto:{{ matrixto_container_image_self_build_repo_version }}"

  43. matrixto_container_image_self_build_repo: "https://seed.radicle.garden/z3Re1EQbd186vUQDwHByYiLadsVWY.git"

  44. matrixto_container_image_self_build_repo_version: "{{ matrixto_version if matrixto_version != 'latest' else 'main' }}"

  45. matrixto_container_image_self_build_src_files_path: "{{ matrixto_base_path }}/docker-src"

  46. 

  47. # Controls whether the container exposes its HTTP port (tcp/8080 in the container).

  48. #

  49. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:2586"), or empty string to not expose.

  50. matrixto_container_http_host_bind_port: ""

  51. 

  52. # The base container network. It will be auto-created by this role if it doesn't exist already.

  53. matrixto_container_network: "{{ matrixto_identifier }}"

  54. 

  55. # The port number in the container

  56. matrixto_container_http_port: 5000

  57. 

  58. # A list of additional container networks that the container would be connected to.

  59. # The role does not create these networks, so make sure they already exist.

  60. # Use this to expose this container to another reverse proxy, which runs in a different container network.

  61. matrixto_container_additional_networks: "{{ matrixto_container_additional_networks_auto + matrixto_container_additional_networks_custom }}"

  62. matrixto_container_additional_networks_auto: []

  63. matrixto_container_additional_networks_custom: []

  64. 

  65. # A list of additional "volumes" to mount in the container.

  66. # This list gets populated dynamically at runtime. You can provide a different default value,

  67. # if you wish to mount your own files into the container.

  68. # Contains definition objects like this: `{"type": "bind", "src": "/outside", "dst": "/inside", "options": "readonly"}.

  69. # See the `--mount` documentation for the `docker run` command.

  70. matrixto_container_additional_volumes: "{{ matrixto_container_additional_volumes_auto + matrixto_container_additional_volumes_custom }}"

  71. matrixto_container_additional_volumes_auto: []

  72. matrixto_container_additional_volumes_custom: []

  73. 

  74. # matrixto_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.

  75. # See `../templates/labels.j2` for details.

  76. #

  77. # To inject your own other container labels, see `matrixto_container_labels_additional_labels`.

  78. matrixto_container_labels_traefik_enabled: true

  79. matrixto_container_labels_traefik_docker_network: "{{ matrixto_container_network }}"

  80. matrixto_container_labels_traefik_hostname: "{{ matrixto_hostname }}"

  81. # The path prefix must either be `/` or not end with a slash (e.g. `/matrixto`).

  82. matrixto_container_labels_traefik_path_prefix: "{{ matrixto_path_prefix }}"

  83. matrixto_container_labels_traefik_rule: "Host(`{{ matrixto_container_labels_traefik_hostname }}`){% if matrixto_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrixto_container_labels_traefik_path_prefix }}`){% endif %}"

  84. matrixto_container_labels_traefik_priority: 0

  85. matrixto_container_labels_traefik_entrypoints: web-secure

  86. matrixto_container_labels_traefik_tls: "{{ matrixto_container_labels_traefik_entrypoints != 'web' }}"

  87. matrixto_container_labels_traefik_tls_certResolver: default  # noqa var-naming

  88. 

  89. # Controls which additional headers to attach to all HTTP requests.

  90. # To add your own custom request headers, use `matrixto_container_labels_traefik_additional_request_headers_custom`

  91. matrixto_container_labels_traefik_additional_request_headers: "{{ matrixto_container_labels_traefik_additional_request_headers_auto | combine(matrixto_container_labels_traefik_additional_request_headers_custom) }}"

  92. matrixto_container_labels_traefik_additional_request_headers_auto: {}

  93. matrixto_container_labels_traefik_additional_request_headers_custom: {}

  94. 

  95. # Controls which additional headers to attach to all HTTP responses.

  96. # To add your own custom response headers, use `matrixto_container_labels_traefik_additional_response_headers_custom`

  97. matrixto_container_labels_traefik_additional_response_headers: "{{ matrixto_container_labels_traefik_additional_response_headers_auto | combine(matrixto_container_labels_traefik_additional_response_headers_custom) }}"

  98. matrixto_container_labels_traefik_additional_response_headers_auto: |

  99.   {{

  100.     {}

  101.     | combine ({'X-XSS-Protection': matrixto_http_header_xss_protection} if matrixto_http_header_xss_protection else {})

  102.     | combine ({'X-Content-Type-Options': matrixto_http_header_content_type_options} if matrixto_http_header_content_type_options else {})

  103.     | combine ({'Content-Security-Policy': matrixto_http_header_content_security_policy} if matrixto_http_header_content_security_policy else {})

  104.     | combine ({'Permissions-Policy': matrixto_http_header_permissions_policy} if matrixto_http_header_permissions_policy else {})

  105.     | combine ({'Strict-Transport-Security': matrixto_http_header_strict_transport_security} if matrixto_http_header_strict_transport_security and matrixto_container_labels_traefik_tls else {})

  106.   }}

  107. matrixto_container_labels_traefik_additional_response_headers_custom: {}

  108. 

  109. # matrixto_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.

  110. # See `../templates/labels.j2` for details.

  111. #

  112. # Example:

  113. # matrixto_container_labels_additional_labels: |

  114. #   my.label=1

  115. #   another.label="here"

  116. matrixto_container_labels_additional_labels: ""

  117. 

  118. # A list of extra arguments to pass to the container (`docker run` command)

  119. matrixto_container_extra_arguments: []

  120. 

  121. # Specifies the value of the `X-XSS-Protection` header

  122. # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

  123. #

  124. # Learn more about it is here:

  125. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

  126. # - https://portswigger.net/web-security/cross-site-scripting/reflected

  127. matrixto_http_header_xss_protection: "1; mode=block"

  128. 

  129. # Specifies the value of the `X-Content-Type-Options` header.

  130. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

  131. matrixto_http_header_content_type_options: nosniff

  132. 

  133. # Specifies the value of the `Content-Security-Policy` header.

  134. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

  135. matrixto_http_header_content_security_policy: frame-ancestors 'self'

  136. 

  137. # Specifies the value of the `Permissions-Policy` header.

  138. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy

  139. matrixto_http_header_permissions_policy: "{{ 'interest-cohort=()' if matrixto_floc_optout_enabled else '' }}"

  140. 

  141. # Specifies the value of the `Strict-Transport-Security` header.

  142. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  143. matrixto_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrixto_hsts_preload_enabled else '' }}"

  144. 

  145. # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses

  146. #

  147. # Learn more about what it is here:

  148. # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

  149. # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network

  150. # - https://amifloced.org/

  151. #

  152. # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.

  153. # See: `matrixto_http_header_permissions_policy`

  154. matrixto_floc_optout_enabled: true

  155. 

  156. # Controls if HSTS preloading is enabled

  157. #

  158. # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and

  159. # indicates a willingness to be "preloaded" into browsers:

  160. # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

  161. # For more information visit:

  162. # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

  163. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  164. # - https://hstspreload.org/#opt-in

  165. # See: `matrixto_http_header_strict_transport_security`

  166. matrixto_hsts_preload_enabled: false

  167. 

  168. # List of systemd services that the Matrix.to systemd service depends on

  169. matrixto_systemd_required_services_list: "{{ matrixto_systemd_required_services_list_default + matrixto_systemd_required_services_list_auto + matrixto_systemd_required_services_list_custom }}"

  170. matrixto_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"

  171. matrixto_systemd_required_services_list_auto: []

  172. matrixto_systemd_required_services_list_custom: []

  173. 

  174. # List of systemd services that the Matrix.to systemd service wants

  175. matrixto_systemd_wanted_services_list: "{{ matrixto_systemd_wanted_services_list_default + matrixto_systemd_wanted_services_list_auto + matrixto_systemd_wanted_services_list_custom }}"

  176. matrixto_systemd_wanted_services_list_default: []

  177. matrixto_systemd_wanted_services_list_auto: []

  178. matrixto_systemd_wanted_services_list_custom: []

  179. 

  180. # Additional environment variables.

  181. matrixto_environment_variables_additional_variables: ""