overmind
/
matrix-docker-ansible-deploy
miroir de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Bifurcation 0
Code Tickets 0 Versions 0 Wiki Activité
Matrix Docker Ansible eploy
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
8613 Révisions
13 Branches
104 MiB
 
 
Aborescence: 8f9dfdee4e
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '8f9dfdee4e'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-client-cinny/defaults/main.yml

173 lignes
10 KiB
Brut Annotations Historique 

  1. ---

  2. # Project source code URL: https://github.com/ajbura/cinny

  3. 

  4. matrix_client_cinny_enabled: true

  5. 

  6. matrix_client_cinny_container_image_self_build: false

  7. matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"

  8. 

  9. # renovate: datasource=docker depName=ajbura/cinny

  10. matrix_client_cinny_version: v4.2.3

  11. matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"

  12. matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"

  13. matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

  14. 

  15. matrix_client_cinny_data_path: "{{ matrix_base_data_path }}/client-cinny"

  16. matrix_client_cinny_docker_src_files_path: "{{ matrix_client_cinny_data_path }}/docker-src"

  17. 

  18. # The base container network

  19. matrix_client_cinny_container_network: ''

  20. 

  21. # A list of additional container networks that the container would be connected to.

  22. # The role does not create these networks, so make sure they already exist.

  23. # Use this to expose this container to a reverse proxy, which runs in a different container network.

  24. matrix_client_cinny_container_additional_networks: []

  25. 

  26. # Controls whether the container exposes its HTTP port (tcp/8080 in the container).

  27. #

  28. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8768"), or empty string to not expose.

  29. matrix_client_cinny_container_http_host_bind_port: ''

  30. 

  31. 

  32. # matrix_client_cinny_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.

  33. # See `../templates/labels.j2` for details.

  34. #

  35. # To inject your own other container labels, see `matrix_client_cinny_container_labels_additional_labels`.

  36. matrix_client_cinny_container_labels_traefik_enabled: true

  37. matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_client_cinny_container_network }}"

  38. matrix_client_cinny_container_labels_traefik_hostname: "{{ matrix_client_cinny_hostname }}"

  39. # The path prefix must either be `/` or not end with a slash (e.g. `/cinny`).

  40. matrix_client_cinny_container_labels_traefik_path_prefix: "{{ matrix_client_cinny_path_prefix }}"

  41. matrix_client_cinny_container_labels_traefik_rule: "Host(`{{ matrix_client_cinny_container_labels_traefik_hostname }}`){% if matrix_client_cinny_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_client_cinny_container_labels_traefik_path_prefix }}`){% endif %}"

  42. matrix_client_cinny_container_labels_traefik_priority: 0

  43. matrix_client_cinny_container_labels_traefik_entrypoints: web-secure

  44. matrix_client_cinny_container_labels_traefik_tls: "{{ matrix_client_cinny_container_labels_traefik_entrypoints != 'web' }}"

  45. matrix_client_cinny_container_labels_traefik_tls_certResolver: default  # noqa var-naming

  46. 

  47. # Controls whether a compression middleware will be injected into the middlewares list.

  48. # This compression middleware is supposed to be defined elsewhere (using labels or a File provider, etc.) and is merely referenced by this router.

  49. matrix_client_cinny_container_labels_traefik_compression_middleware_enabled: false

  50. matrix_client_cinny_container_labels_traefik_compression_middleware_name: ""

  51. 

  52. # Controls which additional headers to attach to all HTTP responses.

  53. # To add your own headers, use `matrix_client_cinny_container_labels_traefik_additional_response_headers_custom`

  54. matrix_client_cinny_container_labels_traefik_additional_response_headers: "{{ matrix_client_cinny_container_labels_traefik_additional_response_headers_auto | combine(matrix_client_cinny_container_labels_traefik_additional_response_headers_custom) }}"

  55. matrix_client_cinny_container_labels_traefik_additional_response_headers_auto: |

  56.   {{

  57.     {}

  58.     | combine ({'X-XSS-Protection': matrix_client_cinny_http_header_xss_protection} if matrix_client_cinny_http_header_xss_protection else {})

  59.     | combine ({'X-Frame-Options': matrix_client_cinny_http_header_frame_options} if matrix_client_cinny_http_header_frame_options else {})

  60.     | combine ({'X-Content-Type-Options': matrix_client_cinny_http_header_content_type_options} if matrix_client_cinny_http_header_content_type_options else {})

  61.     | combine ({'Content-Security-Policy': matrix_client_cinny_http_header_content_security_policy} if matrix_client_cinny_http_header_content_security_policy else {})

  62.     | combine ({'Permission-Policy': matrix_client_cinny_http_header_content_permission_policy} if matrix_client_cinny_http_header_content_permission_policy else {})

  63.     | combine ({'Strict-Transport-Security': matrix_client_cinny_http_header_strict_transport_security} if matrix_client_cinny_http_header_strict_transport_security and matrix_client_cinny_container_labels_traefik_tls else {})

  64.   }}

  65. matrix_client_cinny_container_labels_traefik_additional_response_headers_custom: {}

  66. 

  67. # matrix_client_cinny_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.

  68. # See `../templates/labels.j2` for details.

  69. #

  70. # Example:

  71. # matrix_client_cinny_container_labels_additional_labels: |

  72. #   my.label=1

  73. #   another.label="here"

  74. matrix_client_cinny_container_labels_additional_labels: ''

  75. 

  76. # A list of extra arguments to pass to the container

  77. matrix_client_cinny_container_extra_arguments: []

  78. 

  79. # List of systemd services that matrix-client-cinny.service depends on

  80. matrix_client_cinny_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"

  81. 

  82. # Specifies the value of the `X-XSS-Protection` header

  83. # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

  84. #

  85. # Learn more about it is here:

  86. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

  87. # - https://portswigger.net/web-security/cross-site-scripting/reflected

  88. matrix_client_cinny_http_header_xss_protection: "1; mode=block"

  89. 

  90. # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.

  91. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

  92. matrix_client_cinny_http_header_frame_options: SAMEORIGIN

  93. 

  94. # Specifies the value of the `X-Content-Type-Options` header.

  95. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

  96. matrix_client_cinny_http_header_content_type_options: nosniff

  97. 

  98. # Specifies the value of the `Content-Security-Policy` header.

  99. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

  100. matrix_client_cinny_http_header_content_security_policy: frame-ancestors 'self'

  101. 

  102. # Specifies the value of the `Permission-Policy` header.

  103. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy

  104. matrix_client_cinny_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_cinny_floc_optout_enabled else '' }}"

  105. 

  106. # Specifies the value of the `Strict-Transport-Security` header.

  107. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  108. matrix_client_cinny_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_cinny_hsts_preload_enabled else '' }}"

  109. 

  110. # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses

  111. #

  112. # Learn more about what it is here:

  113. # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

  114. # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network

  115. # - https://amifloced.org/

  116. #

  117. # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.

  118. # See: `matrix_client_cinny_content_permission_policy`

  119. matrix_client_cinny_floc_optout_enabled: true

  120. 

  121. # Controls if HSTS preloading is enabled

  122. #

  123. # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and

  124. # indicates a willingness to be "preloaded" into browsers:

  125. # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

  126. # For more information visit:

  127. # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

  128. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  129. # - https://hstspreload.org/#opt-in

  130. # See: `matrix_client_cinny_http_header_strict_transport_security`

  131. matrix_client_cinny_hsts_preload_enabled: false

  132. 

  133. matrix_client_cinny_scheme: https

  134. 

  135. # The hostname at which Cinny is served.

  136. # Only works with with Traefik reverse-proxying.

  137. matrix_client_cinny_hostname: "{{ matrix_server_fqn_cinny }}"

  138. 

  139. # The path at which Cinny is exposed.

  140. # This value must either be `/` or not end with a slash (e.g. `/cinny`).

  141. matrix_client_cinny_path_prefix: /

  142. 

  143. # Controls whether the self-check feature should validate SSL certificates.

  144. matrix_client_cinny_self_check_validate_certificates: true

  145. 

  146. # config.json

  147. matrix_client_cinny_default_hs_url: ""

  148. 

  149. # Default Cinny configuration template which covers the generic use case.

  150. # You can customize it by controlling the various variables inside it.

  151. #

  152. # For a more advanced customization, you can extend the default (see `matrix_client_cinny_configuration_extension_json`)

  153. # or completely replace this variable with your own template.

  154. #

  155. # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.

  156. # This is unlike what it does when looking up YAML template files (no automatic parsing there).

  157. matrix_client_cinny_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"

  158. 

  159. # Your custom JSON configuration for Cinny should go to `matrix_client_cinny_configuration_extension_json`.

  160. # This configuration extends the default starting configuration (`matrix_client_cinny_configuration_default`).

  161. #

  162. # You can override individual variables from the default configuration, or introduce new ones.

  163. #

  164. # If you need something more special, you can take full control by

  165. # completely redefining `matrix_client_cinny_configuration_default`.

  166. matrix_client_cinny_configuration_extension_json: '{}'

  167. 

  168. matrix_client_cinny_configuration_extension: "{{ matrix_client_cinny_configuration_extension_json | from_json if matrix_client_cinny_configuration_extension_json | from_json is mapping else {} }}"

  169. 

  170. # Holds the final Cinny configuration (a combination of the default and its extension).

  171. # You most likely don't need to touch this variable. Instead, see `matrix_client_cinny_configuration_default`.

  172. matrix_client_cinny_configuration: "{{ matrix_client_cinny_configuration_default | combine(matrix_client_cinny_configuration_extension, recursive=True) }}"