overmind
/
matrix-docker-ansible-deploy
şunun yansıması https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Çatalla 0
Kod Konular 0 Sürümler 0 Wiki Aktivite
Matrix Docker Ansible eploy
25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
8122 İşleme
13 Dallar
36 MiB
 
 
Ağaç: 9dbee212d8
Dallar Biçim İmleri
${ item.name }
${ searchTerm } dalı oluştur
'9dbee212d8'den
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-element-call/defaults/main.yml

135 satır
7.9 KiB
Ham Suçlama Geçmiş 

  1. ---

  2. # Enable or disable matrix-element-call deployment

  3. matrix_element_call_enabled: false

  4. 

  5. # Base path configuration

  6. matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call"

  7. matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config"

  8. matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend"

  9. matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml"

  10. element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client"

  11. 

  12. # Docker network configuration

  13. matrix_element_call_container_network: ''

  14. matrix_element_call_container_http_host_bind_port: ''

  15. matrix_element_call_container_additional_networks: []  # No additional networks by default

  16. 

  17. # Docker images

  18. matrix_element_call_image: "ghcr.io/element-hq/element-call:latest"

  19. matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci"

  20. matrix_livekit_image: "livekit/livekit-server:latest"

  21. redis_image: "redis:6-alpine"

  22. 

  23. # Ports

  24. matrix_element_call_port: "8093"

  25. matrix_jwt_service_port: "8881"

  26. redis_port: "6379"

  27. 

  28. # LiveKit configuration

  29. matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}"  # Must be defined in host_vars

  30. matrix_element_call_jwt_secret:  "{{ matrix_jwt_secret }}"  # Must be defined in host_vars

  31. matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_domain }}:443"

  32. matrix_element_call_livekit_hostname: "sfu.{{ matrix_domain }}"

  33. 

  34. # jwt configuration 

  35. matrix_element_call_jwt_hostname: "sfu-jwt.{{ matrix_domain }}"

  36. 

  37. # Well-known paths and domains (derived from matrix_domain)

  38. matrix_element_call_domain: "call.{{ matrix_domain }}"

  39. matrix_element_call_well_known_client_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client"

  40. matrix_element_call_well_known_element_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/element/element.json"

  41. matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}"

  42. 

  43. # Redis Configuration for Element Call

  44. redis_hostname: "localhost"

  45. #redis_port: 6379

  46. redis_password: ""

  47. 

  48. # Traefik Configuration for Element Call

  49. matrix_element_call_container_labels_traefik_enabled: true

  50. matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_callcontainer_network }}"

  51. matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_domain }}"

  52. # The path prefix must either be `/` or not end with a slash (e.g. `/element`).

  53. matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_callpath_prefix }}"

  54. matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}"

  55. matrix_element_call_container_labels_traefik_priority: 0

  56. matrix_element_call_container_labels_traefik_entrypoints: web-secure

  57. matrix_element_call_container_labels_traefik_tls: "{{ matrix_element_call_container_labels_traefik_entrypoints != 'web' }}"

  58. matrix_element_call_container_labels_traefik_tls_certResolver: default  # noqa var-naming

  59. 

  60. # Controls which additional headers to attach to all HTTP responses.

  61. # To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom`

  62. matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}"

  63. matrix_element_call_container_labels_traefik_additional_response_headers_auto: |

  64.   {{

  65.     {}

  66.     | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {})

  67.     | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {})

  68.     | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {})

  69.     | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {})

  70.     | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {})

  71.     | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {})

  72.   }}

  73. matrix_element_call_container_labels_traefik_additional_response_headers_custom: {}

  74. 

  75. # Additional environment variables for the container

  76. matrix_element_call_environment_variables_additional: {}

  77. 

  78. # List of systemd services that matrix-client-element.service depends on

  79. matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"

  80. 

  81. # Specifies the value of the `X-XSS-Protection` header

  82. # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

  83. #

  84. # Learn more about it is here:

  85. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

  86. # - https://portswigger.net/web-security/cross-site-scripting/reflected

  87. matrix_element_call_http_header_xss_protection: "1; mode=block"

  88. 

  89. # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.

  90. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

  91. matrix_element_call_http_header_frame_options: SAMEORIGIN

  92. 

  93. # Specifies the value of the `X-Content-Type-Options` header.

  94. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

  95. matrix_element_call_http_header_content_type_options: nosniff

  96. 

  97. # Specifies the value of the `Content-Security-Policy` header.

  98. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

  99. matrix_element_call_http_header_content_security_policy: frame-ancestors 'self'

  100. 

  101. # Specifies the value of the `Permission-Policy` header.

  102. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy

  103. matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_callfloc_optout_enabled else '' }}"

  104. 

  105. # Specifies the value of the `Strict-Transport-Security` header.

  106. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  107. matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_callhsts_preload_enabled else '' }}"

  108. 

  109. # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses

  110. #

  111. # Learn more about what it is here:

  112. # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

  113. # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network

  114. # - https://amifloced.org/

  115. #

  116. # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.

  117. # See: `matrix_element_callcontent_permission_policy`

  118. matrix_element_callfloc_optout_enabled: true

  119. 

  120. # Controls if HSTS preloading is enabled

  121. #

  122. # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and

  123. # indicates a willingness to be "preloaded" into browsers:

  124. # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

  125. # For more information visit:

  126. # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

  127. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  128. # - https://hstspreload.org/#opt-in

  129. # See: `matrix_element_call_http_header_strict_transport_security`

  130. matrix_element_callhsts_preload_enabled: false

  131. 

  132. # Enable or disable metrics collection

  133. matrix_element_call_metrics_enabled: false

  134. matrix_element_call_metrics_port: 2112