overmind
/
matrix-docker-ansible-deploy
дзеркало https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Форк 0
Код Проблеми 0 Релізи 0 Вікі Активність
Matrix Docker Ansible eploy
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
8124 Коміти
13 Гілки
36 MiB
 
 
Дерево: f762048a8d
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'f762048a8d'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-element-call/defaults/main.yml

147 рядки
8.4 KiB
Неформатований Звинувачення Історія 

  1. ---

  2. # Enable or disable matrix-element-call deployment

  3. matrix_element_call_enabled: false

  4. 

  5. # Base path configuration

  6. matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call"

  7. matrix_element_call_config_path: "{{ matrix_element_call_base_path }}/config"

  8. matrix_element_call_backend_path: "{{ matrix_element_call_base_path }}/backend"

  9. matrix_homeserver_config_path: "{{ matrix_base_data_path }}/synapse/config/homeserver.yaml"

  10. element_web_config_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client"

  11. 

  12. # Docker network configuration

  13. matrix_element_call_container_network: ''

  14. matrix_element_call_container_http_host_bind_port: ''

  15. matrix_element_call_container_additional_networks: []  # No additional networks by default

  16. 

  17. # Docker images

  18. matrix_element_call_image: "ghcr.io/element-hq/element-call:latest"

  19. matrix_jwt_service_image: "ghcr.io/element-hq/lk-jwt-service:latest-ci"

  20. matrix_livekit_image: "livekit/livekit-server:latest"

  21. redis_image: "redis:6-alpine"

  22. 

  23. # Ports

  24. matrix_element_call_port: "8093"

  25. matrix_jwt_service_port: "8881"

  26. redis_port: "6379"

  27. 

  28. # LiveKit configuration

  29. matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}"  # Must be defined in host_vars

  30. matrix_element_call_jwt_secret:  "{{ matrix_jwt_secret }}"  # Must be defined in host_vars

  31. matrix_element_call_livekit_service_url: "wss://sfu.{{ matrix_domain }}:443"

  32. matrix_element_call_livekit_hostname: "sfu.{{ matrix_domain }}"

  33. 

  34. # jwt configuration 

  35. matrix_element_call_jwt_hostname: "sfu-jwt.{{ matrix_domain }}"

  36. 

  37. # Well-known paths and domains (derived from matrix_domain)

  38. matrix_element_call_domain: "call.{{ matrix_domain }}"

  39. matrix_element_call_well_known_client_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/matrix/client"

  40. matrix_element_call_well_known_element_path: "{{ matrix_base_data_path }}/static-files/public/.well-known/element/element.json"

  41. matrix_element_call_base_url: "https://{{ matrix_element_call_domain }}"

  42. 

  43. # Redis Configuration for Element Call

  44. redis_hostname: "localhost"

  45. #redis_port: 6379

  46. redis_password: ""

  47. 

  48. # Traefik Configuration for Element Call

  49. matrix_element_call_container_labels_traefik_enabled: true

  50. matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_element_callcontainer_network }}"

  51. matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_domain }}"

  52. # The path prefix must either be `/` or not end with a slash (e.g. `/element`).

  53. matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}"

  54. matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`){% if matrix_element_call_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_call_container_labels_traefik_path_prefix }}`){% endif %}"

  55. matrix_element_call_container_labels_traefik_priority: 0

  56. matrix_element_call_container_labels_traefik_entrypoints: web-secure

  57. matrix_element_call_container_labels_traefik_tls: "{{ matrix_element_call_container_labels_traefik_entrypoints != 'web' }}"

  58. matrix_element_call_container_labels_traefik_tls_certResolver: default  # noqa var-naming

  59. 

  60. # Controls which additional headers to attach to all HTTP responses.

  61. # To add your own headers, use `matrix_element_call_container_labels_traefik_additional_response_headers_custom`

  62. matrix_element_call_container_labels_traefik_additional_response_headers: "{{ matrix_element_call_container_labels_traefik_additional_response_headers_auto | combine(matrix_element_call_container_labels_traefik_additional_response_headers_custom) }}"

  63. matrix_element_call_container_labels_traefik_additional_response_headers_auto: |

  64.   {{

  65.     {}

  66.     | combine ({'X-XSS-Protection': matrix_element_call_http_header_xss_protection} if matrix_element_call_http_header_xss_protection else {})

  67.     | combine ({'X-Frame-Options': matrix_element_call_http_header_frame_options} if matrix_element_call_http_header_frame_options else {})

  68.     | combine ({'X-Content-Type-Options': matrix_element_call_http_header_content_type_options} if matrix_element_call_http_header_content_type_options else {})

  69.     | combine ({'Content-Security-Policy': matrix_element_call_http_header_content_security_policy} if matrix_element_call_http_header_content_security_policy else {})

  70.     | combine ({'Permission-Policy': matrix_element_call_http_header_content_permission_policy} if matrix_element_call_http_header_content_permission_policy else {})

  71.     | combine ({'Strict-Transport-Security': matrix_element_call_http_header_strict_transport_security} if matrix_element_call_http_header_strict_transport_security and matrix_element_call_container_labels_traefik_tls else {})

  72.   }}

  73. matrix_element_call_container_labels_traefik_additional_response_headers_custom: {}

  74. 

  75. # matrix_client_element_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.

  76. # See `../templates/labels.j2` for details.

  77. #

  78. # Example:

  79. # matrix_client_element_container_labels_additional_labels: |

  80. #   my.label=1

  81. #   another.label="here"

  82. matrix_element_call_container_labels_additional_labels: ''

  83. 

  84. # A list of extra arguments to pass to the container

  85. matrix_element_call_container_extra_arguments: []

  86. 

  87. # Additional environment variables for the container

  88. matrix_element_call_environment_variables_additional: {}

  89. 

  90. # List of systemd services that matrix-client-element.service depends on

  91. matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"

  92. 

  93. # Specifies the value of the `X-XSS-Protection` header

  94. # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

  95. #

  96. # Learn more about it is here:

  97. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

  98. # - https://portswigger.net/web-security/cross-site-scripting/reflected

  99. matrix_element_call_http_header_xss_protection: "1; mode=block"

  100. 

  101. # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.

  102. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

  103. matrix_element_call_http_header_frame_options: SAMEORIGIN

  104. 

  105. # Specifies the value of the `X-Content-Type-Options` header.

  106. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

  107. matrix_element_call_http_header_content_type_options: nosniff

  108. 

  109. # Specifies the value of the `Content-Security-Policy` header.

  110. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

  111. matrix_element_call_http_header_content_security_policy: frame-ancestors 'self'

  112. 

  113. # Specifies the value of the `Permission-Policy` header.

  114. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy

  115. matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_callfloc_optout_enabled else '' }}"

  116. 

  117. # Specifies the value of the `Strict-Transport-Security` header.

  118. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  119. matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_callhsts_preload_enabled else '' }}"

  120. 

  121. # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses

  122. #

  123. # Learn more about what it is here:

  124. # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

  125. # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network

  126. # - https://amifloced.org/

  127. #

  128. # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.

  129. # See: `matrix_element_callcontent_permission_policy`

  130. matrix_element_callfloc_optout_enabled: true

  131. 

  132. # Controls if HSTS preloading is enabled

  133. #

  134. # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and

  135. # indicates a willingness to be "preloaded" into browsers:

  136. # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

  137. # For more information visit:

  138. # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

  139. # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

  140. # - https://hstspreload.org/#opt-in

  141. # See: `matrix_element_call_http_header_strict_transport_security`

  142. matrix_element_callhsts_preload_enabled: false

  143. 

  144. # Enable or disable metrics collection

  145. matrix_element_call_metrics_enabled: false

  146. matrix_element_call_metrics_port: 2112