Merge branch 'master' into pub.solar
This commit is contained in:
commit
03ef77fb07
22 changed files with 385 additions and 310 deletions
4
.github/workflows/matrix.yml
vendored
4
.github/workflows/matrix.yml
vendored
|
@ -13,7 +13,7 @@ jobs:
|
|||
- name: Check out
|
||||
uses: actions/checkout@v3
|
||||
- name: Run yamllint
|
||||
uses: frenck/action-yamllint@v1.4.0
|
||||
uses: frenck/action-yamllint@v1.4.1
|
||||
ansible-lint:
|
||||
name: ansible-lint
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -21,6 +21,6 @@ jobs:
|
|||
- name: Check out
|
||||
uses: actions/checkout@v3
|
||||
- name: Run ansible-lint
|
||||
uses: ansible-community/ansible-lint-action@v6.15.0
|
||||
uses: ansible-community/ansible-lint-action@v6.16.0
|
||||
with:
|
||||
path: roles/custom
|
||||
|
|
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -1,3 +1,17 @@
|
|||
# 2023-05-25
|
||||
|
||||
## Enabling `forget_rooms_on_leave` by default for Synapse
|
||||
|
||||
With the [Synapse v1.84.0 update](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2698), we've also **changed the default value** of the `forget_rooms_on_leave` setting of Synapse to a value of `true`.
|
||||
This way, **when you leave a room, Synapse will now forget it automatically**.
|
||||
|
||||
The upstream Synapse default is `false` (disabled), so that you must forget rooms manually after leaving.
|
||||
|
||||
**We go against the upstream default** ([somewhat controversially](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2700)) in an effort to make Synapse leaner and potentially do what we believe most users would expect their homeserver to be doing.
|
||||
|
||||
If you'd like to go back to the old behavior, add the following to your configuration: `matrix_synapse_forget_rooms_on_leave: false`
|
||||
|
||||
|
||||
# 2023-04-03
|
||||
|
||||
## The matrix-jitsi role lives independently now
|
||||
|
|
|
@ -14,6 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
|
|||
```yaml
|
||||
matrix_bot_honoroit_enabled: true
|
||||
|
||||
# Uncomment and adjust if you'd like to change the hostname or path
|
||||
# matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
# matrix_bot_honoroit_path_prefix: /honoroit
|
||||
|
||||
# Uncomment and adjust this part if you'd like to use a username different than the default
|
||||
# matrix_bot_honoroit_login: honoroit
|
||||
|
||||
|
|
|
@ -153,14 +153,14 @@ devture_traefik_additional_entrypoints_auto:
|
|||
port: 8449
|
||||
host_bind_port: '127.0.0.1:8449'
|
||||
config: {}
|
||||
# If your reverse-proxy runs on another machine, remove the config above and use this config instead:
|
||||
# config:
|
||||
# forwardedHeaders:
|
||||
# insecure: true
|
||||
# # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
|
||||
# If your reverse-proxy runs on another machine, remove the config above and use this config instead:
|
||||
# config:
|
||||
# forwardedHeaders:
|
||||
# insecure: true
|
||||
# # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
|
||||
```
|
||||
|
||||
For an example where the playbook's Traefik reverse-proxy is fronted by [Nginx](https://nginx.org/) running on the same server, see [Nginx reverse-proxy fronting the playbook's Traefik](../examples/nginx/README.md).
|
||||
For an example where the playbook's Traefik reverse-proxy is fronted by another reverse-proxy running on the same server, see [Nginx reverse-proxy fronting the playbook's Traefik](../examples/nginx/README.md) or [Caddy reverse-proxy fronting the playbook's Traefik](../examples/caddy2/README.md).
|
||||
|
||||
|
||||
### Using no reverse-proxy on the Matrix side at all
|
||||
|
|
|
@ -1,112 +1,10 @@
|
|||
(cors) {
|
||||
@cors_preflight method OPTIONS
|
||||
|
||||
handle @cors_preflight {
|
||||
header Access-Control-Allow-Origin "{args.0}"
|
||||
header Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE"
|
||||
header Access-Control-Allow-Headers "Content-Type, Authorization"
|
||||
header Access-Control-Max-Age "3600"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
matrix.DOMAIN.tld {
|
||||
|
||||
# creates letsencrypt certificate
|
||||
# tls your@email.com
|
||||
|
||||
@identity {
|
||||
path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@noidentity {
|
||||
not path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@search {
|
||||
path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@nosearch {
|
||||
not path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@static {
|
||||
path /matrix/static-files/*
|
||||
}
|
||||
|
||||
@nostatic {
|
||||
not path /matrix/static-files/*
|
||||
}
|
||||
|
||||
@wellknown {
|
||||
path /.well-known/matrix/*
|
||||
}
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
# Cache
|
||||
header @static {
|
||||
# Cache
|
||||
Cache-Control "public, max-age=31536000"
|
||||
defer
|
||||
}
|
||||
|
||||
# identity
|
||||
handle @identity {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
# search
|
||||
handle @search {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
handle @wellknown {
|
||||
encode zstd gzip
|
||||
root * /matrix/static-files
|
||||
header Cache-Control max-age=14400
|
||||
header Content-Type application/json
|
||||
header Access-Control-Allow-Origin *
|
||||
file_server
|
||||
}
|
||||
|
||||
# If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the base domain
|
||||
#handle @wellknown {
|
||||
# # .well-known is handled by base domain
|
||||
# reverse_proxy https://DOMAIN.tld {
|
||||
# header_up Host {http.reverse_proxy.upstream.hostport}
|
||||
#}
|
||||
matrix.example.tld {
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8008 {
|
||||
reverse_proxy localhost:81 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
|
@ -114,13 +12,12 @@ matrix.DOMAIN.tld {
|
|||
}
|
||||
}
|
||||
|
||||
matrix.DOMAIN.tld:8448 {
|
||||
matrix.example.tld:8448 {
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy 127.0.0.1:8048 {
|
||||
reverse_proxy 127.0.0.1:8449 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
|
@ -128,142 +25,16 @@ matrix.DOMAIN.tld:8448 {
|
|||
}
|
||||
}
|
||||
|
||||
element.DOMAIN.tld {
|
||||
|
||||
# creates letsencrypt certificate
|
||||
# tls your@email.com
|
||||
|
||||
import cors https://*.DOMAIN.tld
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# If using integrations that add frames to Element, such as Dimension and its integrations running on the same domain, it can be a good idea to limit sources allowed to be rendered
|
||||
# Content-Security-Policy frame-src https://*.DOMAIN.tld
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8765 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
#dimension.DOMAIN.tld {
|
||||
#
|
||||
# # creates letsencrypt certificate
|
||||
# # tls your@email.com
|
||||
#
|
||||
# import cors https://*.DOMAIN.tld
|
||||
#
|
||||
# header {
|
||||
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
# X-XSS-Protection "1; mode=block"
|
||||
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
# X-Content-Type-Options "nosniff"
|
||||
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain (clickjacking protection)
|
||||
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
||||
# # X-Robots-Tag
|
||||
# X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
# }
|
||||
#
|
||||
# handle {
|
||||
# encode zstd gzip
|
||||
#
|
||||
# reverse_proxy localhost:8184 {
|
||||
# header_up X-Forwarded-Port {http.request.port}
|
||||
# header_up X-Forwarded-Proto {http.request.scheme}
|
||||
# header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
# header_up X-Forwarded-HttpsProto {proto}
|
||||
# }
|
||||
# }
|
||||
#}
|
||||
|
||||
|
||||
#jitsi.DOMAIN.tld {
|
||||
#
|
||||
# creates letsencrypt certificate
|
||||
# tls your@email.com
|
||||
#
|
||||
# import cors https://*.DOMAIN.tld
|
||||
#
|
||||
# header {
|
||||
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
#
|
||||
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
# X-XSS-Protection "1; mode=block"
|
||||
#
|
||||
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
# X-Content-Type-Options "nosniff"
|
||||
|
||||
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain
|
||||
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
||||
#
|
||||
# # Disable some features
|
||||
# Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
|
||||
#
|
||||
# # Referer
|
||||
# Referrer-Policy "no-referrer"
|
||||
#
|
||||
# # X-Robots-Tag
|
||||
# X-Robots-Tag "none"
|
||||
#
|
||||
# # Remove Server header
|
||||
# -Server
|
||||
# }
|
||||
#
|
||||
# handle {
|
||||
# encode zstd gzip
|
||||
#
|
||||
# reverse_proxy 127.0.0.1:13080 {
|
||||
# header_up X-Forwarded-Port {http.request.port}
|
||||
# header_up X-Forwarded-Proto {http.request.scheme}
|
||||
# header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
# header_up X-Forwarded-HttpsProto {proto}
|
||||
# }
|
||||
# }
|
||||
#}
|
||||
#DOMAIN.com {
|
||||
example.tld {
|
||||
# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
|
||||
# @wellknown {
|
||||
# path /.well-known/matrix/*
|
||||
# }
|
||||
#
|
||||
# handle @wellknown {
|
||||
# reverse_proxy https://matrix.DOMAIN.com {
|
||||
# header_up Host {http.reverse_proxy.upstream.hostport}
|
||||
# }
|
||||
# }
|
||||
# # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the matrix subdomain
|
||||
# # handle /.well-known/* {
|
||||
# # encode zstd gzip
|
||||
# # header Cache-Control max-age=14400
|
||||
# # header Content-Type application/json
|
||||
# # header Access-Control-Allow-Origin *
|
||||
# #}
|
||||
#
|
||||
# # Configration for the base domain goes here
|
||||
# # handle {
|
||||
# # header -Server
|
||||
# # encode zstd gzip
|
||||
# # reverse_proxy localhost:4020
|
||||
# # }
|
||||
#}
|
||||
@wellknown {
|
||||
path /.well-known/matrix/*
|
||||
}
|
||||
|
||||
handle @wellknown {
|
||||
reverse_proxy https://matrix.example.tld {
|
||||
header_up Host {http.reverse_proxy.upstream.hostport}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
269
examples/caddy2/Caddyfile.deprecated
Normal file
269
examples/caddy2/Caddyfile.deprecated
Normal file
|
@ -0,0 +1,269 @@
|
|||
(cors) {
|
||||
@cors_preflight method OPTIONS
|
||||
|
||||
handle @cors_preflight {
|
||||
header Access-Control-Allow-Origin "{args.0}"
|
||||
header Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE"
|
||||
header Access-Control-Allow-Headers "Content-Type, Authorization"
|
||||
header Access-Control-Max-Age "3600"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
matrix.DOMAIN.tld {
|
||||
|
||||
# creates letsencrypt certificate
|
||||
# tls your@email.com
|
||||
|
||||
@identity {
|
||||
path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@noidentity {
|
||||
not path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@search {
|
||||
path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@nosearch {
|
||||
not path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@static {
|
||||
path /matrix/static-files/*
|
||||
}
|
||||
|
||||
@nostatic {
|
||||
not path /matrix/static-files/*
|
||||
}
|
||||
|
||||
@wellknown {
|
||||
path /.well-known/matrix/*
|
||||
}
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
# Cache
|
||||
header @static {
|
||||
# Cache
|
||||
Cache-Control "public, max-age=31536000"
|
||||
defer
|
||||
}
|
||||
|
||||
# identity
|
||||
handle @identity {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
# search
|
||||
handle @search {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
handle @wellknown {
|
||||
encode zstd gzip
|
||||
root * /matrix/static-files
|
||||
header Cache-Control max-age=14400
|
||||
header Content-Type application/json
|
||||
header Access-Control-Allow-Origin *
|
||||
file_server
|
||||
}
|
||||
|
||||
# If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the base domain
|
||||
#handle @wellknown {
|
||||
# # .well-known is handled by base domain
|
||||
# reverse_proxy https://DOMAIN.tld {
|
||||
# header_up Host {http.reverse_proxy.upstream.hostport}
|
||||
#}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8008 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
matrix.DOMAIN.tld:8448 {
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy 127.0.0.1:8048 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
element.DOMAIN.tld {
|
||||
|
||||
# creates letsencrypt certificate
|
||||
# tls your@email.com
|
||||
|
||||
import cors https://*.DOMAIN.tld
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# If using integrations that add frames to Element, such as Dimension and its integrations running on the same domain, it can be a good idea to limit sources allowed to be rendered
|
||||
# Content-Security-Policy frame-src https://*.DOMAIN.tld
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8765 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
#dimension.DOMAIN.tld {
|
||||
#
|
||||
# # creates letsencrypt certificate
|
||||
# # tls your@email.com
|
||||
#
|
||||
# import cors https://*.DOMAIN.tld
|
||||
#
|
||||
# header {
|
||||
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
# X-XSS-Protection "1; mode=block"
|
||||
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
# X-Content-Type-Options "nosniff"
|
||||
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain (clickjacking protection)
|
||||
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
||||
# # X-Robots-Tag
|
||||
# X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
# }
|
||||
#
|
||||
# handle {
|
||||
# encode zstd gzip
|
||||
#
|
||||
# reverse_proxy localhost:8184 {
|
||||
# header_up X-Forwarded-Port {http.request.port}
|
||||
# header_up X-Forwarded-Proto {http.request.scheme}
|
||||
# header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
# header_up X-Forwarded-HttpsProto {proto}
|
||||
# }
|
||||
# }
|
||||
#}
|
||||
|
||||
|
||||
#jitsi.DOMAIN.tld {
|
||||
#
|
||||
# creates letsencrypt certificate
|
||||
# tls your@email.com
|
||||
#
|
||||
# import cors https://*.DOMAIN.tld
|
||||
#
|
||||
# header {
|
||||
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
#
|
||||
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
# X-XSS-Protection "1; mode=block"
|
||||
#
|
||||
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
# X-Content-Type-Options "nosniff"
|
||||
|
||||
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain
|
||||
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
||||
#
|
||||
# # Disable some features
|
||||
# Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
|
||||
#
|
||||
# # Referer
|
||||
# Referrer-Policy "no-referrer"
|
||||
#
|
||||
# # X-Robots-Tag
|
||||
# X-Robots-Tag "none"
|
||||
#
|
||||
# # Remove Server header
|
||||
# -Server
|
||||
# }
|
||||
#
|
||||
# handle {
|
||||
# encode zstd gzip
|
||||
#
|
||||
# reverse_proxy 127.0.0.1:13080 {
|
||||
# header_up X-Forwarded-Port {http.request.port}
|
||||
# header_up X-Forwarded-Proto {http.request.scheme}
|
||||
# header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
# header_up X-Forwarded-HttpsProto {proto}
|
||||
# }
|
||||
# }
|
||||
#}
|
||||
#DOMAIN.com {
|
||||
# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
|
||||
# @wellknown {
|
||||
# path /.well-known/matrix/*
|
||||
# }
|
||||
#
|
||||
# handle @wellknown {
|
||||
# reverse_proxy https://matrix.DOMAIN.com {
|
||||
# header_up Host {http.reverse_proxy.upstream.hostport}
|
||||
# }
|
||||
# }
|
||||
# # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the matrix subdomain
|
||||
# # handle /.well-known/* {
|
||||
# # encode zstd gzip
|
||||
# # header Cache-Control max-age=14400
|
||||
# # header Content-Type application/json
|
||||
# # header Access-Control-Allow-Origin *
|
||||
# #}
|
||||
#
|
||||
# # Configration for the base domain goes here
|
||||
# # handle {
|
||||
# # header -Server
|
||||
# # encode zstd gzip
|
||||
# # reverse_proxy localhost:4020
|
||||
# # }
|
||||
#}
|
|
@ -1,12 +1,20 @@
|
|||
# Caddyfile
|
||||
# Caddy reverse-proxy fronting the playbook's integrated Traefik reverse-proxy
|
||||
|
||||
This directory contains sample files that show you how to do reverse-proxying using Caddy2.
|
||||
This directory contains a sample config that shows you how to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with your own [Caddy](https://caddyserver.com/) reverse-proxy.
|
||||
|
||||
## Config
|
||||
|
||||
| Variable | Function |
|
||||
| ------------------ | -------- |
|
||||
| tls your@email.com | Specify an email address for your [ACME account](https://caddyserver.com/docs/caddyfile/directives/tls) (but if only one email is used for all sites, we recommend the email [global option](https://caddyserver.com/docs/caddyfile/options) instead) |
|
||||
| tls | To enable [tls](https://caddyserver.com/docs/caddyfile/directives/tls) support uncomment the lines for tls |
|
||||
| Dimension | To enable Dimension support uncomment the lines for Dimension and set your data |
|
||||
| Jitsi | To enable Jitsi support uncomment the lines for Jitsi and set your data |
|
||||
## Prerequisite configuration
|
||||
|
||||
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
|
||||
|
||||
|
||||
## Using the Caddyfile
|
||||
|
||||
You can either just use the [Caddyfile](Caddyfile) directly or append its content to your own Caddyfile.
|
||||
In both cases make sure to replace all the `example.tld` domains with your own domain.
|
||||
|
||||
This example does not include additional services like element, but you should be able copy the first block and replace the matrix subdomain with the additional services subdomain. I have not tested this though.
|
||||
|
||||
# Caddyfile.deprecated
|
||||
|
||||
This can be used as a [Caddy](https://caddyserver.com/) reverse-proxy without intermediary playbook managed reverse proxy. However, this setup is not supported by the playbook anymore. Instead [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) as described above.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Nginx reverse-proxy fronting the playbook's integrated Traefik reverse-proxy
|
||||
|
||||
This directory contains a sample config that shows you how use the [nginx](https://nginx.org/) webserver to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with another reverse-proxy.
|
||||
This directory contains a sample config that shows you how to use the [nginx](https://nginx.org/) webserver to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with another reverse-proxy.
|
||||
|
||||
|
||||
## Prerequisite configuration
|
||||
|
|
|
@ -210,25 +210,25 @@ devture_systemd_service_manager_services_list_auto: |
|
|||
{{
|
||||
([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron']}] if matrix_bot_buscarron_enabled else [])
|
||||
([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron', 'bot-buscarron']}] if matrix_bot_buscarron_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb']}] if matrix_bot_go_neb_enabled else [])
|
||||
([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb', 'bot-go-neb']}] if matrix_bot_go_neb_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit']}] if matrix_bot_honoroit_enabled else [])
|
||||
([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit', 'bot-honoroit']}] if matrix_bot_honoroit_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
|
||||
([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot', 'bot-matrix-registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
|
||||
([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot', 'bot-matrix-reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot']}] if matrix_bot_maubot_enabled else [])
|
||||
([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot', 'bot-maubot']}] if matrix_bot_maubot_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-mjolnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'mjolnir']}] if matrix_bot_mjolnir_enabled else [])
|
||||
([{'name': 'matrix-bot-mjolnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'mjolnir', 'bot-mjolnir']}] if matrix_bot_mjolnir_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir']}] if matrix_bot_draupnir_enabled else [])
|
||||
([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir', 'bot-draupnir']}] if matrix_bot_draupnir_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-postmoogle.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else [])
|
||||
([{'name': 'matrix-bot-postmoogle.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'postmoogle', 'bot-postmoogle']}] if matrix_bot_postmoogle_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt']}] if matrix_bot_chatgpt_enabled else [])
|
||||
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt', 'bot-chatgpt']}] if matrix_bot_chatgpt_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
|
||||
+
|
||||
|
@ -1653,8 +1653,15 @@ matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic
|
|||
|
||||
# We don't enable bots by default.
|
||||
matrix_bot_honoroit_enabled: false
|
||||
|
||||
matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
matrix_bot_honoroit_path_prefix: /honoroit
|
||||
|
||||
# For consistency with other things hosted at the matrix FQN, we adjust the metrics endpoint
|
||||
# so that metrics would be served at `/metrics/SERVICE_NAME`, and not at the default path for the role (`PREFIX/metrics`).
|
||||
matrix_bot_honoroit_container_labels_traefik_metrics_path: /metrics/honoroit
|
||||
|
||||
matrix_bot_honoroit_systemd_required_services_list: |
|
||||
{{
|
||||
['docker.service']
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
|
||||
version: v1.0.0-0
|
||||
version: v1.0.0-1
|
||||
name: aux
|
||||
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
|
||||
version: v1.2.4-1.7.12-2
|
||||
version: v1.2.4-1.7.13-0
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
||||
version: v0.1.1-2
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
||||
|
@ -16,7 +16,7 @@
|
|||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
|
||||
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
|
||||
version: 38764398bf82b06a1736c3bfedc71dfd229e4b52
|
||||
version: v15.3-0
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
|
||||
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
|
||||
|
@ -26,7 +26,7 @@
|
|||
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
|
||||
version: v1.0.0-0
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
|
||||
version: v2.9.10-2
|
||||
version: v2.10.1-0
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
|
||||
version: v2.8.1-0
|
||||
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
|
||||
|
@ -40,13 +40,14 @@
|
|||
version: v8615-0
|
||||
name: jitsi
|
||||
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
|
||||
version: v2.4.0-0
|
||||
version: v2.5.0-0
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
||||
version: v2.43.0-0
|
||||
version: v2.44.0-0
|
||||
name: prometheus
|
||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
||||
version: v1.5.0-7
|
||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git
|
||||
version: v1.6.0-0
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
|
||||
version: v0.12.0-0
|
||||
name: prometheus_postgres_exporter
|
||||
- src: git+https://gitlab.com/etke.cc/roles/redis.git
|
||||
version: v7.0.10-0
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
matrix_bot_draupnir_enabled: true
|
||||
|
||||
matrix_bot_draupnir_version: "v1.80.1"
|
||||
matrix_bot_draupnir_version: "v1.82.0"
|
||||
|
||||
matrix_bot_draupnir_container_image_self_build: false
|
||||
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git"
|
||||
|
|
|
@ -56,8 +56,7 @@ matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_bot_hono
|
|||
matrix_bot_honoroit_container_labels_traefik_hostname: "{{ matrix_bot_honoroit_hostname }}"
|
||||
# The path prefix must either be `/` or not end with a slash (e.g. `/honoroit`).
|
||||
matrix_bot_honoroit_container_labels_traefik_path_prefix: "{{ matrix_bot_honoroit_path_prefix }}"
|
||||
matrix_bot_honoroit_container_labels_traefik_rule: "Host(`{{ matrix_bot_honoroit_container_labels_traefik_hostname }}`){% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_honoroit_container_labels_traefik_path_prefix }}`){% endif %}"
|
||||
matrix_bot_honoroit_container_labels_traefik_metrics_path: "{{ matrix_bot_honoroit_metrics_path }}"
|
||||
matrix_bot_honoroit_container_labels_traefik_metrics_path: "{{ '' if matrix_bot_honoroit_path_prefix == '/' else matrix_bot_honoroit_path_prefix }}{{ matrix_bot_honoroit_metrics_path }}"
|
||||
matrix_bot_honoroit_container_labels_traefik_metrics_rule: "Host(`{{ matrix_bot_honoroit_container_labels_traefik_hostname }}`) && Path(`{{ matrix_bot_honoroit_container_labels_traefik_metrics_path }}`)"
|
||||
matrix_bot_honoroit_container_labels_traefik_priority: 0
|
||||
matrix_bot_honoroit_container_labels_traefik_entrypoints: web-secure
|
||||
|
|
|
@ -31,27 +31,12 @@ traefik.http.middlewares.matrix-bot-honoroit-auth.basicauth.users={{ lookup('ans
|
|||
{% set middlewares_metrics = middlewares + ['matrix-bot-honoroit-auth'] %}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-bot-honoroit.rule={{ matrix_bot_honoroit_container_labels_traefik_rule }}
|
||||
{% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-bot-honoroit.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-bot-honoroit.service=matrix-bot-honoroit
|
||||
{% if middlewares | length > 0 %}
|
||||
traefik.http.routers.matrix-bot-honoroit.middlewares={{ middlewares | join(',') }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-bot-honoroit.entrypoints={{ matrix_bot_honoroit_container_labels_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-bot-honoroit.tls={{ matrix_bot_honoroit_container_labels_traefik_tls | to_json }}
|
||||
{% if matrix_bot_honoroit_container_labels_traefik_tls %}
|
||||
traefik.http.routers.matrix-bot-honoroit.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.services.matrix-bot-honoroit.loadbalancer.server.port=8080
|
||||
|
||||
{% if middlewares_metrics | length > 0 %}
|
||||
traefik.http.routers.matrix-bot-honoroit-metrics.rule={{ matrix_bot_honoroit_container_labels_traefik_metrics_rule }}
|
||||
{% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-bot-honoroit-metrics.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-bot-honoroit-metrics.service=matrix-bot-honoroit
|
||||
traefik.http.routers.matrix-bot-honoroit-metrics.service=matrix-bot-honoroit-metrics
|
||||
traefik.http.routers.matrix-bot-honoroit-metrics.middlewares={{ middlewares_metrics | join(',') }}
|
||||
traefik.http.routers.matrix-bot-honoroit-metrics.entrypoints={{ matrix_bot_honoroit_container_labels_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-bot-honoroit-metrics.tls={{ matrix_bot_honoroit_container_labels_traefik_tls | to_json }}
|
||||
|
|
|
@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false
|
|||
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
|
||||
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
|
||||
|
||||
matrix_mautrix_discord_version: v0.3.0
|
||||
matrix_mautrix_discord_version: v0.4.0
|
||||
# See: https://mau.dev/mautrix/discord/container_registry
|
||||
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
|
||||
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
|
|
|
@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
|
|||
matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
|
||||
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
|
||||
|
||||
matrix_mautrix_signal_version: v0.4.2
|
||||
matrix_mautrix_signal_version: v0.4.3
|
||||
matrix_mautrix_signal_daemon_version: 0.23.2
|
||||
# See: https://mau.dev/mautrix/signal/container_registry
|
||||
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}"
|
||||
|
|
|
@ -17,7 +17,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
|
|||
matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
|
||||
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
|
||||
|
||||
matrix_mautrix_telegram_version: v0.13.0
|
||||
matrix_mautrix_telegram_version: v0.14.0
|
||||
# See: https://mau.dev/mautrix/telegram/container_registry
|
||||
matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
|
||||
matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
|
|
|
@ -8,7 +8,7 @@ matrix_mautrix_twitter_container_image_self_build: false
|
|||
matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
|
||||
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
|
||||
|
||||
matrix_mautrix_twitter_version: v0.1.5
|
||||
matrix_mautrix_twitter_version: v0.1.6
|
||||
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
|
||||
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
|
||||
matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
|
|
|
@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
|
|||
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
|
||||
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
|
||||
|
||||
matrix_mautrix_whatsapp_version: v0.8.4
|
||||
matrix_mautrix_whatsapp_version: v0.8.5
|
||||
# See: https://mau.dev/mautrix/whatsapp/container_registry
|
||||
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
|
||||
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
matrix_synapse_enabled: true
|
||||
|
||||
matrix_synapse_version: v1.83.0
|
||||
matrix_synapse_version: v1.84.1
|
||||
|
||||
matrix_synapse_username: ''
|
||||
matrix_synapse_uid: ''
|
||||
|
@ -711,9 +711,18 @@ matrix_synapse_run_background_tasks_on: "{{ (matrix_synapse_workers_enabled_list
|
|||
# - { 'id': 'media-repository-0', 'name': 'matrix-synapse-worker-media-repository-0', 'type': 'media_repository', 'port': 18551, 'metrics_port': 19551, 'webserving': true }
|
||||
matrix_synapse_workers_enabled_list: []
|
||||
|
||||
# matrix_synapse_instance_map holds the instance map used for mapping worker names (for certain generic workers only!) to where they live (host, port which handles replication traffic).
|
||||
# This is populated automatically based on `matrix_synapse_workers_enabled_list` during runtime, so you're not required to tweak it manually.
|
||||
matrix_synapse_instance_map: {}
|
||||
# matrix_synapse_instance_map holds the instance map used for mapping worker names (for the main process and certain generic workers only!) to where they live (host, port which handles replication traffic).
|
||||
# This map starts off being populated with the Synapse main (master) process,
|
||||
# but will be populated with workers automatically during runtime, based on `matrix_synapse_workers_enabled_list`.
|
||||
matrix_synapse_instance_map: |
|
||||
{{
|
||||
{
|
||||
'main': {
|
||||
'host': 'matrix-synapse',
|
||||
'port': matrix_synapse_replication_http_port,
|
||||
},
|
||||
} if matrix_synapse_workers_enabled else {}
|
||||
}}
|
||||
|
||||
# Redis information
|
||||
matrix_synapse_redis_enabled: false
|
||||
|
@ -919,6 +928,10 @@ matrix_synapse_room_list_publication_rules:
|
|||
|
||||
matrix_synapse_default_room_version: "10"
|
||||
|
||||
# Controls whether leaving a room will automatically forget it.
|
||||
# The upstream default is `false`, but we try to make Synapse less wasteful of resources, so we do things differently.
|
||||
matrix_synapse_forget_rooms_on_leave: true
|
||||
|
||||
# Controls the Synapse `spam_checker` setting.
|
||||
#
|
||||
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
ansible.builtin.set_fact:
|
||||
worker:
|
||||
id: "stream-writer-{{ idx }}-{{ item.stream }}"
|
||||
# Names must not include understores. Certain stream writer streams (to_device, account_data, ..) do, so we fix them up.
|
||||
# Names must not include underscores. Certain stream writer streams (to_device, account_data, ..) do, so we fix them up.
|
||||
name: "matrix-synapse-worker-stream-writer-{{ idx }}-{{ item.stream | replace('_', '-') }}"
|
||||
type: 'stream_writer'
|
||||
app: "generic_worker"
|
||||
|
|
|
@ -141,6 +141,10 @@ allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_fe
|
|||
#
|
||||
default_room_version: {{ matrix_synapse_default_room_version|to_json }}
|
||||
|
||||
# Set to true to automatically forget rooms for users when they leave them, either
|
||||
# normally or via a kick or ban. Defaults to false.
|
||||
forget_rooms_on_leave: {{ matrix_synapse_forget_rooms_on_leave | to_json }}
|
||||
|
||||
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
|
||||
#
|
||||
#gc_thresholds: [700, 10, 10]
|
||||
|
|
|
@ -23,7 +23,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
|||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
--network={{ matrix_synapse_container_network }} \
|
||||
{% if matrix_synapse_worker_details.port != 0 %}
|
||||
{% if matrix_synapse_worker_details.port != 0 and matrix_synapse_worker_details.webserving %}
|
||||
--health-cmd 'curl -fSs http://localhost:{{ matrix_synapse_worker_details.port }}/health || exit 1' \
|
||||
{% else %}
|
||||
--no-healthcheck \
|
||||
|
|
Loading…
Add table
Reference in a new issue