Merge branch 'master' into pub.solar
This commit is contained in:
commit
1378e779ce
|
@ -1,3 +1,12 @@
|
||||||
|
# 2022-02-12
|
||||||
|
|
||||||
|
## matrix_encryption_disabler support
|
||||||
|
|
||||||
|
We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401).
|
||||||
|
|
||||||
|
To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`.
|
||||||
|
|
||||||
|
|
||||||
# 2022-02-01
|
# 2022-02-01
|
||||||
|
|
||||||
## matrix-hookshot bridging support
|
## matrix-hookshot bridging support
|
||||||
|
|
|
@ -47,3 +47,20 @@ matrix_synapse_federation_port_enabled: false
|
||||||
# This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server.
|
# This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server.
|
||||||
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
|
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports
|
||||||
|
|
||||||
|
Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection.
|
||||||
|
|
||||||
|
The following changes in the configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other:
|
||||||
|
|
||||||
|
```
|
||||||
|
matrix_synapse_http_listener_resource_names: ["client","federation"]
|
||||||
|
# Any port can be used but in this case we use 443
|
||||||
|
matrix_federation_public_port: 443
|
||||||
|
matrix_synapse_federation_port_enabled: false
|
||||||
|
# Note that the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true.
|
||||||
|
matrix_synapse_tls_federation_listener_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
**Use this at you own risk as all the possible side-effects of doing this are not fully known. However, it has been tested and works fine and passes all the tests on <https://federationtester.matrix.org/> without issues.**
|
||||||
|
|
|
@ -67,8 +67,13 @@ By default, it obtains certificates for:
|
||||||
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
||||||
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
|
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
|
||||||
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
|
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
|
||||||
|
- possibly for `hydrogen.<your-domain>`, if you have explicitly [set up Hydrogen client](configuring-playbook-client-hydrogen.md).
|
||||||
|
- possibly for `cinny.<your-domain>`, if you have explicitly [set up Cinny client](configuring-playbook-client-cinny.md).
|
||||||
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
||||||
|
- possibly for `goneb.<your-domain>`, if you have explicitly [set up Go-NEB bot](configuring-playbook-bot-go-neb.md).
|
||||||
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
|
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
|
||||||
|
- possibly for `stats.<your-domain>`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md).
|
||||||
|
- possibly for `sygnal.<your-domain>`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md).
|
||||||
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
||||||
|
|
||||||
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.
|
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.
|
||||||
|
|
|
@ -226,7 +226,7 @@ Using a separate domain name is easier to manage (although it's a little hard to
|
||||||
|
|
||||||
We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
|
We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
|
||||||
|
|
||||||
If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain).
|
If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
|
||||||
|
|
||||||
### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do?
|
### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do?
|
||||||
|
|
||||||
|
|
62
roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo
Normal file
62
roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
[docker-ce-stable]
|
||||||
|
name=Docker CE Stable - $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable
|
||||||
|
enabled=1
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-stable-debuginfo]
|
||||||
|
name=Docker CE Stable - Debuginfo $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-stable-source]
|
||||||
|
name=Docker CE Stable - Sources
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-test]
|
||||||
|
name=Docker CE Test - $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-test-debuginfo]
|
||||||
|
name=Docker CE Test - Debuginfo $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-test-source]
|
||||||
|
name=Docker CE Test - Sources
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/source/test
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-nightly]
|
||||||
|
name=Docker CE Nightly - $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-nightly-debuginfo]
|
||||||
|
name=Docker CE Nightly - Debuginfo $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-nightly-source]
|
||||||
|
name=Docker CE Nightly - Sources
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
|
@ -4,7 +4,10 @@
|
||||||
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8
|
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8
|
||||||
|
|
||||||
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
|
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
|
||||||
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7
|
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30
|
||||||
|
|
||||||
|
- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
|
||||||
|
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
# ansible_lsb is only available if lsb-release is installed.
|
# ansible_lsb is only available if lsb-release is installed.
|
||||||
|
|
39
roles/matrix-base/tasks/server_base/setup_fedora.yml
Normal file
39
roles/matrix-base/tasks/server_base/setup_fedora.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Docker repository is enabled
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
|
||||||
|
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- docker-ce-fedora.repo
|
||||||
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
|
- name: Ensure Docker's RPM key is trusted
|
||||||
|
rpm_key:
|
||||||
|
state: present
|
||||||
|
key: https://download.docker.com/linux/fedora/gpg
|
||||||
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
|
- name: Ensure yum packages are installed
|
||||||
|
yum:
|
||||||
|
name:
|
||||||
|
- "{{ matrix_ntpd_package }}"
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Ensure Docker is installed
|
||||||
|
yum:
|
||||||
|
name:
|
||||||
|
- "{{ matrix_docker_package_name }}"
|
||||||
|
- python3-pip
|
||||||
|
state: latest
|
||||||
|
when: matrix_docker_installation_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure Docker-Py is installed
|
||||||
|
pip:
|
||||||
|
name: docker-py
|
||||||
|
state: latest
|
||||||
|
when: matrix_docker_installation_enabled|bool
|
|
@ -2,13 +2,11 @@
|
||||||
|
|
||||||
- name: Ensure Docker repository is enabled
|
- name: Ensure Docker repository is enabled
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
|
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
|
||||||
dest: "/etc/yum.repos.d/{{ item }}"
|
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
|
||||||
- docker-ce.repo
|
|
||||||
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
- name: Ensure Docker's RPM key is trusted
|
- name: Ensure Docker's RPM key is trusted
|
||||||
|
|
|
@ -2,13 +2,11 @@
|
||||||
|
|
||||||
- name: Ensure Docker repository is enabled
|
- name: Ensure Docker repository is enabled
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
|
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
|
||||||
dest: "/etc/yum.repos.d/{{ item }}"
|
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
|
||||||
- docker-ce.repo
|
|
||||||
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
- name: Ensure Docker's RPM key is trusted
|
- name: Ensure Docker's RPM key is trusted
|
||||||
|
|
|
@ -69,7 +69,7 @@
|
||||||
mode: 0400
|
mode: 0400
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
when: "{{ matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length }}"
|
when: matrix_hookshot_github_enabled|bool and matrix_hookshot_github_private_key|length > 0
|
||||||
|
|
||||||
- name: Ensure matrix-hookshot.service installed
|
- name: Ensure matrix-hookshot.service installed
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -8,8 +8,8 @@ matrix_mautrix_signal_container_image_self_build: false
|
||||||
matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
|
matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
|
||||||
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
|
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
|
||||||
|
|
||||||
matrix_mautrix_signal_version: v0.2.2
|
matrix_mautrix_signal_version: v0.2.3
|
||||||
matrix_mautrix_signal_daemon_version: 0.16.1
|
matrix_mautrix_signal_daemon_version: 0.17.0
|
||||||
# See: https://mau.dev/mautrix/signal/container_registry
|
# See: https://mau.dev/mautrix/signal/container_registry
|
||||||
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
|
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
|
||||||
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
|
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -14,7 +14,7 @@ matrix_mautrix_telegram_container_image_self_build: false
|
||||||
matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
|
matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
|
||||||
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
|
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
|
||||||
|
|
||||||
matrix_mautrix_telegram_version: v0.11.1
|
matrix_mautrix_telegram_version: v0.11.2
|
||||||
# See: https://mau.dev/mautrix/telegram/container_registry
|
# See: https://mau.dev/mautrix/telegram/container_registry
|
||||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
|
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
|
||||||
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
|
||||||
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
|
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
|
||||||
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
|
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
|
||||||
|
|
||||||
matrix_mautrix_whatsapp_version: v0.2.3
|
matrix_mautrix_whatsapp_version: v0.2.4
|
||||||
# See: https://mau.dev/mautrix/whatsapp/container_registry
|
# See: https://mau.dev/mautrix/whatsapp/container_registry
|
||||||
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
|
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
|
||||||
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
|
|
|
@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
||||||
# - https://github.com/vector-im/element-web/issues/19544
|
# - https://github.com/vector-im/element-web/issues/19544
|
||||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||||
|
|
||||||
matrix_client_element_version: v1.10.1
|
matrix_client_element_version: v1.10.4
|
||||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true
|
||||||
matrix_client_hydrogen_container_image_self_build: true
|
matrix_client_hydrogen_container_image_self_build: true
|
||||||
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
|
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
|
||||||
|
|
||||||
matrix_client_hydrogen_version: v0.2.25
|
matrix_client_hydrogen_version: v0.2.26
|
||||||
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
|
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
|
||||||
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
|
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true
|
||||||
# The dynamic dns daemon interval
|
# The dynamic dns daemon interval
|
||||||
matrix_dynamic_dns_daemon_interval: '300'
|
matrix_dynamic_dns_daemon_interval: '300'
|
||||||
|
|
||||||
matrix_dynamic_dns_version: v3.9.1-ls77
|
matrix_dynamic_dns_version: v3.9.1-ls79
|
||||||
|
|
||||||
# The docker container to use when in mode
|
# The docker container to use when in mode
|
||||||
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
|
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
matrix_grafana_enabled: false
|
matrix_grafana_enabled: false
|
||||||
|
|
||||||
matrix_grafana_version: 8.3.4
|
matrix_grafana_version: 8.4.1
|
||||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -22,6 +22,10 @@ matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data"
|
||||||
# Allow viewing Grafana without logging in
|
# Allow viewing Grafana without logging in
|
||||||
matrix_grafana_anonymous_access: false
|
matrix_grafana_anonymous_access: false
|
||||||
|
|
||||||
|
# When `false`, sends a `X-Frame-Options: deny` HTTP header, which allows Grafana from being embeded in a frame.
|
||||||
|
# Read more here: https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding
|
||||||
|
matrix_grafana_allow_embedding: false
|
||||||
|
|
||||||
# specify organization name that should be used for unauthenticated users
|
# specify organization name that should be used for unauthenticated users
|
||||||
# if you change this in the Grafana admin panel, this needs to be updated
|
# if you change this in the Grafana admin panel, this needs to be updated
|
||||||
# to match to keep anonymous logins working
|
# to match to keep anonymous logins working
|
||||||
|
|
|
@ -16,6 +16,8 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}"
|
||||||
content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}"""
|
content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}"""
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
allow_embedding = {{ matrix_grafana_allow_embedding }}
|
||||||
|
|
||||||
[auth.anonymous]
|
[auth.anonymous]
|
||||||
# enable anonymous access
|
# enable anonymous access
|
||||||
enabled = {{ matrix_grafana_anonymous_access }}
|
enabled = {{ matrix_grafana_anonymous_access }}
|
||||||
|
|
|
@ -477,7 +477,7 @@ matrix_ssl_lets_encrypt_staging: false
|
||||||
# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
|
# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
|
||||||
matrix_ssl_lets_encrypt_server: ''
|
matrix_ssl_lets_encrypt_server: ''
|
||||||
|
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.22.0"
|
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0"
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
||||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||||
matrix_ssl_lets_encrypt_support_email: ~
|
matrix_ssl_lets_encrypt_support_email: ~
|
||||||
|
|
|
@ -20,11 +20,11 @@ matrix_postgres_architecture: amd64
|
||||||
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
|
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
|
||||||
|
|
||||||
matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.19{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.14{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.9{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.5{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.1{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}"
|
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}"
|
||||||
|
|
||||||
# This variable is assigned at runtime. Overriding its value has no effect.
|
# This variable is assigned at runtime. Overriding its value has no effect.
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
matrix_prometheus_enabled: false
|
matrix_prometheus_enabled: false
|
||||||
|
|
||||||
matrix_prometheus_version: v2.33.1
|
matrix_prometheus_version: v2.33.3
|
||||||
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
|
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
|
||||||
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
|
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom
|
||||||
|
|
||||||
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
|
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
|
||||||
|
|
||||||
matrix_synapse_admin_version: 0.8.4
|
matrix_synapse_admin_version: 0.8.5
|
||||||
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
|
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
|
||||||
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
|
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
|
||||||
|
|
||||||
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
||||||
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_synapse_version: v1.52.0
|
matrix_synapse_version: v1.53.0
|
||||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -489,8 +489,16 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
|
||||||
# Enable this to activate the Shared Secret Auth password provider module.
|
# Enable this to activate the Shared Secret Auth password provider module.
|
||||||
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py"
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true
|
||||||
|
# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}"
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_config_yaml: |
|
||||||
|
shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }}
|
||||||
|
m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|to_json }}
|
||||||
|
com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }}
|
||||||
|
|
||||||
# Enable this to activate LDAP password provider
|
# Enable this to activate LDAP password provider
|
||||||
matrix_synapse_ext_password_provider_ldap_enabled: false
|
matrix_synapse_ext_password_provider_ldap_enabled: false
|
||||||
|
@ -534,6 +542,30 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false
|
||||||
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
|
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
|
||||||
|
|
||||||
|
|
||||||
|
# Enable this to activate the E2EE disabling Synapse module.
|
||||||
|
# See: https://github.com/digitalentity/matrix_encryption_disabler
|
||||||
|
matrix_synapse_ext_encryption_disabler_enabled: false
|
||||||
|
matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py"
|
||||||
|
# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list.
|
||||||
|
# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room.
|
||||||
|
matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"]
|
||||||
|
# A list of server domain names for which to deny encryption if the destination room id's domain matches the domain in the list.
|
||||||
|
# By default, with the configuration below, we prevent locally-created encryption events by ANY user encrypt rooms on the homeserver.
|
||||||
|
# Note: foreign users with enough room privileges will still be able to send an encryption event to your rooms and encrypt them.
|
||||||
|
matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix_domain }}"]
|
||||||
|
# Specifies whether the power levels event (setting) provided during room creation should be patched.
|
||||||
|
# This makes it impossible for anybody (locally or over federation) from enabling room encryption
|
||||||
|
# for the lifetime of rooms created while this setting is enabled (irreversible).
|
||||||
|
# Enabling this may have incompatiblity consequences with servers / clients.
|
||||||
|
# Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler
|
||||||
|
matrix_synapse_ext_encryption_disabler_patch_power_levels: false
|
||||||
|
matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml|from_yaml }}"
|
||||||
|
matrix_synapse_ext_encryption_config_yaml: |
|
||||||
|
deny_encryption_for_users_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of|to_json }}
|
||||||
|
deny_encryption_for_rooms_of: {{ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of|to_json }}
|
||||||
|
patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels|to_json }}
|
||||||
|
|
||||||
|
|
||||||
matrix_s3_media_store_enabled: false
|
matrix_s3_media_store_enabled: false
|
||||||
matrix_s3_media_store_custom_endpoint_enabled: false
|
matrix_s3_media_store_custom_endpoint_enabled: false
|
||||||
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
||||||
|
@ -565,7 +597,7 @@ matrix_synapse_room_list_publication_rules:
|
||||||
room_id: "*"
|
room_id: "*"
|
||||||
action: allow
|
action: allow
|
||||||
|
|
||||||
matrix_synapse_default_room_version: "6"
|
matrix_synapse_default_room_version: "9"
|
||||||
|
|
||||||
# Controls the Synapse `spam_checker` setting.
|
# Controls the Synapse `spam_checker` setting.
|
||||||
#
|
#
|
||||||
|
@ -573,6 +605,9 @@ matrix_synapse_default_room_version: "6"
|
||||||
# If not, you can also control its value manually.
|
# If not, you can also control its value manually.
|
||||||
matrix_synapse_spam_checker: []
|
matrix_synapse_spam_checker: []
|
||||||
|
|
||||||
|
# Controls the Synapse `modules` list.
|
||||||
|
# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2`
|
||||||
|
# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime.
|
||||||
matrix_synapse_modules: []
|
matrix_synapse_modules: []
|
||||||
|
|
||||||
matrix_synapse_encryption_enabled_by_default_for_room_type: "off"
|
matrix_synapse_encryption_enabled_by_default_for_room_type: "off"
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
|
||||||
|
when: matrix_synapse_ext_encryption_disabler_enabled|bool
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
|
||||||
|
when: "not matrix_synapse_ext_encryption_disabler_enabled|bool"
|
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Download matrix_encryption_disabler
|
||||||
|
get_url:
|
||||||
|
url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}"
|
||||||
|
dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
|
||||||
|
force: true
|
||||||
|
mode: 0440
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_modules: |
|
||||||
|
{{
|
||||||
|
matrix_synapse_modules|default([])
|
||||||
|
+
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"module": "matrix_e2ee_filter.EncryptedRoomFilter",
|
||||||
|
"config": matrix_synapse_ext_encryption_config
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}}
|
||||||
|
|
||||||
|
matrix_synapse_container_extra_arguments: >
|
||||||
|
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||||
|
+
|
||||||
|
["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
|
||||||
|
|
||||||
|
matrix_synapse_additional_loggers: >
|
||||||
|
{{ matrix_synapse_additional_loggers }}
|
||||||
|
+
|
||||||
|
{{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }}
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure matrix_encryption_disabler doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
|
||||||
|
state: absent
|
|
@ -1,5 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml"
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml"
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
|
||||||
|
|
|
@ -5,6 +5,11 @@
|
||||||
msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
|
msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
|
||||||
when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"
|
when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"
|
||||||
|
|
||||||
|
- name: Fail if no Shared Secret Auth login types enabled
|
||||||
|
fail:
|
||||||
|
msg: "Shared Secret Auth is enabled, but none of the login types are"
|
||||||
|
when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"
|
||||||
|
|
||||||
- name: Download matrix-synapse-shared-secret-auth
|
- name: Download matrix-synapse-shared-secret-auth
|
||||||
get_url:
|
get_url:
|
||||||
url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
|
url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
|
||||||
|
@ -15,7 +20,17 @@
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
matrix_synapse_password_providers_enabled: true
|
matrix_synapse_modules: |
|
||||||
|
{{
|
||||||
|
matrix_synapse_modules|default([])
|
||||||
|
+
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"module": "shared_secret_authenticator.SharedSecretAuthProvider",
|
||||||
|
"config": matrix_synapse_ext_password_provider_shared_secret_config
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}}
|
||||||
|
|
||||||
matrix_synapse_container_extra_arguments: >
|
matrix_synapse_container_extra_arguments: >
|
||||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
||||||
- name: Fail if trying to self-build on Ansible < 2.8
|
- name: Fail if trying to self-build on Ansible < 2.8
|
||||||
fail:
|
fail:
|
||||||
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
|
msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md"
|
||||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled"
|
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled"
|
||||||
|
|
||||||
# Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
|
# Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
|
||||||
|
|
|
@ -776,11 +776,16 @@ caches:
|
||||||
per_cache_factors:
|
per_cache_factors:
|
||||||
#get_users_who_share_room_with_user: 2.0
|
#get_users_who_share_room_with_user: 2.0
|
||||||
|
|
||||||
# Controls how long an entry can be in a cache without having been
|
# Controls whether cache entries are evicted after a specified time
|
||||||
# accessed before being evicted. Defaults to None, which means
|
# period. Defaults to true. Uncomment to disable this feature.
|
||||||
# entries are never evicted based on time.
|
|
||||||
#
|
#
|
||||||
#expiry_time: 30m
|
#expire_caches: false
|
||||||
|
|
||||||
|
# If expire_caches is enabled, this flag controls how long an entry can
|
||||||
|
# be in a cache without having been accessed before being evicted.
|
||||||
|
# Defaults to 30m. Uncomment to set a different time to live for cache entries.
|
||||||
|
#
|
||||||
|
#cache_entry_ttl: 30m
|
||||||
|
|
||||||
# Controls how long the results of a /sync request are cached for after
|
# Controls how long the results of a /sync request are cached for after
|
||||||
# a successful response is returned. A higher duration can help clients with
|
# a successful response is returned. A higher duration can help clients with
|
||||||
|
@ -890,6 +895,9 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
|
||||||
# - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
|
# - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
|
||||||
# - two for ratelimiting how often invites can be sent in a room or to a
|
# - two for ratelimiting how often invites can be sent in a room or to a
|
||||||
# specific user.
|
# specific user.
|
||||||
|
# - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID
|
||||||
|
# such as an email address or a phone number) based on the account that's
|
||||||
|
# sending the invite.
|
||||||
#
|
#
|
||||||
# The defaults are as shown below.
|
# The defaults are as shown below.
|
||||||
#
|
#
|
||||||
|
@ -944,6 +952,10 @@ rc_joins: {{ matrix_synapse_rc_joins|to_json }}
|
||||||
# per_user:
|
# per_user:
|
||||||
# per_second: 0.003
|
# per_second: 0.003
|
||||||
# burst_count: 5
|
# burst_count: 5
|
||||||
|
#
|
||||||
|
#rc_third_party_invite:
|
||||||
|
# per_second: 0.2
|
||||||
|
# burst_count: 10
|
||||||
|
|
||||||
# Ratelimiting settings for incoming federation
|
# Ratelimiting settings for incoming federation
|
||||||
#
|
#
|
||||||
|
@ -2586,11 +2598,6 @@ email:
|
||||||
# #filter: "(objectClass=posixAccount)"
|
# #filter: "(objectClass=posixAccount)"
|
||||||
{% if matrix_synapse_password_providers_enabled %}
|
{% if matrix_synapse_password_providers_enabled %}
|
||||||
password_providers:
|
password_providers:
|
||||||
{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %}
|
|
||||||
- module: "shared_secret_authenticator.SharedSecretAuthenticator"
|
|
||||||
config:
|
|
||||||
sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }}
|
|
||||||
{% endif %}
|
|
||||||
{% if matrix_synapse_ext_password_provider_rest_auth_enabled %}
|
{% if matrix_synapse_ext_password_provider_rest_auth_enabled %}
|
||||||
- module: "rest_auth_provider.RestAuthProvider"
|
- module: "rest_auth_provider.RestAuthProvider"
|
||||||
config:
|
config:
|
||||||
|
|
|
@ -64,7 +64,7 @@ matrix_synapse_workers_generic_worker_endpoints:
|
||||||
# Registration/login requests
|
# Registration/login requests
|
||||||
- ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
|
- ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
|
||||||
- ^/_matrix/client/(r0|v3|unstable)/register$
|
- ^/_matrix/client/(r0|v3|unstable)/register$
|
||||||
- ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$
|
- ^/_matrix/client/v1/register/m.login.registration_token/validity$
|
||||||
|
|
||||||
# Event sending requests
|
# Event sending requests
|
||||||
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact
|
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact
|
||||||
|
@ -206,7 +206,7 @@ matrix_synapse_workers_generic_worker_endpoints:
|
||||||
# You might also wish to investigate the `update_user_directory` and
|
# You might also wish to investigate the `update_user_directory` and
|
||||||
# `media_instance_running_background_jobs` settings.
|
# `media_instance_running_background_jobs` settings.
|
||||||
|
|
||||||
# pusher worker (no API endpoints) [
|
# pusher worker (no API endpoints) [
|
||||||
# Handles sending push notifications to sygnal and email. Doesn't handle any
|
# Handles sending push notifications to sygnal and email. Doesn't handle any
|
||||||
# REST endpoints itself, but you should set `start_pushers: False` in the
|
# REST endpoints itself, but you should set `start_pushers: False` in the
|
||||||
# shared configuration file to stop the main synapse sending push notifications.
|
# shared configuration file to stop the main synapse sending push notifications.
|
||||||
|
@ -220,18 +220,18 @@ matrix_synapse_workers_generic_worker_endpoints:
|
||||||
# - pusher_worker2
|
# - pusher_worker2
|
||||||
# ```
|
# ```
|
||||||
|
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
# appservice worker (no API endpoints) [
|
# appservice worker (no API endpoints) [
|
||||||
# Handles sending output traffic to Application Services. Doesn't handle any
|
# Handles sending output traffic to Application Services. Doesn't handle any
|
||||||
# REST endpoints itself, but you should set `notify_appservices: False` in the
|
# REST endpoints itself, but you should set `notify_appservices: False` in the
|
||||||
# shared configuration file to stop the main synapse sending appservice notifications.
|
# shared configuration file to stop the main synapse sending appservice notifications.
|
||||||
|
|
||||||
# Note this worker cannot be load-balanced: only one instance should be active.
|
# Note this worker cannot be load-balanced: only one instance should be active.
|
||||||
|
|
||||||
# ]
|
# ]
|
||||||
|
|
||||||
# federation_sender worker (no API endpoints) [
|
# federation_sender worker (no API endpoints) [
|
||||||
# Handles sending federation traffic to other servers. Doesn't handle any
|
# Handles sending federation traffic to other servers. Doesn't handle any
|
||||||
# REST endpoints itself, but you should set `send_federation: False` in the
|
# REST endpoints itself, but you should set `send_federation: False` in the
|
||||||
# shared configuration file to stop the main synapse sending this traffic.
|
# shared configuration file to stop the main synapse sending this traffic.
|
||||||
|
|
Loading…
Reference in a new issue