Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being deprecated. If one installs `passlib`, the `password_hash` values that are generated would be different by default. With this patch, we ensure consistency regardless of which one is used. After this patch, password hashes (and UUIDs derived from them) will change once, but they should be stable after that. These hashes changing is not a problem, because the playbook changes all references to the new values. Changes are only a problem if they're done partially and with different tools. For example: - `--tags=setup-COMPONENT` with `passlib` - `--tags=setup-postgres` with `crypt` (no `passlib`) If so, the Postgres database password's value will differ for the configuration generated for `COMPONENT`. The `rounds=` value is arbitrary. It doesn't matter what it is, as long as it's different than the default for `crypt` (5000) and the default for `passlib` for `sha512` (656000). Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html): > To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
This commit is contained in:
parent
42f3c3cbf6
commit
34c01da9d2
|
@ -422,14 +422,14 @@ matrix_appservice_discord_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token') | to_uuid }}"
|
||||
matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token') | to_uuid }}"
|
||||
matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
# We only make this use Postgres if our own Postgres server is enabled.
|
||||
# It's only then (for now) that we can automatically create the necessary database and user for this service.
|
||||
matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db') | to_uuid }}"
|
||||
matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -454,12 +454,12 @@ matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture !
|
|||
# matrix-appservice-webhooks' client-server port to the local host.
|
||||
matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}"
|
||||
|
||||
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
|
||||
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}"
|
||||
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
|
||||
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
|
||||
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_webhooks_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -493,12 +493,12 @@ matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not
|
|||
# matrix-appservice-slack's client-server port to the local host.
|
||||
matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_slack_slack_port) }}"
|
||||
|
||||
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}"
|
||||
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}"
|
||||
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
|
||||
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}"
|
||||
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_slack_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -511,7 +511,7 @@ matrix_appservice_slack_systemd_required_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
|
||||
matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db') | to_uuid }}"
|
||||
matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -548,12 +548,12 @@ matrix_appservice_irc_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token') | to_uuid }}"
|
||||
matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token') | to_uuid }}"
|
||||
matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
|
||||
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db') | to_uuid }}"
|
||||
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
|
||||
######################################################################
|
||||
|
@ -584,14 +584,14 @@ matrix_appservice_kakaotalk_systemd_required_services_list: |
|
|||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
|
||||
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
|
||||
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}"
|
||||
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -622,15 +622,15 @@ matrix_beeper_linkedin_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token') | to_uuid }}"
|
||||
matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token') | to_uuid }}"
|
||||
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
|
||||
|
||||
matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}"
|
||||
matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -660,15 +660,15 @@ matrix_go_skype_bridge_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}"
|
||||
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}"
|
||||
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}"
|
||||
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -698,11 +698,11 @@ matrix_mautrix_facebook_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token') | to_uuid }}"
|
||||
matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook') | to_uuid }}"
|
||||
matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_facebook_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9008' }}"
|
||||
|
||||
|
@ -713,7 +713,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if
|
|||
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
|
||||
# and point them to a migration path.
|
||||
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db') | to_uuid }}"
|
||||
matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -744,9 +744,9 @@ matrix_mautrix_hangouts_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token') | to_uuid }}"
|
||||
matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
|
||||
|
||||
|
@ -754,7 +754,7 @@ matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_pro
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}"
|
||||
matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -785,9 +785,9 @@ matrix_mautrix_googlechat_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token') | to_uuid }}"
|
||||
matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
|
||||
|
||||
|
@ -795,7 +795,7 @@ matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_p
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db') | to_uuid }}"
|
||||
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -826,9 +826,9 @@ matrix_mautrix_instagram_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token') | to_uuid }}"
|
||||
matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
|
@ -837,7 +837,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if
|
|||
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
|
||||
# and point them to a migration path.
|
||||
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db') | to_uuid }}"
|
||||
matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -872,14 +872,14 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
|
|||
|
||||
matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
|
||||
|
||||
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token') | to_uuid }}"
|
||||
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
matrix_mautrix_signal_database_engine: 'postgres'
|
||||
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}"
|
||||
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
|
||||
matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
|
||||
|
@ -915,11 +915,11 @@ matrix_mautrix_telegram_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token') | to_uuid }}"
|
||||
matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram') | to_uuid }}"
|
||||
matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}"
|
||||
|
||||
|
@ -927,7 +927,7 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db') | to_uuid }}"
|
||||
matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -957,14 +957,14 @@ matrix_mautrix_twitter_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}"
|
||||
matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
|
||||
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
|
||||
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if matrix_postgres_enabled else '' }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -994,15 +994,15 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token') | to_uuid }}"
|
||||
matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token') | to_uuid }}"
|
||||
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}"
|
||||
matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1032,15 +1032,15 @@ matrix_mautrix_discord_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}"
|
||||
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}"
|
||||
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}"
|
||||
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
|
||||
# This will be fixed in the upcoming `0.5.0` release of conduit.
|
||||
|
@ -1070,10 +1070,10 @@ matrix_sms_bridge_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token') | to_uuid }}"
|
||||
matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
|
||||
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token') | to_uuid }}"
|
||||
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1090,9 +1090,9 @@ matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_
|
|||
# We don't enable bridges by default.
|
||||
matrix_heisenbridge_enabled: false
|
||||
|
||||
matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok') | to_uuid }}"
|
||||
matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}"
|
||||
matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_heisenbridge_systemd_wanted_services_list: |
|
||||
{{
|
||||
|
@ -1118,9 +1118,9 @@ matrix_hookshot_enabled: false
|
|||
|
||||
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||
|
||||
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
|
||||
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}"
|
||||
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_hookshot_systemd_wanted_services_list: |
|
||||
{{
|
||||
|
@ -1180,15 +1180,15 @@ matrix_mx_puppet_slack_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}"
|
||||
matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1218,9 +1218,9 @@ matrix_mx_puppet_twitter_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
|
@ -1228,7 +1228,7 @@ matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_p
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}"
|
||||
matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1259,15 +1259,15 @@ matrix_mx_puppet_instagram_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}"
|
||||
matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1297,15 +1297,15 @@ matrix_mx_puppet_discord_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
|
||||
matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1335,15 +1335,15 @@ matrix_mx_puppet_steam_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}"
|
||||
matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1373,15 +1373,15 @@ matrix_mx_puppet_groupme_systemd_required_services_list: |
|
|||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}"
|
||||
matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}"
|
||||
matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1411,7 +1411,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db') | to_uuid }}"
|
||||
matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
|
||||
matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
|
||||
|
||||
######################################################################
|
||||
|
@ -1482,7 +1482,7 @@ matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_pr
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
|
||||
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1513,7 +1513,7 @@ matrix_bot_honoroit_systemd_required_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db') | to_uuid }}"
|
||||
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
|
||||
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
|
||||
|
||||
######################################################################
|
||||
|
@ -1544,7 +1544,7 @@ matrix_bot_buscarron_systemd_required_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}"
|
||||
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"
|
||||
matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
|
||||
|
||||
######################################################################
|
||||
|
@ -1576,7 +1576,7 @@ matrix_bot_postmoogle_systemd_required_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}"
|
||||
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
|
||||
|
||||
|
@ -1692,8 +1692,8 @@ matrix_backup_borg_systemd_required_services_list: |
|
|||
matrix_cactus_comments_enabled: false
|
||||
|
||||
# Derive secret values from homeserver secret
|
||||
matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token') | to_uuid }}"
|
||||
matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token') | to_uuid }}"
|
||||
matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token', rounds=655555) | to_uuid }}"
|
||||
matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
|
||||
matrix_cactus_comments_systemd_required_services_list: |
|
||||
|
@ -1763,7 +1763,7 @@ matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64
|
|||
|
||||
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
|
||||
|
||||
matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}"
|
||||
matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_coturn_tls_enabled: "{{ matrix_ssl_retrieval_method != 'none' }}"
|
||||
matrix_coturn_tls_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/fullchain.pem"
|
||||
|
@ -1815,7 +1815,7 @@ matrix_dimension_systemd_required_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db') | to_uuid }}"
|
||||
matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1842,7 +1842,7 @@ matrix_etherpad_systemd_required_services_list: |
|
|||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db') | to_uuid }}"
|
||||
matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1897,9 +1897,9 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_pro
|
|||
|
||||
matrix_jitsi_prosody_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:5280' }}"
|
||||
|
||||
matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri') | to_uuid }}"
|
||||
matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo') | to_uuid }}"
|
||||
matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb') | to_uuid }}"
|
||||
matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
|
||||
matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
|
||||
matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_jitsi_web_stun_servers: |
|
||||
{{
|
||||
|
@ -2019,7 +2019,7 @@ matrix_ma1sd_systemd_wanted_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db') | to_uuid }}"
|
||||
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -2638,9 +2638,9 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if mat
|
|||
# For exposing the Synapse worker (and metrics) ports to the local host.
|
||||
matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
||||
|
||||
matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db') | to_uuid }}"
|
||||
matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac') | to_uuid }}"
|
||||
matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}"
|
||||
|
||||
# We do not enable TLS in Synapse by default.
|
||||
# TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse.
|
||||
|
@ -2820,7 +2820,7 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url |
|
|||
######################################################################
|
||||
|
||||
matrix_prometheus_postgres_exporter_enabled: false
|
||||
matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}"
|
||||
matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_prometheus_postgres_exporter_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -2918,7 +2918,7 @@ matrix_registration_systemd_required_services_list: |
|
|||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db') | to_uuid }}"
|
||||
matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -2975,9 +2975,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_
|
|||
|
||||
matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}"
|
||||
|
||||
matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}"
|
||||
matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}"
|
||||
matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
# Even if TURN doesn't support TLS (it does by default),
|
||||
# it doesn't hurt to try a secure connection anyway.
|
||||
|
|
Loading…
Reference in a new issue