Merge remote-tracking branch 'github/master'

This commit is contained in:
benkuly 2020-11-23 12:31:14 +01:00
commit 75600aa357
5 changed files with 114 additions and 83 deletions

View file

@ -4,7 +4,7 @@
matrix_mautrix_telegram_enabled: true matrix_mautrix_telegram_enabled: true
# See: https://mau.dev/tulir/mautrix-telegram/container_registry # See: https://mau.dev/tulir/mautrix-telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.8.2" matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.9.0"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"

View file

@ -51,7 +51,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false matrix_jitsi_enable_lobby: false
matrix_jitsi_container_image_tag: "stable-5142" matrix_jitsi_container_image_tag: "stable-4857"
matrix_jitsi_web_docker_image: "docker.io/jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image: "docker.io/jitsi/web:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"

View file

@ -24,7 +24,7 @@
docker_image: docker_image:
name: "{{ matrix_synapse_admin_docker_image }}" name: "{{ matrix_synapse_admin_docker_image }}"
source: build source: build
force_source: "{{ matrix_synapse_admin_git_pull_results }}" force_source: "{{ matrix_synapse_admin_git_pull_results.changed }}"
build: build:
dockerfile: Dockerfile dockerfile: Dockerfile
path: "{{ matrix_synapse_admin_docker_src_files_path }}" path: "{{ matrix_synapse_admin_docker_src_files_path }}"

View file

@ -5,7 +5,7 @@ matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false matrix_synapse_container_image_self_build: false
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.22.1" matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.23.0"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else 'docker.io/' }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else 'docker.io/' }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@ -59,7 +59,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-synapse.service wants # List of systemd services that matrix-synapse.service wants
matrix_synapse_systemd_wanted_services_list: [] matrix_synapse_systemd_wanted_services_list: []
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.7/site-packages" matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.8/site-packages"
# Specifies which template files to use when configuring Synapse. # Specifies which template files to use when configuring Synapse.
# If you'd like to have your own different configuration, feel free to copy and paste # If you'd like to have your own different configuration, feel free to copy and paste

View file

@ -1482,10 +1482,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
## Single sign-on integration ## ## Single sign-on integration ##
# Enable SAML2 for registration and login. Uses pysaml2. # The following settings can be used to make Synapse use a single sign-on
# # provider for authentication, instead of its internal password database.
# At least one of `sp_config` or `config_path` must be set in this section to
# enable SAML login.
# #
# You will probably also want to set the following options to `false` to # You will probably also want to set the following options to `false` to
# disable the regular login/registration flows: # disable the regular login/registration flows:
@ -1494,6 +1492,11 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
# #
# You will also want to investigate the settings under the "sso" configuration # You will also want to investigate the settings under the "sso" configuration
# section below. # section below.
# Enable SAML2 for registration and login. Uses pysaml2.
#
# At least one of `sp_config` or `config_path` must be set in this section to
# enable SAML login.
# #
# Once SAML support is enabled, a metadata file will be exposed at # Once SAML support is enabled, a metadata file will be exposed at
# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to # https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
@ -1509,35 +1512,59 @@ saml2_config:
# so it is not normally necessary to specify them unless you need to # so it is not normally necessary to specify them unless you need to
# override them. # override them.
# #
#sp_config: sp_config:
# # point this to the IdP's metadata. You can use either a local file or # Point this to the IdP's metadata. You must provide either a local
# # (preferably) a URL. # file via the `local` attribute or (preferably) a URL via the
# `remote` attribute.
#
#metadata: #metadata:
# #local: ["saml2/idp.xml"] # local: ["saml2/idp.xml"]
# remote: # remote:
# - url: https://our_idp/metadata.xml # - url: https://our_idp/metadata.xml
# By default, the user has to go to our login page first. If you'd like
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
# 'service.sp' section:
# #
# # By default, the user has to go to our login page first. If you'd like #service:
# # to allow IdP-initiated login, set 'allow_unsolicited: true' in a # sp:
# # 'service.sp' section: # allow_unsolicited: true
# #
# #service: # The examples below are just used to generate our metadata xml, and you
# # sp: # may well not need them, depending on your setup. Alternatively you
# # allow_unsolicited: true # may need a whole lot more detail - see the pysaml2 docs!
#
# # The examples below are just used to generate our metadata xml, and you
# # may well not need them, depending on your setup. Alternatively you
# # may need a whole lot more detail - see the pysaml2 docs!
#
#description: ["My awesome SP", "en"] #description: ["My awesome SP", "en"]
#name: ["Test SP", "en"] #name: ["Test SP", "en"]
#
#ui_info:
# display_name:
# - lang: en
# text: "Display Name is the descriptive name of your service."
# description:
# - lang: en
# text: "Description should be a short paragraph explaining the purpose of the service."
# information_url:
# - lang: en
# text: "https://example.com/terms-of-service"
# privacy_statement_url:
# - lang: en
# text: "https://example.com/privacy-policy"
# keywords:
# - lang: en
# text: ["Matrix", "Element"]
# logo:
# - lang: en
# text: "https://example.com/logo.svg"
# width: "200"
# height: "80"
#organization: #organization:
# name: Example com # name: Example com
# display_name: # display_name:
# - ["Example co", "en"] # - ["Example co", "en"]
# url: "http://example.com" # url: "http://example.com"
#
#contact_person: #contact_person:
# - given_name: Bob # - given_name: Bob
# sur_name: "the Sysadmin" # sur_name: "the Sysadmin"
@ -1617,37 +1644,11 @@ saml2_config:
# - attribute: department # - attribute: department
# value: "sales" # value: "sales"
# Directory in which Synapse will try to find the template files below.
# If not set, default templates from within the Synapse package will be used.
#
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
# If you *do* uncomment it, you will need to make sure that all the templates
# below are in the directory.
#
# Synapse will look for the following templates in this directory:
#
# * HTML page to display to users if something goes wrong during the
# authentication process: 'saml_error.html'.
#
# When rendering, this template is given the following variables:
# * code: an HTML error code corresponding to the error that is being
# returned (typically 400 or 500)
#
# * msg: a textual message describing the error.
#
# The variables will automatically be HTML-escaped.
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
#
#template_dir: "res/templates"
# Enable OpenID Connect (OIDC) / OAuth 2.0 for registration and login.
# OpenID Connect integration. The following settings can be used to make Synapse
# use an OpenID Connect Provider for authentication, instead of its internal
# password database.
# #
# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md. # See https://github.com/matrix-org/synapse/blob/master/docs/openid.md
# for some example configurations.
# #
oidc_config: oidc_config:
# Uncomment the following to enable authorization against an OpenID Connect # Uncomment the following to enable authorization against an OpenID Connect
@ -1770,17 +1771,47 @@ oidc_config:
# #
#display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}" #display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}"
# Jinja2 templates for extra attributes to send back to the client during
# login.
# Enable CAS for registration and login. #
# Note that these are non-standard and clients will ignore them without modifications.
#
#extra_attributes:
#birthdate: "{% raw %}{{ user.birthdate }}{% endraw %}"
# Enable Central Authentication Service (CAS) for registration and login.
#
cas_config:
# Uncomment the following to enable authorization against a CAS server.
# Defaults to false.
# #
#cas_config:
#enabled: true #enabled: true
# The URL of the CAS authorization endpoint.
#
#server_url: "https://cas-server.com" #server_url: "https://cas-server.com"
# The public URL of the homeserver.
#
#service_url: "https://homeserver.domain.com:8448" #service_url: "https://homeserver.domain.com:8448"
# #displayname_attribute: name
# #required_attributes: # The attribute of the CAS response to use as the display name.
# # name: value #
# If unset, no displayname will be set.
#
#displayname_attribute: name
# It is possible to configure Synapse to only allow logins if CAS attributes
# match particular values. All of the keys in the mapping below must exist
# and the values must match the given value. Alternately if the given value
# is None then any value is allowed (the attribute just must exist).
# All of the listed attributes must match for the login to be permitted.
#
#required_attributes:
# userGroup: "staff"
# department: None
# Additional settings to use with single-sign on systems such as OpenID Connect, # Additional settings to use with single-sign on systems such as OpenID Connect,
@ -1880,7 +1911,7 @@ sso:
# and issued at ("iat") claims are validated if present. # and issued at ("iat") claims are validated if present.
# #
# Note that this is a non-standard login type and client support is # Note that this is a non-standard login type and client support is
# expected to be non-existant. # expected to be non-existent.
# #
# See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md. # See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md.
# #
@ -2411,7 +2442,7 @@ alias_creation_rules: {{ matrix_synapse_alias_creation_rules|to_json }}
# #
# Options for the rules include: # Options for the rules include:
# #
# user_id: Matches agaisnt the creator of the alias # user_id: Matches against the creator of the alias
# room_id: Matches against the room ID being published # room_id: Matches against the room ID being published
# alias: Matches against any current local or canonical aliases # alias: Matches against any current local or canonical aliases
# associated with the room # associated with the room
@ -2459,7 +2490,7 @@ opentracing:
# This is a list of regexes which are matched against the server_name of the # This is a list of regexes which are matched against the server_name of the
# homeserver. # homeserver.
# #
# By defult, it is empty, so no servers are matched. # By default, it is empty, so no servers are matched.
# #
#homeserver_whitelist: #homeserver_whitelist:
# - ".*" # - ".*"