# ma1sd is a Federated Matrix Identity Server # See: https://github.com/ma1uta/ma1sd matrix_ma1sd_enabled: true matrix_ma1sd_docker_image: "ma1uta/ma1sd:1.4.6" matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}" matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd" matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config" matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data" # Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/8090 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8090"), or empty string to not expose. matrix_ma1sd_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_ma1sd_container_extra_arguments: [] # List of systemd services that matrix-ma1sd.service depends on matrix_ma1sd_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-ma1sd.service wants matrix_ma1sd_systemd_wanted_services_list: [] # Your identity server is private by default. # To ensure maximum discovery, you can make your identity server # also forward lookups to the central matrix.org Identity server # (at the cost of potentially leaking all your contacts information). # Enabling this is discouraged. Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups matrix_ma1sd_matrixorg_forwarding_enabled: false # ma1sd has serveral supported identity stores. # One of them is storing identities directly in Synapse's database. # Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md matrix_ma1sd_synapsesql_enabled: false matrix_ma1sd_synapsesql_type: "" matrix_ma1sd_synapsesql_connection: "" # Setting up email-sending settings is required for using ma1sd. matrix_ma1sd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}" matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "" matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 587 matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 1 matrix_ma1sd_threepid_medium_email_connectors_smtp_login: "" matrix_ma1sd_threepid_medium_email_connectors_smtp_password: "" # DNS overwrites are useful for telling ma1sd how it can reach the homeserver directly. # Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to ma1sd, # so that ma1sd can rewrite the original URL to one that would reach the homeserver. matrix_ma1sd_dns_overwrite_enabled: false matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}" matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" # Override the default email templates # To use this, fill in the template variables with the full desired template as a multi-line YAML variable # # More info: # https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md # https://github.com/ma1uta/ma1sd/tree/master/src/main/resources/threepids/email matrix_ma1sd_threepid_medium_email_custom_templates_enabled: false matrix_ma1sd_threepid_medium_email_custom_invite_template: "" matrix_ma1sd_threepid_medium_email_custom_session_validation_template: "" matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template: "" matrix_ma1sd_threepid_medium_email_custom_matrixid_template: "" # Controls whether the self-check feature should validate SSL certificates. matrix_ma1sd_self_check_validate_certificates: true # Controls ma1sd logging verbosity for troubleshooting. # # According to: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity matrix_ma1sd_verbose_logging: false # Default ma1sd configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # # For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`) # or completely replace this variable with your own template. matrix_ma1sd_configuration_yaml: | #jinja2: lstrip_blocks: True matrix: domain: {{ matrix_domain }} server: name: {{ matrix_server_fqn_matrix }} key: path: /var/ma1sd/sign.key storage: provider: sqlite: database: /var/ma1sd/ma1sd.db {% if matrix_ma1sd_dns_overwrite_enabled %} dns: overwrite: homeserver: client: - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }} value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }} {% endif %} {% if matrix_ma1sd_matrixorg_forwarding_enabled %} forward: servers: ['matrix-org'] {% endif %} threepid: medium: email: identity: from: {{ matrix_ma1sd_threepid_medium_email_identity_from }} connectors: smtp: host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }} port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }} tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }} login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }} password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }} {% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %} generators: template: {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %} invite: '/var/ma1sd/invite-template.eml' {% endif %} {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} session: {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %} validation: '/var/ma1sd/validate-template.eml' {% endif %} {% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} unbind: frandulent: '/var/ma1sd/unbind-fraudulent.eml' {% endif %} {% endif %} {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %} generic: matrixId: '/var/ma1sd/mxid-template.eml' {% endif %} {% endif %} synapseSql: enabled: {{ matrix_ma1sd_synapsesql_enabled }} type: {{ matrix_ma1sd_synapsesql_type }} connection: {{ matrix_ma1sd_synapsesql_connection }} matrix_ma1sd_configuration_extension_yaml: | # Your custom YAML configuration for ma1sd goes here. # This configuration extends the default starting configuration (`matrix_ma1sd_configuration_yaml`). # # You can override individual variables from the default configuration, or introduce new ones. # # If you need something more special, you can take full control by # completely redefining `matrix_ma1sd_configuration_yaml`. # # Example configuration extension follows: # # ldap: # enabled: true # connection: # host: ldapHostnameOrIp # tls: false # port: 389 # baseDNs: ['OU=Users,DC=example,DC=org'] # bindDn: CN=My Ma1sd User,OU=Users,DC=example,DC=org # bindPassword: TheUserPassword matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml is mapping else {} }}" # Holds the final ma1sd configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`. matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml|from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}"