pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
matrix-docker-ansible-deploy/roles/matrix-mxisd/defaults/main.yml
Slavi Pantaleev 7d3adc4512 Automatically force-pull :latest images 
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00

171 lines
7.4 KiB
YAML
Raw Blame History

# mxisd is a Federated Matrix Identity Server
# See: https://github.com/kamax-matrix/mxisd
matrix_mxisd_enabled: true
matrix_mxisd_docker_image: "kamax/mxisd:1.4.4"
matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}"
matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
# Controls whether the matrix-mxisd container exposes its HTTP port (tcp/8090 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
matrix_mxisd_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_mxisd_container_extra_arguments: []
# List of systemd services that matrix-mxisd.service depends on
matrix_mxisd_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mxisd.service wants
matrix_mxisd_systemd_wanted_services_list: []
# Your identity server is private by default.
# To ensure maximum discovery, you can make your identity server
# also forward lookups to the central matrix.org Identity server
# (at the cost of potentially leaking all your contacts information).
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
matrix_mxisd_matrixorg_forwarding_enabled: false
# mxisd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md
matrix_mxisd_synapsesql_enabled: false
matrix_mxisd_synapsesql_type: ""
matrix_mxisd_synapsesql_connection: ""
# Setting up email-sending settings is required for using mxisd.
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
matrix_mxisd_threepid_medium_email_connectors_smtp_login: ""
matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
# DNS overwrites are useful for telling mxisd how it can reach the homeserver directly.
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
# so that mxisd can rewrite the original URL to one that would reach the homeserver.
matrix_mxisd_dns_overwrite_enabled: false
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# Override the default email templates
# To use this, fill in the template variables with the full desired template as a multi-line YAML variable
#
# More info:
# https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notification/template-generator.md
# https://github.com/kamax-matrix/mxisd/tree/master/src/main/resources/threepids/email
matrix_mxisd_threepid_medium_email_custom_templates_enabled: false
matrix_mxisd_threepid_medium_email_custom_invite_template: ""
matrix_mxisd_threepid_medium_email_custom_session_validation_template: ""
matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template: ""
matrix_mxisd_threepid_medium_email_custom_matrixid_template: ""
# Controls whether the self-check feature should validate SSL certificates.
matrix_mxisd_self_check_validate_certificates: true
# Default mxisd configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mxisd_configuration_yaml: |
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/mxisd/sign.key
storage:
provider:
sqlite:
database: /var/mxisd/mxisd.db
{% if matrix_mxisd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_mxisd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_mxisd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_mxisd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_mxisd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_mxisd_threepid_medium_email_custom_invite_template %}
invite: '/var/mxisd/invite-template.eml'
{% endif %}
{% if matrix_mxisd_threepid_medium_email_custom_session_validation_template or matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_mxisd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/mxisd/validate-template.eml'
{% endif %}
{% if matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/mxisd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_mxisd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/mxisd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_mxisd_synapsesql_enabled }}
type: {{ matrix_mxisd_synapsesql_type }}
connection: {{ matrix_mxisd_synapsesql_connection }}
matrix_mxisd_configuration_extension_yaml: |
# Your custom YAML configuration for mxisd goes here.
# This configuration extends the default starting configuration (`matrix_mxisd_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mxisd_configuration_yaml`.
#
# Example configuration extension follows:
#
# ldap:
# enabled: true
# connection:
# host: ldapHostnameOrIp
# tls: false
# port: 389
# baseDNs: ['OU=Users,DC=example,DC=org']
# bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
# bindPassword: TheUserPassword
matrix_mxisd_configuration_extension: "{{ matrix_mxisd_configuration_extension_yaml|from_yaml if matrix_mxisd_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final mxisd configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mxisd_configuration_yaml`.
matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}"
Reference in a new issue View git blame Copy permalink