9a9b7383e9
This change is provoked by a few different things: - #54 (Github Pull Request), which rightfully says that we need a way to support ALL mxisd configuration options easily - the upcoming mxisd 1.3.0 release, which drops support for property-style configuration (dot-notation), forcing us to redo the way we generate the configuration file With this, mxisd is much more easily configurable now and much more easily maintaneable by us in the future (no need to introduce additional playbook variables and logic).
453 lines
20 KiB
YAML
453 lines
20 KiB
YAML
# The bare hostname which represents your identity.
|
|
# This is something like "example.com".
|
|
# Note: this playbook does not touch the server referenced here.
|
|
hostname_identity: "{{ host_specific_hostname_identity|lower }}"
|
|
|
|
# This is where your data lives and what we set up here.
|
|
# This and the Riot hostname (see below) are expected to be on the same server.
|
|
hostname_matrix: "matrix.{{ hostname_identity }}"
|
|
|
|
# This is where you access the web UI from and what we set up here.
|
|
# This and the Matrix hostname (see above) are expected to be on the same server.
|
|
hostname_riot: "riot.{{ hostname_identity }}"
|
|
|
|
|
|
matrix_user_username: "matrix"
|
|
matrix_user_uid: 991
|
|
matrix_user_gid: 991
|
|
|
|
matrix_base_data_path: "/matrix"
|
|
matrix_environment_variables_data_path: "{{ matrix_base_data_path }}/environment-variables"
|
|
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
|
|
|
matrix_homeserver_url: "https://{{ hostname_matrix }}"
|
|
matrix_identity_server_url: "https://{{ matrix_synapse_trusted_third_party_id_servers[0] }}"
|
|
|
|
# The Docker network that all services would be put into
|
|
matrix_docker_network: "matrix"
|
|
|
|
|
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.34.1.1-py3"
|
|
|
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
|
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
|
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
|
|
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
|
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
|
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
|
|
|
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages"
|
|
|
|
# Specifies which template files to use when configuring Synapse.
|
|
# If you'd like to have your own different configuration, feel free to copy and paste
|
|
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
|
|
# and then change the specific host's `vars.yaml` file like this:
|
|
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
|
|
|
|
matrix_synapse_macaroon_secret_key: ""
|
|
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
|
|
# These are the identity servers that would be trusted by Synapse if mxisd is NOT enabled
|
|
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
|
|
|
# These are the identity servers that would be trusted by Synapse if mxisd IS enabled
|
|
matrix_synapse_id_servers_own: "['{{ hostname_matrix }}']"
|
|
|
|
# The final list of identity servers to use for Synapse.
|
|
# The first one would also be used as riot-web's default identity server.
|
|
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_own if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
|
|
|
matrix_synapse_max_upload_size_mb: 10
|
|
matrix_synapse_max_log_file_size_mb: 100
|
|
matrix_synapse_max_log_files_count: 10
|
|
|
|
# Log levels
|
|
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
|
|
# warning: setting log level to DEBUG will make synapse log sensitive information such
|
|
# as access tokens
|
|
matrix_synapse_log_level: "INFO"
|
|
matrix_synapse_storage_sql_log_level: "INFO"
|
|
matrix_synapse_root_log_level: "INFO"
|
|
|
|
# Rate limits
|
|
matrix_synapse_rc_messages_per_second: 0.2
|
|
matrix_synapse_rc_message_burst_count: 10.0
|
|
|
|
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
|
# (things like number of users, number of messages sent, uptime, load, etc.)
|
|
matrix_synapse_report_stats: false
|
|
|
|
# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
|
|
# If users participate in large rooms with many other servers,
|
|
# disabling this will decrease server load significantly.
|
|
matrix_synapse_use_presence: true
|
|
|
|
# Controls whether people with access to the homeserver can register by themselves.
|
|
matrix_synapse_enable_registration: false
|
|
|
|
# Users who register on this homeserver will automatically be joined to these rooms.
|
|
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
|
|
matrix_synapse_auto_join_rooms: []
|
|
|
|
# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created
|
|
# automatically if they don't already exist.
|
|
matrix_synapse_autocreate_auto_join_rooms: true
|
|
|
|
# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup.
|
|
matrix_synapse_password_config_pepper: ""
|
|
|
|
# Controls the number of events that Matrix Synapse caches in memory.
|
|
matrix_synapse_event_cache_size: "100K"
|
|
|
|
# Controls cache sizes for Matrix Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
|
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
|
# To learn more, see:
|
|
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
|
# - https://github.com/matrix-org/synapse/issues/3939
|
|
matrix_synapse_cache_factor: 0.5
|
|
|
|
# Controls whether Matrix Synapse will federate at all.
|
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
|
matrix_synapse_federation_enabled: true
|
|
|
|
# A list of domain names that are allowed to federate with the given Matrix Synapse server.
|
|
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
|
|
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
|
|
matrix_synapse_federation_domain_whitelist: ~
|
|
|
|
# A list of additional "volumes" to mount in the container.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
|
matrix_synapse_container_additional_volumes: []
|
|
|
|
# A list of additional loggers to register in synapse.log.config.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
|
|
matrix_synapse_additional_loggers: []
|
|
|
|
# A list of service config files
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains fs paths
|
|
matrix_synapse_app_service_config_files: []
|
|
|
|
# This is set dynamically during execution depending on whether
|
|
# any password providers have been enabled or not.
|
|
matrix_synapse_password_providers_enabled: false
|
|
|
|
|
|
# Enable this to activate the REST auth password provider module.
|
|
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
|
|
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.1/rest_auth_provider.py"
|
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
|
|
|
# Enable this to activate the Shared Secret Auth password provider module.
|
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
|
|
|
# Enable this to activate LDAP password provider
|
|
matrix_synapse_ext_password_provider_ldap_enabled: false
|
|
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
|
|
matrix_synapse_ext_password_provider_ldap_start_tls: true
|
|
matrix_synapse_ext_password_provider_ldap_base: ""
|
|
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
|
|
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
|
|
matrix_synapse_ext_password_provider_ldap_bind_password: ""
|
|
matrix_synapse_ext_password_provider_ldap_filter: ""
|
|
|
|
|
|
# The defaults below cause a postgres server to be configured (running within a container).
|
|
# Using an external server is possible by tweaking all of the parameters below.
|
|
matrix_postgres_use_external: false
|
|
matrix_postgres_connection_hostname: "matrix-postgres"
|
|
matrix_postgres_connection_username: "synapse"
|
|
matrix_postgres_connection_password: "synapse-password"
|
|
matrix_postgres_db_name: "homeserver"
|
|
|
|
matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres"
|
|
|
|
matrix_postgres_docker_image_v9: "postgres:9.6.11-alpine"
|
|
matrix_postgres_docker_image_v10: "postgres:10.6-alpine"
|
|
matrix_postgres_docker_image_v11: "postgres:11.1-alpine"
|
|
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
|
|
|
|
|
|
matrix_coturn_docker_image: "instrumentisto/coturn:4.5.0.8"
|
|
|
|
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
|
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
|
|
|
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
|
matrix_coturn_turn_static_auth_secret: ""
|
|
|
|
# UDP port-range to use for TURN
|
|
matrix_coturn_turn_udp_min_port: 49152
|
|
matrix_coturn_turn_udp_max_port: 49172
|
|
|
|
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
|
|
|
|
|
|
matrix_s3_media_store_enabled: false
|
|
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
|
matrix_s3_media_store_bucket_name: "your-bucket-name"
|
|
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
|
|
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
|
|
matrix_s3_media_store_region: "eu-central-1"
|
|
|
|
|
|
# By default, this playbook sets up a postfix mailer server (running in a container).
|
|
# This is so that Matrix Synapse can send email reminders for unread messages.
|
|
# Other services (like mxisd), however, also use that mailer to send emails through it.
|
|
matrix_mailer_enabled: true
|
|
|
|
matrix_mailer_docker_image: "panubo/postfix:latest"
|
|
|
|
matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
|
|
matrix_mailer_relay_use: false
|
|
matrix_mailer_relay_host_name: "mail.example.com"
|
|
matrix_mailer_relay_host_port: 587
|
|
matrix_mailer_relay_auth: false
|
|
matrix_mailer_relay_auth_username: ""
|
|
matrix_mailer_relay_auth_password: ""
|
|
|
|
|
|
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`).
|
|
# If you wish to use the public identity servers (matrix.org, vector.im, riot.im) instead of your own,
|
|
# you may wish to disable this.
|
|
matrix_mxisd_enabled: true
|
|
matrix_mxisd_docker_image: "kamax/mxisd:1.2.2"
|
|
matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
|
|
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
|
|
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
|
|
|
|
# Your identity server is private by default.
|
|
# To ensure maximum discovery, you can make your identity server
|
|
# also forward lookups to the central matrix.org Identity server
|
|
# (at the cost of potentially leaking all your contacts information).
|
|
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
|
|
matrix_mxisd_matrixorg_forwarding_enabled: false
|
|
|
|
# mxisd has serveral supported identity stores.
|
|
# One of them (which we enable by default) is storing identities directly in Synapse's database.
|
|
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md
|
|
#
|
|
# If you need to disable this in favor of some other store, you can toggle it to disabled here
|
|
# and add your own mxisd configuration for the other store in `matrix_mxisd_configuration_extension_yaml`.
|
|
matrix_mxisd_synapsesql_enabled: true
|
|
matrix_mxisd_synapsesql_type: postgresql
|
|
matrix_mxisd_synapsesql_connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
|
|
|
|
# Default mxisd configuration template which covers the generic use case.
|
|
# You can customize it by controlling the various variables inside it.
|
|
#
|
|
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
|
|
# or completely replace this variable with your own template.
|
|
matrix_mxisd_configuration_yaml: |
|
|
matrix:
|
|
domain: {{ hostname_identity }}
|
|
|
|
server:
|
|
name: {{ hostname_matrix }}
|
|
|
|
key:
|
|
path: /var/mxisd/sign.key
|
|
|
|
storage:
|
|
provider:
|
|
sqlite:
|
|
database: /var/mxisd/mxisd.db
|
|
|
|
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
|
|
forward:
|
|
servers: ['matrix-org']
|
|
{% endif %}
|
|
|
|
synapseSql:
|
|
enabled: {{ matrix_mxisd_synapsesql_enabled }}
|
|
type: {{ matrix_mxisd_synapsesql_type }}
|
|
connection: {{ matrix_mxisd_synapsesql_connection }}
|
|
|
|
matrix_mxisd_configuration_extension_yaml: |
|
|
# Your custom YAML configuration for mxisd goes here.
|
|
# This configuration extends the default starting configuration (`matrix_mxisd_configuration_yaml`).
|
|
#
|
|
# You can override individual variables from the default configuration, or introduce new ones.
|
|
#
|
|
# If you need something more special, you can take full control by
|
|
# completely redefining `matrix_mxisd_configuration_yaml`.
|
|
#
|
|
# Example configuration extension follows:
|
|
#
|
|
# ldap:
|
|
# enabled: true
|
|
# connection:
|
|
# host: ldapHostnameOrIp
|
|
# tls: false
|
|
# port: 389
|
|
# baseDns: ['OU=Users,DC=example,DC=org']
|
|
# bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
|
|
# bindPassword: TheUserPassword
|
|
|
|
# Doing `|from_yaml` when the extension contains nothing yields an empty string ("").
|
|
# We need to ensure it's a dictionary or `|combine` (when building `matrix_mxisd_configuration`) will fail later.
|
|
matrix_mxisd_configuration_extension: "{{ matrix_mxisd_configuration_extension_yaml|from_yaml if matrix_mxisd_configuration_extension_yaml|from_yaml else {} }}"
|
|
|
|
# Holds the final mxisd configuration (a combination of the default and its extension).
|
|
# You most likely don't need to touch this variable. Instead, see `matrix_mxisd_configuration_yaml`.
|
|
matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}"
|
|
|
|
|
|
# Enable this to add support for matrix-corporal.
|
|
# See: https://github.com/devture/matrix-corporal
|
|
matrix_corporal_enabled: false
|
|
|
|
matrix_corporal_docker_image: "devture/matrix-corporal:1.2.2"
|
|
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
|
|
matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
|
|
matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
|
|
matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
|
|
|
|
matrix_corporal_matrix_timeout_milliseconds: 45000
|
|
|
|
matrix_corporal_reconciliation_retry_interval_milliseconds: 30000
|
|
matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal"
|
|
|
|
matrix_corporal_http_api_enabled: false
|
|
matrix_corporal_http_api_auth_token: ""
|
|
|
|
# Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value)
|
|
matrix_corporal_policy_provider_config: ""
|
|
|
|
matrix_corporal_debug: false
|
|
|
|
|
|
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
|
|
# If you wish to connect to your Matrix server by other means,
|
|
# you may wish to disable this.
|
|
matrix_riot_web_enabled: true
|
|
|
|
matrix_riot_web_docker_image: "avhost/docker-matrix-riot:v0.17.8"
|
|
|
|
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
|
|
|
# Riot config.json customizations
|
|
matrix_riot_web_disable_custom_urls: true
|
|
matrix_riot_web_disable_guests: true
|
|
matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
|
|
matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api"
|
|
matrix_riot_web_integrations_widgets_urls: "https://scalar.vector.im/api"
|
|
matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
|
|
# Riot public room directory server(s)
|
|
matrix_riot_web_roomdir_servers: ['matrix.org']
|
|
matrix_riot_web_welcome_user_id: "@riot-bot:matrix.org"
|
|
|
|
|
|
# Riot home.html customizations
|
|
# Default home.html template file
|
|
matrix_riot_web_homepage_template: "{{ role_path }}/templates/riot-web/home.html.j2"
|
|
# Show general discussion about Matrix and Riot row
|
|
matrix_riot_web_homepage_template_general: true
|
|
# Show Matrix technical discussions row
|
|
matrix_riot_web_homepage_template_technical: true
|
|
# Show building services on Matrix row
|
|
matrix_riot_web_homepage_template_building: true
|
|
# Show contributing code to Matrix and Riot row
|
|
matrix_riot_web_homepage_template_contributing: true
|
|
|
|
# Matrix mautrix is a Matrix <-> Telegram bridge
|
|
# Enable telegram bridge
|
|
matrix_mautrix_telegram_enabled: false
|
|
|
|
matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.4.0"
|
|
|
|
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
|
|
|
# Get your own API keys at https://my.telegram.org/apps
|
|
matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
|
|
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
|
|
# Mautrix telegram public endpoint to log in to telegram
|
|
# Use an uuid so it's not easily discoverable
|
|
matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
|
|
|
|
|
|
# Matrix mautrix is a Matrix <-> Whatsapp bridge
|
|
# Enable whatsapp bridge
|
|
matrix_mautrix_whatsapp_enabled: false
|
|
|
|
matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
|
|
|
|
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
|
|
|
|
|
|
# By default, this playbook sets up its own nginx proxy server on port 80/443.
|
|
# This is fine if you're dedicating the whole server to Matrix.
|
|
# But in case that's not the case, you may wish to prevent that
|
|
# and take care of proxying by yourself.
|
|
matrix_nginx_proxy_enabled: true
|
|
|
|
matrix_nginx_proxy_docker_image: "nginx:1.15.8-alpine"
|
|
|
|
matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
|
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"
|
|
|
|
# The addresses where the Matrix Client API is.
|
|
# Certain extensions (like matrix-corporal) may override this in order to capture all traffic.
|
|
matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container: "matrix-synapse:8008"
|
|
matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:8008"
|
|
|
|
# Specifies when to reload the matrix-nginx-proxy service so that
|
|
# a new SSL certificate could go into effect.
|
|
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
|
|
|
# Specifies which SSL protocols to use when serving Riot and Synapse
|
|
# Note TLSv1.3 is not yet available in dockerized nginx
|
|
# See: https://github.com/nginxinc/docker-nginx/issues/190
|
|
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
|
|
|
|
# By default, this playbook automatically retrieves and auto-renews
|
|
# free SSL certificates from Let's Encrypt.
|
|
#
|
|
# The following retrieval methods are supported:
|
|
# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
|
|
# - "self-signed" - the playbook generates and self-signs certificates
|
|
# - "manually-managed" - lets you manage certificates by yourself (manually; see below)
|
|
#
|
|
# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
|
|
# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
|
|
# obeying the following hierarchy:
|
|
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
|
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
|
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
|
matrix_ssl_retrieval_method: "lets-encrypt"
|
|
|
|
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
|
matrix_ssl_lets_encrypt_staging: false
|
|
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
|
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
|
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
|
|
|
|
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
|
|
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
|
|
matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
|
|
|
|
# Variables to Control which parts of the role run.
|
|
run_setup: true
|
|
run_import_postgres: true
|
|
run_upgrade_postgres: true
|
|
run_start: true
|
|
run_register_user: true
|
|
run_import_sqlite_db: true
|
|
run_import_media_store: true
|
|
run_self_check: true
|