matrix-docker-ansible-deploy/roles/matrix-ma1sd/defaults/main.yml

202 lines
8.3 KiB
YAML

# ma1sd is a Federated Matrix Identity Server
# See: https://github.com/ma1uta/ma1sd
matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: false
matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.3.0"
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"
matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src"
matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config"
matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data"
# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/8090 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
matrix_ma1sd_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_ma1sd_container_extra_arguments: []
# List of systemd services that matrix-ma1sd.service depends on
matrix_ma1sd_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-ma1sd.service wants
matrix_ma1sd_systemd_wanted_services_list: []
# Your identity server is private by default.
# To ensure maximum discovery, you can make your identity server
# also forward lookups to the central matrix.org Identity server
# (at the cost of potentially leaking all your contacts information).
# Enabling this is discouraged. Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups
matrix_ma1sd_matrixorg_forwarding_enabled: false
# ma1sd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md
matrix_ma1sd_synapsesql_enabled: false
matrix_ma1sd_synapsesql_type: ""
matrix_ma1sd_synapsesql_connection: ""
# Setting up email-sending settings is required for using ma1sd.
matrix_ma1sd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
matrix_ma1sd_threepid_medium_email_connectors_smtp_host: ""
matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 587
matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 1
matrix_ma1sd_threepid_medium_email_connectors_smtp_login: ""
matrix_ma1sd_threepid_medium_email_connectors_smtp_password: ""
# DNS overwrites are useful for telling ma1sd how it can reach the homeserver directly.
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to ma1sd,
# so that ma1sd can rewrite the original URL to one that would reach the homeserver.
matrix_ma1sd_dns_overwrite_enabled: false
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# Override the default email templates
# To use this, fill in the template variables with the full desired template as a multi-line YAML variable
#
# More info:
# https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md
# https://github.com/ma1uta/ma1sd/tree/master/src/main/resources/threepids/email
matrix_ma1sd_threepid_medium_email_custom_templates_enabled: false
matrix_ma1sd_threepid_medium_email_custom_invite_template: ""
matrix_ma1sd_threepid_medium_email_custom_session_validation_template: ""
matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template: ""
matrix_ma1sd_threepid_medium_email_custom_matrixid_template: ""
# Controls whether the self-check feature should validate SSL certificates.
matrix_ma1sd_self_check_validate_certificates: true
# Controls ma1sd logging verbosity for troubleshooting.
#
# According to: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity
matrix_ma1sd_verbose_logging: false
# Default ma1sd configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_ma1sd_configuration_yaml: |
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
v1: true
v2: true
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/ma1sd/sign.key
storage:
backend: {{ matrix_ma1sd_storage_backend }}
provider:
{{ matrix_ma1sd_storage_backend }}:
database: {{ matrix_ma1sd_storage_provider_postgresql_database }}
username: {{ matrix_ma1sd_storage_provider_postgresql_username }}
password: {{ matrix_ma1sd_storage_provider_postgresql_password }}
#storage:
#provider:
# sqlite:
# database: /var/ma1sd/ma1sd.db
{% if matrix_ma1sd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
invite: '/var/ma1sd/invite-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/ma1sd/validate-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/ma1sd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
type: {{ matrix_ma1sd_synapsesql_type }}
connection: {{ matrix_ma1sd_synapsesql_connection }}
lookup:
query: "SELECT user_id AS mxid, medium, address from user_threepid_id_server"
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
hashStorageType: sql
algorithms:
- sha256
delay: 2m
requests: 10
matrix_ma1sd_configuration_extension_yaml: |
# Your custom YAML configuration for ma1sd goes here.
# This configuration extends the default starting configuration (`matrix_ma1sd_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_ma1sd_configuration_yaml`.
#
# Example configuration extension follows:
#
# ldap:
# enabled: true
# connection:
# host: ldapHostnameOrIp
# tls: false
# port: 389
# baseDNs: ['OU=Users,DC=example,DC=org']
# bindDn: CN=My Ma1sd User,OU=Users,DC=example,DC=org
# bindPassword: TheUserPassword
matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final ma1sd configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`.
matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml|from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}"