matrix-docker-ansible-deploy/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml

---
# matrix_ldap_registration_proxy - Want to build a large-scale Matrix server using external registration on LDAP?
# Project source code URL: https://gitlab.com/activism.international/matrix_ldap_registration_proxy

matrix_ldap_registration_proxy_enabled: true

matrix_ldap_registration_proxy_hostname: ''

matrix_ldap_registration_proxy_docker_image: matrix_ldap_registration_proxy
matrix_ldap_registration_proxy_container_image_self_build_repo: "https://gitlab.com/activism.international/matrix_ldap_registration_proxy.git"
matrix_ldap_registration_proxy_container_image_self_build_branch: "{{ matrix_ldap_registration_proxy_version }}"

matrix_ldap_registration_proxy_version: "296246afc6a9b3105e67fcf6621cf05ebc74b873"

matrix_ldap_registration_proxy_base_path: "{{ matrix_base_data_path }}/matrix_ldap_registration_proxy"
# We need the docker src directory to be named matrix_ldap_registration_proxy.
matrix_ldap_registration_proxy_docker_src_files_path: "{{ matrix_ldap_registration_proxy_base_path }}/docker-src/matrix_ldap_registration_proxy"
matrix_ldap_registration_proxy_config_path: "{{ matrix_ldap_registration_proxy_base_path }}/config"

matrix_ldap_registration_proxy_ldap_uri: ""
matrix_ldap_registration_proxy_ldap_base_dn: ""
matrix_ldap_registration_proxy_ldap_user: ""
matrix_ldap_registration_proxy_ldap_password: ""
matrix_ldap_registration_proxy_matrix_server_name: "{{ matrix_domain }}"
matrix_ldap_registration_proxy_matrix_server_url: ""

# Controls whether the self-check feature should validate SSL certificates.
matrix_matrix_ldap_registration_proxy_self_check_validate_certificates: true

matrix_ldap_registration_listen_port: 8080

# Controls whether the matrix_ldap_registration_proxy container exposes its HTTP port (tcp/{{ matrix_ldap_registration_listen_port }} in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8080"), or empty string to not expose.
matrix_ldap_registration_proxy_container_http_host_bind_port: ''

matrix_ldap_registration_proxy_container_network: ""

matrix_ldap_registration_proxy_container_additional_networks: "{{ matrix_ldap_registration_proxy_container_additional_networks_auto + matrix_ldap_registration_proxy_container_additional_networks_custom }}"
matrix_ldap_registration_proxy_container_additional_networks_auto: []
matrix_ldap_registration_proxy_container_additional_networks_custom: []

# matrix_ldap_registration_proxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_ldap_registration_proxy_container_labels_additional_labels`.
matrix_ldap_registration_proxy_container_labels_traefik_enabled: true
matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_ldap_registration_proxy_container_network }}"
matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: web-secure
matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: default  # noqa var-naming

# Controls whether labels will be added that expose ldap-registration-proxy's registration endpoint (matrix_ldap_registration_proxy_container_labels_registration_endpoint_path)
matrix_ldap_registration_proxy_container_labels_registration_endpoint_enabled: true
matrix_ldap_registration_proxy_container_labels_registration_endpoint_hostname: "{{ matrix_ldap_registration_proxy_hostname }}"
matrix_ldap_registration_proxy_container_labels_registration_endpoint_path: "/_matrix/client/{version:(r0|v3)}/register"
matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_rule: "Host(`{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_hostname }}`) && Path(`{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_path }}`)"
matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority: 0
matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints: "{{ matrix_ldap_registration_proxy_container_labels_traefik_entrypoints }}"
matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls: "{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints != 'web' }}"
matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls_certResolver: "{{ matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver }}"  # noqa var-naming

# matrix_ldap_registration_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_ldap_registration_proxy_container_labels_additional_labels: |
#   my.label=1
#   another.label="here"
matrix_ldap_registration_proxy_container_labels_additional_labels: ''

# A list of extra arguments to pass to the container
matrix_ldap_registration_proxy_container_extra_arguments: []

# List of systemd services that matrix-ldap-registration-proxy.service depends on.
matrix_ldap_registration_proxy_systemd_required_services_list: "{{ matrix_ldap_registration_proxy_systemd_required_services_list_default + matrix_ldap_registration_proxy_systemd_required_services_list_auto + matrix_ldap_registration_proxy_systemd_required_services_list_custom }}"
matrix_ldap_registration_proxy_systemd_required_services_list_default: ['docker.service']
matrix_ldap_registration_proxy_systemd_required_services_list_auto: []
matrix_ldap_registration_proxy_systemd_required_services_list_custom: []

# List of systemd services that matrix-ldap-registration-proxy.service wants
matrix_ldap_registration_proxy_systemd_wanted_services_list: "{{ matrix_ldap_registration_proxy_systemd_wanted_services_list_default + matrix_ldap_registration_proxy_systemd_wanted_services_list_auto + matrix_ldap_registration_proxy_systemd_wanted_services_list_custom }}"
matrix_ldap_registration_proxy_systemd_wanted_services_list_default: ['docker.service']
matrix_ldap_registration_proxy_systemd_wanted_services_list_auto: []
matrix_ldap_registration_proxy_systemd_wanted_services_list_custom: []

# Additional environment variables to pass to the LDAP proxy environment variables.
#
# Example:
# matrix_ldap_registration_proxy_env_variables_extension: |
#   KEY=value
matrix_ldap_registration_proxy_env_variables_extension: ''
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00			`---`
			`# matrix_ldap_registration_proxy - Want to build a large-scale Matrix server using external registration on LDAP?`
			`# Project source code URL: https://gitlab.com/activism.international/matrix_ldap_registration_proxy`

Make role enabled in role but turn it off in group vars 2022-09-04 08:53:26 +02:00			`matrix_ldap_registration_proxy_enabled: true`
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`matrix_ldap_registration_proxy_hostname: ''`

Make registration proxy independent of other roles, document (#7) * Make registration proxy independent of other roles, document Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix yml issues Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Remove undefined variable (as service HAS to be exposed Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add registration endpint Defines the registration endpoint that should be intercepted/forwarded to the proxy Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add image name Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> 2022-09-29 18:00:14 +02:00			`matrix_ldap_registration_proxy_docker_image: matrix_ldap_registration_proxy`
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00			`matrix_ldap_registration_proxy_container_image_self_build_repo: "https://gitlab.com/activism.international/matrix_ldap_registration_proxy.git"`
			`matrix_ldap_registration_proxy_container_image_self_build_branch: "{{ matrix_ldap_registration_proxy_version }}"`

			`matrix_ldap_registration_proxy_version: "296246afc6a9b3105e67fcf6621cf05ebc74b873"`

			`matrix_ldap_registration_proxy_base_path: "{{ matrix_base_data_path }}/matrix_ldap_registration_proxy"`
			`# We need the docker src directory to be named matrix_ldap_registration_proxy.`
			`matrix_ldap_registration_proxy_docker_src_files_path: "{{ matrix_ldap_registration_proxy_base_path }}/docker-src/matrix_ldap_registration_proxy"`
			`matrix_ldap_registration_proxy_config_path: "{{ matrix_ldap_registration_proxy_base_path }}/config"`

Avoid cross-referencing of variables in role, move to group vars 2022-09-04 08:56:03 +02:00			`matrix_ldap_registration_proxy_ldap_uri: ""`
			`matrix_ldap_registration_proxy_ldap_base_dn: ""`
			`matrix_ldap_registration_proxy_ldap_user: ""`
			`matrix_ldap_registration_proxy_ldap_password: ""`
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00			`matrix_ldap_registration_proxy_matrix_server_name: "{{ matrix_domain }}"`
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`matrix_ldap_registration_proxy_matrix_server_url: ""`
Make registration proxy independent of other roles, document (#7) * Make registration proxy independent of other roles, document Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix yml issues Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Remove undefined variable (as service HAS to be exposed Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add registration endpint Defines the registration endpoint that should be intercepted/forwarded to the proxy Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add image name Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> 2022-09-29 18:00:14 +02:00
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00			`# Controls whether the self-check feature should validate SSL certificates.`
			`matrix_matrix_ldap_registration_proxy_self_check_validate_certificates: true`

Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`matrix_ldap_registration_listen_port: 8080`

			`# Controls whether the matrix_ldap_registration_proxy container exposes its HTTP port (tcp/{{ matrix_ldap_registration_listen_port }} in the container).`
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00			`#`
			`# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8080"), or empty string to not expose.`
Make registration proxy independent of other roles, document (#7) * Make registration proxy independent of other roles, document Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix yml issues Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Remove undefined variable (as service HAS to be exposed Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add registration endpint Defines the registration endpoint that should be intercepted/forwarded to the proxy Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add image name Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> 2022-09-29 18:00:14 +02:00			`matrix_ldap_registration_proxy_container_http_host_bind_port: ''`
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`matrix_ldap_registration_proxy_container_network: ""`

			`matrix_ldap_registration_proxy_container_additional_networks: "{{ matrix_ldap_registration_proxy_container_additional_networks_auto + matrix_ldap_registration_proxy_container_additional_networks_custom }}"`
			`matrix_ldap_registration_proxy_container_additional_networks_auto: []`
			`matrix_ldap_registration_proxy_container_additional_networks_custom: []`
Redo exposing the service to nginx The Service is now exposed by default on port 8585 and forwarded by nginx to the specified endpoint Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> 2022-09-16 19:16:45 +02:00
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`# matrix_ldap_registration_proxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.`
			# See `../templates/labels.j2` for details.
			`#`
			# To inject your own other container labels, see `matrix_ldap_registration_proxy_container_labels_additional_labels`.
			`matrix_ldap_registration_proxy_container_labels_traefik_enabled: true`
			`matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_ldap_registration_proxy_container_network }}"`
			`matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: web-secure`
			`matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: default # noqa var-naming`

Use Path() intead of PathPrefix() for ldap-registration-proxy endpoint 2024-01-09 12:16:20 +01:00			`# Controls whether labels will be added that expose ldap-registration-proxy's registration endpoint (matrix_ldap_registration_proxy_container_labels_registration_endpoint_path)`
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`matrix_ldap_registration_proxy_container_labels_registration_endpoint_enabled: true`
			`matrix_ldap_registration_proxy_container_labels_registration_endpoint_hostname: "{{ matrix_ldap_registration_proxy_hostname }}"`
Use Path() intead of PathPrefix() for ldap-registration-proxy endpoint 2024-01-09 12:16:20 +01:00			`matrix_ldap_registration_proxy_container_labels_registration_endpoint_path: "/_matrix/client/{version:(r0\|v3)}/register"`
			matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_rule: "Host(`{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_hostname }}`) && Path(`{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_path }}`)"
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority: 0`
			`matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints: "{{ matrix_ldap_registration_proxy_container_labels_traefik_entrypoints }}"`
			`matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls: "{{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints != 'web' }}"`
			`matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls_certResolver: "{{ matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver }}" # noqa var-naming`
Add nginx rewrite for registration 2022-09-04 19:38:27 +02:00
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`# matrix_ldap_registration_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.`
			# See `../templates/labels.j2` for details.
			`#`
			`# Example:`
			`# matrix_ldap_registration_proxy_container_labels_additional_labels: \|`
			`# my.label=1`
			`# another.label="here"`
			`matrix_ldap_registration_proxy_container_labels_additional_labels: ''`
Add nginx rewrite for registration 2022-09-04 19:38:27 +02:00
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00			`# A list of extra arguments to pass to the container`
			`matrix_ldap_registration_proxy_container_extra_arguments: []`

Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`# List of systemd services that matrix-ldap-registration-proxy.service depends on.`
			`matrix_ldap_registration_proxy_systemd_required_services_list: "{{ matrix_ldap_registration_proxy_systemd_required_services_list_default + matrix_ldap_registration_proxy_systemd_required_services_list_auto + matrix_ldap_registration_proxy_systemd_required_services_list_custom }}"`
			`matrix_ldap_registration_proxy_systemd_required_services_list_default: ['docker.service']`
			`matrix_ldap_registration_proxy_systemd_required_services_list_auto: []`
			`matrix_ldap_registration_proxy_systemd_required_services_list_custom: []`
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00
Move matrix-ldap-registration-proxy to its own container network and add native Traefik support This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register` 2024-01-09 10:26:46 +01:00			`# List of systemd services that matrix-ldap-registration-proxy.service wants`
Split matrix_ldap_registration_proxy_systemd_wanted_services_list and update docs a bit 2024-01-09 10:51:15 +01:00			`matrix_ldap_registration_proxy_systemd_wanted_services_list: "{{ matrix_ldap_registration_proxy_systemd_wanted_services_list_default + matrix_ldap_registration_proxy_systemd_wanted_services_list_auto + matrix_ldap_registration_proxy_systemd_wanted_services_list_custom }}"`
			`matrix_ldap_registration_proxy_systemd_wanted_services_list_default: ['docker.service']`
			`matrix_ldap_registration_proxy_systemd_wanted_services_list_auto: []`
			`matrix_ldap_registration_proxy_systemd_wanted_services_list_custom: []`
feat: include matrix_ldap_registration_proxy Fixes: #1144 Signed-off-by: TheOneWithTheBraid <the-one@with-the-braid.cf> 2022-08-21 11:04:47 +02:00
Use a template option for the env with variable extension 2022-09-04 09:09:09 +02:00			`# Additional environment variables to pass to the LDAP proxy environment variables.`
			`#`
			`# Example:`
			`# matrix_ldap_registration_proxy_env_variables_extension: \|`
			`# KEY=value`
			`matrix_ldap_registration_proxy_env_variables_extension: ''`