2024-10-19 13:31:14 +02:00
---
# matrix-authentication-service (MAS) is an OAuth 2.0 and OpenID Provider server for Matrix.
# Project source code URL: https://github.com/element-hq/matrix-authentication-service
matrix_authentication_service_enabled : true
matrix_authentication_service_hostname : ''
# Controls the path prefix for the authentication service.
# This value must either be `/` or not end with a slash (e.g. `/auth`).
matrix_authentication_service_path_prefix : /
matrix_authentication_service_container_image_self_build : false
matrix_authentication_service_container_repo : "https://github.com/element-hq/matrix-authentication-service.git"
matrix_authentication_service_container_repo_version : "{{ 'main' if matrix_authentication_service_version == 'latest' else ('v' + matrix_authentication_service_version) }}"
matrix_authentication_service_container_src_files_path : "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version : 0.12 .0
matrix_authentication_service_container_image : "{{ matrix_authentication_service_container_image_name_prefix }}element-hq/matrix-authentication-service:{{ matrix_authentication_service_version }}"
matrix_authentication_service_container_image_name_prefix : "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else 'ghcr.io/' }}"
matrix_authentication_service_container_image_force_pull : "{{ matrix_authentication_service_container_image.endswith(':latest') }}"
matrix_authentication_service_base_path : "{{ matrix_base_data_path }}/matrix-authentication-service"
matrix_authentication_service_bin_path : "{{ matrix_authentication_service_base_path }}/bin"
matrix_authentication_service_config_path : "{{ matrix_authentication_service_base_path }}/config"
matrix_authentication_service_data_path : "{{ matrix_authentication_service_base_path }}/data"
matrix_authentication_service_data_keys_path : "{{ matrix_authentication_service_data_path }}/keys"
matrix_authentication_service_uid : "{{ matrix_user_uid }}"
matrix_authentication_service_gid : "{{ matrix_user_gid }}"
matrix_authentication_service_container_network : ""
matrix_authentication_service_container_additional_networks : "{{ matrix_authentication_service_container_additional_networks_auto + matrix_authentication_service_container_additional_networks_custom }}"
matrix_authentication_service_container_additional_networks_auto : [ ]
matrix_authentication_service_container_additional_networks_custom : [ ]
# A list of extra arguments to pass to the container
matrix_authentication_service_container_extra_arguments : [ ]
# List of systemd services that matrix-authentication-service.service depends on
matrix_authentication_service_systemd_required_services_list : "{{ matrix_authentication_service_systemd_required_services_list_default + matrix_authentication_service_systemd_required_services_list_auto + matrix_authentication_service_systemd_required_services_list_custom }}"
matrix_authentication_service_systemd_required_services_list_default : "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_authentication_service_systemd_required_services_list_auto : [ ]
matrix_authentication_service_systemd_required_services_list_custom : [ ]
# List of systemd services that matrix-authentication-service.service wants
matrix_authentication_service_systemd_wanted_services_list : "{{ matrix_authentication_service_systemd_wanted_services_list_auto + matrix_authentication_service_systemd_wanted_services_list_custom }}"
matrix_authentication_service_systemd_wanted_services_list_auto : [ ]
matrix_authentication_service_systemd_wanted_services_list_custom : [ ]
########################################################################################
# #
# Key management #
# #
########################################################################################
# Controls whether the playbook will manage the secrets keys for you.
#
# See:
# - matrix_authentication_service_config_secrets_keys
# - matrix_authentication_service_key_management_*
matrix_authentication_service_key_management_enabled : true
matrix_authentication_service_key_management_list : "{{ matrix_authentication_service_key_management_list_default + matrix_authentication_service_key_management_list_custom }}"
matrix_authentication_service_key_management_list_default : |-
{{
(
([
{
"config": {
"kid": matrix_authentication_service_key_management_rsa_2048_key_id,
"key_file": ("/keys/" + matrix_authentication_service_key_management_rsa_2048_key_file),
},
"key_file": matrix_authentication_service_key_management_rsa_2048_key_file,
"generation_command": matrix_authentication_service_key_management_rsa_2048_generation_command,
}
] if matrix_authentication_service_key_management_rsa_2048_enabled else [])
+
([
{
"config": {
"kid": matrix_authentication_service_key_management_ecdsa_p256_key_id,
"key_file": ("/keys/" + matrix_authentication_service_key_management_ecdsa_p256_key_file),
},
"key_file": matrix_authentication_service_key_management_ecdsa_p256_key_file,
"generation_command": matrix_authentication_service_key_management_ecdsa_p256_generation_command,
}
] if matrix_authentication_service_key_management_ecdsa_p256_enabled else [])
+
([
{
"config": {
"kid": matrix_authentication_service_key_management_ecdsa_p384_key_id,
"key_file": ("/keys/" + matrix_authentication_service_key_management_ecdsa_p384_key_file),
},
"key_file": matrix_authentication_service_key_management_ecdsa_p384_key_file,
"generation_command": matrix_authentication_service_key_management_ecdsa_p384_generation_command,
}
] if matrix_authentication_service_key_management_ecdsa_p384_enabled else [])
+
([
{
"config": {
"kid": matrix_authentication_service_key_management_ecdsa_k256_key_id,
"key_file": ("/keys/" + matrix_authentication_service_key_management_ecdsa_k256_key_file),
},
"key_file": matrix_authentication_service_key_management_ecdsa_k256_key_file,
"generation_command": matrix_authentication_service_key_management_ecdsa_k256_generation_command,
}
] if matrix_authentication_service_key_management_ecdsa_k256_enabled else [])
)
if matrix_authentication_service_key_management_enabled
else []
}}
matrix_authentication_service_key_management_list_custom : [ ]
matrix_authentication_service_key_management_rsa_2048_enabled : true
matrix_authentication_service_key_management_rsa_2048_key_id : default-rsa
matrix_authentication_service_key_management_rsa_2048_key_file : rsa-2048.priv.pem
matrix_authentication_service_key_management_rsa_2048_generation_command : "openssl genpkey -algorithm RSA -out __KEY_FILE_PATH__ -pkeyopt rsa_keygen_bits:2048"
matrix_authentication_service_key_management_ecdsa_p256_enabled : true
matrix_authentication_service_key_management_ecdsa_p256_key_id : default-ecdsa-p256
matrix_authentication_service_key_management_ecdsa_p256_key_file : ecdsa-p256.priv.pem
matrix_authentication_service_key_management_ecdsa_p256_generation_command : "openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out __KEY_FILE_PATH__ -outform PEM"
matrix_authentication_service_key_management_ecdsa_p384_enabled : true
matrix_authentication_service_key_management_ecdsa_p384_key_id : default-ecdsa-p384
matrix_authentication_service_key_management_ecdsa_p384_key_file : ecdsa-p384.priv.pem
matrix_authentication_service_key_management_ecdsa_p384_generation_command : "openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp384r1 -out __KEY_FILE_PATH__ -outform PEM"
matrix_authentication_service_key_management_ecdsa_k256_enabled : true
matrix_authentication_service_key_management_ecdsa_k256_key_id : default-ecdsa-k256
matrix_authentication_service_key_management_ecdsa_k256_key_file : ecdsa-k256.priv.pem
matrix_authentication_service_key_management_ecdsa_k256_generation_command : "openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp256k1 -out __KEY_FILE_PATH__ -outform PEM"
########################################################################################
# #
# /Key management #
# #
########################################################################################
########################################################################################
# #
# Email configuration #
# #
########################################################################################
# Controls the `email.from` configuration setting.
matrix_authentication_service_config_email_from : '"{{ matrix_authentication_service_config_email_from_name }}" <{{ matrix_authentication_service_config_email_from_address }}>'
matrix_authentication_service_config_email_from_name : 'Matrix Authentication Service'
matrix_authentication_service_config_email_from_address : "matrix@{{ matrix_domain }}"
# Controls the `email.reply_to` configuration setting.
matrix_authentication_service_config_email_reply_to : '"{{ matrix_authentication_service_config_email_reply_to_name }}" <{{ matrix_authentication_service_config_email_reply_to_address }}>'
matrix_authentication_service_config_email_reply_to_name : "{{ matrix_authentication_service_config_email_from_name }}"
matrix_authentication_service_config_email_reply_to_address : "{{ matrix_authentication_service_config_email_from_address }}"
# Controls the `email.transport` configuration setting.
#
# Valid options are: blackhole, smtp, aws_ses
# Upstream reports that `sendmail` is supported as well,
# but this is not true when running it in a container image due to the `sendmail` binary not being included.
matrix_authentication_service_config_email_transport : blackhole
# Controls the `email.mode` configuration setting for SMTP.
# Options are 'plain', 'tls', or 'starttls'.
matrix_authentication_service_config_email_mode : plain
# Controls the `email.hostname` configuration setting for SMTP.
matrix_authentication_service_config_email_hostname : ""
# Controls the `email.port` configuration setting for SMTP.
matrix_authentication_service_config_email_port : 587
# Controls the `email.username` configuration setting for SMTP.
matrix_authentication_service_config_email_username : ""
# Controls the `email.password` configuration setting for SMTP.
matrix_authentication_service_config_email_password : ""
########################################################################################
# #
# /Email configuration #
# #
########################################################################################
########################################################################################
# #
# Account configuration #
# #
########################################################################################
# Controls the `account.email_change_allowed` configuration setting.
#
# Whether users are allowed to change their email addresses.
matrix_authentication_service_config_account_email_change_allowed : true
# Controls the `account.displayname_change_allowed` configuration setting.
#
# Whether users are allowed to change their display names.
# This should be in sync with the policy in the homeserver configuration.
matrix_authentication_service_config_account_displayname_change_allowed : true
# Controls the `account.password_registration_enabled` configuration setting.
#
# Whether to enable self-service password registration.
# This has no effect if password login is disabled.
matrix_authentication_service_config_account_password_registration_enabled : false
# Controls the `account.password_change_allowed` configuration setting.
#
# Whether users are allowed to change their passwords.
# This has no effect if password login is disabled.
matrix_authentication_service_config_account_password_change_allowed : true
# Controls the `account.password_recovery_enabled` configuration setting.
#
# Whether email-based password recovery is enabled
# This has no effect if password login is disabled.
matrix_authentication_service_config_account_password_recovery_enabled : false
########################################################################################
# #
# /Account configuration #
# #
########################################################################################
########################################################################################
# #
# Database configuration #
# #
########################################################################################
# Controls the `database.username` configuration setting.
matrix_authentication_service_config_database_username : 'matrix_authentication_service'
# Controls the `database.password` configuration setting.
matrix_authentication_service_config_database_password : ''
# Controls the `database.host` configuration setting.
matrix_authentication_service_config_database_host : ''
# Controls the `database.port` configuration setting.
matrix_authentication_service_config_database_port : 5432
# Controls the `database.database` configuration setting.
matrix_authentication_service_config_database_database : 'matrix_authentication_service'
# Controls the `database.ssl_mode` configuration setting.
matrix_authentication_service_config_database_ssl_mode : disable
# Controls the `database.max_connections` configuration setting.
matrix_authentication_service_config_database_max_connections : 10
# Controls the `database.min_connections` configuration setting.
matrix_authentication_service_config_database_min_connections : 0
# Controls the `database.connect_timeout` configuration setting.
matrix_authentication_service_config_database_connect_timeout : 30
# Controls the `database.idle_timeout` configuration setting.
matrix_authentication_service_config_database_idle_timeout : 600
# Controls the `database.max_lifetime` configuration setting.
matrix_authentication_service_config_database_max_lifetime : 1800
########################################################################################
# #
# /Database configuration #
# #
########################################################################################
########################################################################################
# #
# Secrets configuration #
# #
########################################################################################
# Controls the `secrets.encryption` configuration setting.
matrix_authentication_service_config_secrets_encryption : ''
# Controls the `secrets.keys` configuration setting.
matrix_authentication_service_config_secrets_keys : |-
{{
matrix_authentication_service_key_management_list | map(attribute='config') | list
if matrix_authentication_service_key_management_enabled
else []
}}
########################################################################################
# #
# /Secrets configuration #
# #
########################################################################################
########################################################################################
# #
# HTTP configuration #
# #
########################################################################################
# Controls the `http.public_base` configuration setting.
matrix_authentication_service_config_http_public_base : "https://{{ matrix_authentication_service_hostname }}{{ '/' if matrix_authentication_service_path_prefix == '/' else (matrix_authentication_service_path_prefix + '/') }}"
# Controls the `http.issuer` configuration setting.
matrix_authentication_service_config_http_issuer : "{{ matrix_authentication_service_config_http_public_base }}"
# Controls the `http.trusted_proxies` configuration setting.
matrix_authentication_service_config_http_trusted_proxies :
- 192.168 .0 .0 /16
- 172.16 .0 .0 /12
- 10.0 .0 .0 /10
- 127.0 .0 .1 /8
- fd00::/8
- : : 1 /128
########################################################################################
# #
# /HTTP configuration #
# #
########################################################################################
########################################################################################
# #
# Matrix configuration #
# #
########################################################################################
# Controls the `matrix.homeserver` configuration setting.
# The homeserver name, as per the `server_name` in the Synapse configuration file.
matrix_authentication_service_config_matrix_homeserver : ""
# Controls the `matrix.endpoint` configuration setting.
# URL to which the homeserver is accessible from the service
matrix_authentication_service_config_matrix_endpoint : ""
# Controls the `matrix.secret` configuration setting.
matrix_authentication_service_config_matrix_secret : ""
########################################################################################
# #
# /Matrix configuration #
# #
########################################################################################
########################################################################################
# #
# Passwords configuration #
# #
########################################################################################
# Controls the `passwords.enabled` configuration setting.
# Whether to enable the password database.
# If disabled, users will only be able to log in using upstream OIDC providers
matrix_authentication_service_config_passwords_enabled : true
# Controls the `passwords.schemes` configuration setting.
# List of password hashing schemes being used.
# Only change this if you know what you're doing
matrix_authentication_service_config_passwords_schemes :
- version : 1
algorithm : argon2id
# Controls the `passwords.minimum_complexity` configuration setting.
# Minimum complexity required for passwords, estimated by the zxcvbn algorithm
# Must be between 0 and 4, default is 3
# See https://github.com/dropbox/zxcvbn#usage for more information
matrix_authentication_service_config_passwords_minimum_complexity : 3
########################################################################################
# #
# /Passwords configuration #
# #
########################################################################################
########################################################################################
# #
# Clients configuration #
# #
########################################################################################
# Controls the `clients` configuration setting.
# List of clients to be used by the authentication service.
#
# See:
# - https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#clients
# - https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html#provision-a-client-for-the-homeserver-to-use
#
# To define your own, use `matrix_authentication_service_config_clients_custom`.
matrix_authentication_service_config_clients : "{{ matrix_authentication_service_config_clients_auto + matrix_authentication_service_config_clients_custom }}"
matrix_authentication_service_config_clients_auto : [ ]
matrix_authentication_service_config_clients_custom : [ ]
########################################################################################
# #
# /Clients configuration #
# #
########################################################################################
########################################################################################
# #
# Upstream OAuth2 configuration #
# #
########################################################################################
# Controls the `upstream_oauth2.providers` configuration setting.
# See:
# - https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#upstream_oauth2providers
matrix_authentication_service_config_upstream_oauth2_providers : [ ]
########################################################################################
# #
# /Upstream OAuth2 configuration #
# #
########################################################################################
# Holds the final Matrix Authentication Service configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_authentication_service_configuration_yaml` or `matrix_authentication_service_configuration_extension_yaml`.
matrix_authentication_service_configuration : "{{ matrix_authentication_service_configuration_yaml | from_yaml | combine(matrix_authentication_service_configuration_extension, recursive=True) }}"
# Default Matrix Authentication Service configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_authentication_service_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_authentication_service_configuration_yaml : "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_authentication_service_configuration_extension_yaml : |
# Your custom YAML configuration for Matrix Authentication Service goes here.
# This configuration extends the default starting configuration (`matrix_authentication_service_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_authentication_service_configuration_yaml`.
#
# Example configuration extension follows:
#
# user:
# password: something
matrix_authentication_service_configuration_extension : "{{ matrix_authentication_service_configuration_extension_yaml | from_yaml if matrix_authentication_service_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Additional environment variables to pass to the Matrix Authentication Service container.
#
# Environment variables take priority over settings in the configuration file.
#
# Example:
# matrix_authentication_service_environment_variables_extension: |
# KEY=value
matrix_authentication_service_environment_variables_extension : ''
########################################################################################
# #
# Labels #
# #
########################################################################################
# matrix_authentication_service_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_authentication_service_container_labels_additional_labels`.
matrix_authentication_service_container_labels_traefik_enabled : true
matrix_authentication_service_container_labels_traefik_docker_network : "{{ matrix_authentication_service_container_network }}"
matrix_authentication_service_container_labels_traefik_entrypoints : web-secure
matrix_authentication_service_container_labels_traefik_tls_certResolver : default # noqa var-naming
matrix_authentication_service_container_labels_public_main_hostname : "{{ matrix_authentication_service_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/auth`).
matrix_authentication_service_container_labels_public_main_path_prefix : "{{ matrix_authentication_service_path_prefix }}"
matrix_authentication_service_container_labels_public_main_rule : "Host(`{{ matrix_authentication_service_container_labels_public_main_hostname }}`){% if matrix_authentication_service_container_labels_public_main_path_prefix != '/' %} && PathPrefix(`{{ matrix_authentication_service_container_labels_public_main_path_prefix }}`){% endif %}"
matrix_authentication_service_container_labels_public_main_priority : 0
matrix_authentication_service_container_labels_public_main_entrypoints : "{{ matrix_authentication_service_container_labels_traefik_entrypoints }}"
matrix_authentication_service_container_labels_public_main_tls : "{{ matrix_authentication_service_container_labels_public_main_entrypoints != 'web' }}"
matrix_authentication_service_container_labels_public_main_tls_certResolver : "{{ matrix_authentication_service_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added to expose the compatibility layer publicly.
#
# The service exposes a compatibility layer to allow legacy clients to authenticate using the service.
# This works by exposing a few Matrix endpoints that should be proxied to the service.
# The following Matrix Client-Server API endpoints need to be handled by the authentication service:
# - /_matrix/client/*/login
# - /_matrix/client/*/logout
# - /_matrix/client/*/refresh
#
# See:
# - https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html#set-up-the-compatibility-layer
# - https://element-hq.github.io/matrix-authentication-service/setup/reverse-proxy.html#compatibility-layer
#
# Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
# See `matrix_authentication_service_container_labels_traefik_enabled`
matrix_authentication_service_container_labels_public_compatibility_layer_enabled : false
matrix_authentication_service_container_labels_public_compatibility_layer_hostname : ""
matrix_authentication_service_container_labels_public_compatibility_layer_path_regexp : "^/_matrix/client/(?P<version>([^/]+))/(?P<endpoint>(login|logout|refresh))"
matrix_authentication_service_container_labels_public_compatibility_layer_rule : "Host(`{{ matrix_authentication_service_container_labels_public_compatibility_layer_hostname }}`) && PathRegexp(`{{ matrix_authentication_service_container_labels_public_compatibility_layer_path_regexp }}`)"
matrix_authentication_service_container_labels_public_compatibility_layer_priority : 0
matrix_authentication_service_container_labels_public_compatibility_layer_entrypoints : "{{ matrix_authentication_service_container_labels_traefik_entrypoints }}"
matrix_authentication_service_container_labels_public_compatibility_layer_tls : "{{ matrix_authentication_service_container_labels_public_compatibility_layer_entrypoints != 'web' }}"
matrix_authentication_service_container_labels_public_compatibility_layer_tls_certResolver : "{{ matrix_authentication_service_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added to expose the compatibility layer on the internal Traefik entrypoint.
# This is similar to `matrix_authentication_service_container_labels_public_compatibility_layer_enabled`, but the entrypoint and intent is different.
# Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
# See `matrix_authentication_service_container_labels_traefik_enabled`
matrix_authentication_service_container_labels_internal_compatibility_layer_enabled : false
matrix_authentication_service_container_labels_internal_compatibility_layer_path_regexp : "{{ matrix_authentication_service_container_labels_public_compatibility_layer_path_regexp }}"
matrix_authentication_service_container_labels_internal_compatibility_layer_rule : "PathRegexp(`{{ matrix_authentication_service_container_labels_internal_compatibility_layer_path_regexp }}`)"
matrix_authentication_service_container_labels_internal_compatibility_layer_priority : 0
matrix_authentication_service_container_labels_internal_compatibility_layer_entrypoints : ""
# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_authentication_service_container_labels_traefik_additional_response_headers_custom`
matrix_authentication_service_container_labels_traefik_additional_response_headers : "{{ matrix_authentication_service_container_labels_traefik_additional_response_headers_auto | combine(matrix_authentication_service_container_labels_traefik_additional_response_headers_custom) }}"
matrix_authentication_service_container_labels_traefik_additional_response_headers_auto : {}
matrix_authentication_service_container_labels_traefik_additional_response_headers_custom : {}
# matrix_authentication_service_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_authentication_service_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_authentication_service_container_labels_additional_labels : ''
########################################################################################
# #
# /Labels #
# #
########################################################################################
########################################################################################
# #
# syn2mas configuration #
# #
########################################################################################
matrix_authentication_service_syn2mas_start_wait_time_seconds : 5
matrix_authentication_service_syn2mas_dry_run : false
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service/syn2mas
matrix_authentication_service_syn2mas_version : 0.12 .0
matrix_authentication_service_syn2mas_container_image : "{{ matrix_authentication_service_container_image_name_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}"
matrix_authentication_service_syn2mas_container_image_name_prefix : "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else 'ghcr.io/' }}"
matrix_authentication_service_syn2mas_container_image_force_pull : "{{ matrix_authentication_service_syn2mas_container_image.endswith(':latest') }}"
matrix_authentication_service_syn2mas_container_image_self_build : "{{ matrix_authentication_service_container_image_self_build }}"
matrix_authentication_service_syn2mas_container_network : "{{ matrix_authentication_service_container_network }}"
# Path to Synapse's homeserver.yaml configuration file.
matrix_authentication_service_syn2mas_synapse_homeserver_config_path : ""
2024-10-21 10:33:36 +02:00
# Additional arguments passed to the syn2mas process.
#
# Example:
# matrix_authentication_service_syn2mas_process_extra_arguments:
# - "--upstreamProviderMapping oidc-keycloak:01H8PKNWKKRPCBW4YGH1RWV279"
matrix_authentication_service_syn2mas_process_extra_arguments : [ ]
2024-10-19 13:31:14 +02:00
########################################################################################
# #
# /syn2mas configuration #
# #
########################################################################################
########################################################################################
# #
# Misc #
# #
########################################################################################
# Controls whether a migration from a homeserver user database to Matrix Authentication Service is in progress.
#
# When this is set to `true`, the playbook will:
#
# - disable the integration between the homeserver and Matrix Authentication Service
# - avoid setting up the "compatibility layer" (that is, avoid installing container labels that capture login endpoints like `/_matrix/client/*/login`, etc.)
matrix_authentication_service_migration_in_progress : false
########################################################################################
# #
# /Misc #
# #
########################################################################################
