matrix-docker-ansible-deploy/roles/custom/matrix-conduwuit/defaults/main.yml

---
# Conduwuit is a fork of Conduit, powered by Matrix
# Project source code URL: https://github.com/girlbossceo/conduwuit
# See: https://conduwuit.puppyirl.gay/

matrix_conduwuit_enabled: true

matrix_conduwuit_hostname: ''

matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_name_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}"
matrix_conduwuit_docker_image_name_prefix: "docker.io/"
# renovate: datasource=docker depName=matrixconduwuit/matrix-conduwuit
matrix_conduwuit_docker_image_tag: "main"
matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}"

matrix_conduwuit_base_path: "{{ matrix_base_data_path }}/conduwuit"
matrix_conduwuit_config_path: "{{ matrix_conduwuit_base_path }}/config"
matrix_conduwuit_data_path: "{{ matrix_conduwuit_base_path }}/data"

matrix_conduwuit_port_number: 6167

matrix_conduwuit_tmp_directory_size_mb: 500

# List of systemd services that matrix-conduwuit.service depends on
matrix_conduwuit_systemd_required_services_list: "{{ matrix_conduwuit_systemd_required_services_list_default + matrix_conduwuit_systemd_required_services_list_auto + matrix_conduwuit_systemd_required_services_list_custom }}"
matrix_conduwuit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_conduwuit_systemd_required_services_list_auto: []
matrix_conduwuit_systemd_required_services_list_custom: []

# List of systemd services that matrix-conduwuit.service wants
matrix_conduwuit_systemd_wanted_services_list: []

# Controls how long to sleep for after starting the matrix-synapse container.
#
# Delaying, so that the homeserver can manage to fully start and various services
# that depend on it (`matrix_conduwuit_systemd_required_services_list` and `matrix_conduwuit_systemd_wanted_services_list`)
# may only start after the homeserver is up and running.
#
# This can be set to 0 to remove the delay.
matrix_conduwuit_systemd_service_post_start_delay_seconds: 3

# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_conduwuit_container_network: ""

# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_conduwuit_container_additional_networks: "{{ matrix_conduwuit_container_additional_networks_auto + matrix_conduwuit_container_additional_networks_custom }}"
matrix_conduwuit_container_additional_networks_auto: []
matrix_conduwuit_container_additional_networks_custom: []

# matrix_conduwuit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_conduwuit_container_labels_additional_labels`.
matrix_conduwuit_container_labels_traefik_enabled: true
matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_conduwuit_container_network }}"
matrix_conduwuit_container_labels_traefik_entrypoints: web-secure
matrix_conduwuit_container_labels_traefik_tls_certResolver: default  # noqa var-naming

# Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint.
matrix_conduwuit_container_labels_public_client_root_enabled: true
matrix_conduwuit_container_labels_public_client_root_traefik_hostname: "{{ matrix_conduwuit_hostname }}"
matrix_conduwuit_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)"
matrix_conduwuit_container_labels_public_client_root_traefik_priority: 0
matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}"
matrix_conduwuit_container_labels_public_client_root_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints != 'web' }}"
matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
matrix_conduwuit_container_labels_public_client_root_redirection_enabled: false
matrix_conduwuit_container_labels_public_client_root_redirection_url: ""

# Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint.
matrix_conduwuit_container_labels_public_client_api_enabled: true
matrix_conduwuit_container_labels_public_client_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}"
matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix: /_matrix
matrix_conduwuit_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}`)"
matrix_conduwuit_container_labels_public_client_api_traefik_priority: 0
matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}"
matrix_conduwuit_container_labels_public_client_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints != 'web' }}"
matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}"  # noqa var-naming

# Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint.
# This is similar to `matrix_conduwuit_container_labels_public_client_api_enabled`, but the entrypoint and intent is different.
matrix_conduwuit_container_labels_internal_client_api_enabled: false
matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}"
matrix_conduwuit_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix }}`)"
matrix_conduwuit_container_labels_internal_client_api_traefik_priority: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }}"
matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: ""

# Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint.
matrix_conduwuit_container_labels_public_federation_api_enabled: "{{ matrix_conduwuit_allow_federation }}"
matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}"
matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix: /_matrix
matrix_conduwuit_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix }}`)"
matrix_conduwuit_container_labels_public_federation_api_traefik_priority: 0
matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: ''
# TLS is force-enabled here, because the spec (https://spec.matrix.org/v1.9/server-server-api/#tls) says that the federation API must use HTTPS.
matrix_conduwuit_container_labels_public_federation_api_traefik_tls: true
matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}"  # noqa var-naming

# matrix_conduwuit_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_conduwuit_container_labels_additional_labels: |
#   my.label=1
#   another.label="here"
matrix_conduwuit_container_labels_additional_labels: ''

# Extra arguments for the Docker container
matrix_conduwuit_container_extra_arguments: []

# Specifies which template files to use when configuring conduwuit.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/matrix.example.com/`)
# and then change the specific host's `vars.yml` file like this:
# matrix_conduwuit_template_conduwuit_config: "{{ playbook_dir }}/inventory/host_vars/matrix.example.com/conduwuit.toml.j2"
matrix_conduwuit_template_conduwuit_config: "{{ role_path }}/templates/conduwuit.toml.j2"

# Max size for uploads, in bytes
matrix_conduwuit_max_request_size: 20_000_000

# Maximum number of open files for conduwuit's embedded RocksDB database
# See https://github.com/facebook/rocksdb/wiki/RocksDB-Tuning-Guide#tuning-other-options
# By default, conduwuit uses a relatively low value of 20.
matrix_conduwuit_rocksdb_max_open_files: 64

# Enables registration. If set to false, no users can register on this server.
matrix_conduwuit_allow_registration: false

matrix_conduwuit_allow_federation: true

# Enable the display name lightning bolt on registration.
matrix_conduwuit_enable_lightning_bolt: true

matrix_conduwuit_trusted_servers:
 - "matrix.org"

# How many requests conduwuit sends to other servers at the same time
matrix_conduwuit_max_concurrent_requests: 100

# TURN integration.
# See: https://gitlab.com/famedly/conduwuit/-/blob/next/TURN.md
matrix_conduwuit_turn_uris: []
matrix_conduwuit_turn_secret: ''
matrix_conduwuit_turn_username: ''
matrix_conduwuit_turn_password: ''
initial conduwuit support 2025-01-19 13:19:08 +01:00			`---`
			`# Conduwuit is a fork of Conduit, powered by Matrix`
			`# Project source code URL: https://github.com/girlbossceo/conduwuit`
			`# See: https://conduwuit.puppyirl.gay/`

			`matrix_conduwuit_enabled: true`

			`matrix_conduwuit_hostname: ''`

			`matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_name_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}"`
			`matrix_conduwuit_docker_image_name_prefix: "docker.io/"`
			`# renovate: datasource=docker depName=matrixconduwuit/matrix-conduwuit`
			`matrix_conduwuit_docker_image_tag: "main"`
			`matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}"`

			`matrix_conduwuit_base_path: "{{ matrix_base_data_path }}/conduwuit"`
			`matrix_conduwuit_config_path: "{{ matrix_conduwuit_base_path }}/config"`
			`matrix_conduwuit_data_path: "{{ matrix_conduwuit_base_path }}/data"`

			`matrix_conduwuit_port_number: 6167`

			`matrix_conduwuit_tmp_directory_size_mb: 500`

			`# List of systemd services that matrix-conduwuit.service depends on`
			`matrix_conduwuit_systemd_required_services_list: "{{ matrix_conduwuit_systemd_required_services_list_default + matrix_conduwuit_systemd_required_services_list_auto + matrix_conduwuit_systemd_required_services_list_custom }}"`
			`matrix_conduwuit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"`
			`matrix_conduwuit_systemd_required_services_list_auto: []`
			`matrix_conduwuit_systemd_required_services_list_custom: []`

			`# List of systemd services that matrix-conduwuit.service wants`
			`matrix_conduwuit_systemd_wanted_services_list: []`

			`# Controls how long to sleep for after starting the matrix-synapse container.`
			`#`
			`# Delaying, so that the homeserver can manage to fully start and various services`
			# that depend on it (`matrix_conduwuit_systemd_required_services_list` and `matrix_conduwuit_systemd_wanted_services_list`)
			`# may only start after the homeserver is up and running.`
			`#`
			`# This can be set to 0 to remove the delay.`
			`matrix_conduwuit_systemd_service_post_start_delay_seconds: 3`

			`# The base container network. It will be auto-created by this role if it doesn't exist already.`
			`matrix_conduwuit_container_network: ""`

			`# A list of additional container networks that the container would be connected to.`
			`# The role does not create these networks, so make sure they already exist.`
			`# Use this to expose this container to another reverse proxy, which runs in a different container network.`
			`matrix_conduwuit_container_additional_networks: "{{ matrix_conduwuit_container_additional_networks_auto + matrix_conduwuit_container_additional_networks_custom }}"`
			`matrix_conduwuit_container_additional_networks_auto: []`
			`matrix_conduwuit_container_additional_networks_custom: []`

			`# matrix_conduwuit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.`
			# See `../templates/labels.j2` for details.
			`#`
			# To inject your own other container labels, see `matrix_conduwuit_container_labels_additional_labels`.
			`matrix_conduwuit_container_labels_traefik_enabled: true`
			`matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_conduwuit_container_network }}"`
			`matrix_conduwuit_container_labels_traefik_entrypoints: web-secure`
			`matrix_conduwuit_container_labels_traefik_tls_certResolver: default # noqa var-naming`

			`# Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint.`
			`matrix_conduwuit_container_labels_public_client_root_enabled: true`
			`matrix_conduwuit_container_labels_public_client_root_traefik_hostname: "{{ matrix_conduwuit_hostname }}"`
			matrix_conduwuit_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)"
			`matrix_conduwuit_container_labels_public_client_root_traefik_priority: 0`
			`matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}"`
			`matrix_conduwuit_container_labels_public_client_root_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints != 'web' }}"`
			`matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming`
			`matrix_conduwuit_container_labels_public_client_root_redirection_enabled: false`
			`matrix_conduwuit_container_labels_public_client_root_redirection_url: ""`

			`# Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint.`
			`matrix_conduwuit_container_labels_public_client_api_enabled: true`
			`matrix_conduwuit_container_labels_public_client_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}"`
			`matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix: /_matrix`
			matrix_conduwuit_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}`)"
			`matrix_conduwuit_container_labels_public_client_api_traefik_priority: 0`
			`matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}"`
			`matrix_conduwuit_container_labels_public_client_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints != 'web' }}"`
			`matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming`

			`# Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint.`
			# This is similar to `matrix_conduwuit_container_labels_public_client_api_enabled`, but the entrypoint and intent is different.
			`matrix_conduwuit_container_labels_internal_client_api_enabled: false`
			`matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}"`
			matrix_conduwuit_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix }}`)"
			`matrix_conduwuit_container_labels_internal_client_api_traefik_priority: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }}"`
			`matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: ""`

			`# Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint.`
			`matrix_conduwuit_container_labels_public_federation_api_enabled: "{{ matrix_conduwuit_allow_federation }}"`
			`matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}"`
			`matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix: /_matrix`
			matrix_conduwuit_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix }}`)"
			`matrix_conduwuit_container_labels_public_federation_api_traefik_priority: 0`
			`matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: ''`
			`# TLS is force-enabled here, because the spec (https://spec.matrix.org/v1.9/server-server-api/#tls) says that the federation API must use HTTPS.`
			`matrix_conduwuit_container_labels_public_federation_api_traefik_tls: true`
			`matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming`

			`# matrix_conduwuit_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.`
			# See `../templates/labels.j2` for details.
			`#`
			`# Example:`
			`# matrix_conduwuit_container_labels_additional_labels: \|`
			`# my.label=1`
			`# another.label="here"`
			`matrix_conduwuit_container_labels_additional_labels: ''`

			`# Extra arguments for the Docker container`
			`matrix_conduwuit_container_extra_arguments: []`

			`# Specifies which template files to use when configuring conduwuit.`
			`# If you'd like to have your own different configuration, feel free to copy and paste`
			# the original files into your inventory (e.g. in `inventory/host_vars/matrix.example.com/`)
			# and then change the specific host's `vars.yml` file like this:
			`# matrix_conduwuit_template_conduwuit_config: "{{ playbook_dir }}/inventory/host_vars/matrix.example.com/conduwuit.toml.j2"`
			`matrix_conduwuit_template_conduwuit_config: "{{ role_path }}/templates/conduwuit.toml.j2"`

			`# Max size for uploads, in bytes`
			`matrix_conduwuit_max_request_size: 20_000_000`

			`# Maximum number of open files for conduwuit's embedded RocksDB database`
			`# See https://github.com/facebook/rocksdb/wiki/RocksDB-Tuning-Guide#tuning-other-options`
			`# By default, conduwuit uses a relatively low value of 20.`
			`matrix_conduwuit_rocksdb_max_open_files: 64`

			`# Enables registration. If set to false, no users can register on this server.`
			`matrix_conduwuit_allow_registration: false`

			`matrix_conduwuit_allow_federation: true`

			`# Enable the display name lightning bolt on registration.`
			`matrix_conduwuit_enable_lightning_bolt: true`

			`matrix_conduwuit_trusted_servers:`
			`- "matrix.org"`

			`# How many requests conduwuit sends to other servers at the same time`
			`matrix_conduwuit_max_concurrent_requests: 100`

			`# TURN integration.`
			`# See: https://gitlab.com/famedly/conduwuit/-/blob/next/TURN.md`
			`matrix_conduwuit_turn_uris: []`
			`matrix_conduwuit_turn_secret: ''`
			`matrix_conduwuit_turn_username: ''`
			`matrix_conduwuit_turn_password: ''`