diff --git a/roles/custom/matrix-element-call/defaults/main.yml b/roles/custom/matrix-element-call/defaults/main.yml index 393863ad5..e62703271 100644 --- a/roles/custom/matrix-element-call/defaults/main.yml +++ b/roles/custom/matrix-element-call/defaults/main.yml @@ -75,27 +75,27 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_ # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -matrix_element_call_http_header_xss_protection: "1; mode=block" +#matrix_element_call_http_header_xss_protection: "1; mode=block" # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -matrix_element_call_http_header_frame_options: SAMEORIGIN +#matrix_element_call_http_header_frame_options: SAMEORIGIN # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -matrix_element_call_http_header_content_type_options: nosniff +#matrix_element_call_http_header_content_type_options: nosniff # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -matrix_element_call_http_header_content_security_policy: frame-ancestors 'self' +#matrix_element_call_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" +#matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" +#matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -106,7 +106,7 @@ matrix_element_call_http_header_strict_transport_security: "max-age=31536000; in # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_element_call_content_permission_policy` -matrix_element_call_floc_optout_enabled: true +#matrix_element_call_floc_optout_enabled: true # Controls if HSTS preloading is enabled # @@ -118,7 +118,7 @@ matrix_element_call_floc_optout_enabled: true # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_element_call_http_header_strict_transport_security` -matrix_element_call_hsts_preload_enabled: false +matrix_element_call_hsts_preload_enabled: true # Enable or disable metrics collection matrix_element_call_metrics_enabled: false diff --git a/roles/custom/matrix-jwt-service/defaults/main.yml b/roles/custom/matrix-jwt-service/defaults/main.yml index eef19f621..2d5fd9013 100644 --- a/roles/custom/matrix-jwt-service/defaults/main.yml +++ b/roles/custom/matrix-jwt-service/defaults/main.yml @@ -71,27 +71,27 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -matrix_jwt_service_http_header_xss_protection: "1; mode=block" +#matrix_jwt_service_http_header_xss_protection: "1; mode=block" # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -matrix_jwt_service_http_header_frame_options: SAMEORIGIN +#matrix_jwt_service_http_header_frame_options: SAMEORIGIN # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -matrix_jwt_service_http_header_content_type_options: nosniff +#matrix_jwt_service_http_header_content_type_options: nosniff # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self' +#matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}" +#matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}" +#matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -102,7 +102,7 @@ matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; inc # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_jwt_service_content_permission_policy` -matrix_jwt_service_floc_optout_enabled: true +#matrix_jwt_service_floc_optout_enabled: true # Controls if HSTS preloading is enabled # diff --git a/roles/custom/matrix-livekit-server/defaults/main.yml b/roles/custom/matrix-livekit-server/defaults/main.yml index 5b8edc5c2..662bc4e81 100644 --- a/roles/custom/matrix-livekit-server/defaults/main.yml +++ b/roles/custom/matrix-livekit-server/defaults/main.yml @@ -69,27 +69,27 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke # Learn more about it is here: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # - https://portswigger.net/web-security/cross-site-scripting/reflected -matrix_livekit_server_http_header_xss_protection: "1; mode=block" +#matrix_livekit_server_http_header_xss_protection: "1; mode=block" # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options -matrix_livekit_server_http_header_frame_options: SAMEORIGIN +#matrix_livekit_server_http_header_frame_options: SAMEORIGIN # Specifies the value of the `X-Content-Type-Options` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options -matrix_livekit_server_http_header_content_type_options: nosniff +#matrix_livekit_server_http_header_content_type_options: nosniff # Specifies the value of the `Content-Security-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self' +#matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}" +#matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}" +#matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # @@ -100,7 +100,7 @@ matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; # # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # See: `matrix_livekit_server_content_permission_policy` -matrix_livekit_server_floc_optout_enabled: true +#matrix_livekit_server_floc_optout_enabled: true # Controls if HSTS preloading is enabled # @@ -112,4 +112,4 @@ matrix_livekit_server_floc_optout_enabled: true # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # - https://hstspreload.org/#opt-in # See: `matrix_livekit_server_http_header_strict_transport_security` -matrix_livekit_server_hsts_preload_enabled: false \ No newline at end of file +matrix_livekit_server_hsts_preload_enabled: true \ No newline at end of file diff --git a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 index f8e2ad0c2..492a12214 100644 --- a/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 +++ b/roles/custom/matrix-livekit-server/templates/livekit.yaml.j2 @@ -5,7 +5,7 @@ rtc: tcp_port: 7881 port_range_start: 50100 port_range_end: 50200 - use_external_ip: false + use_external_ip: true turn: enabled: false