mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-02-25 08:24:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
matrix-docker-ansible-deploy/roles/custom/matrix-ma1sd/defaults/main.yml
Slavi Pantaleev d6bf789710 Remove matrix_container_global_registry_prefix variable 
This is done for a few reasons:

- less globals and more indepdendence for each role is better. We rely
  on various externally-hosted roles and they don't rely on this global
  either.

- `matrix_container_global_registry_prefix` could make people think they
  could just override this variable and have all their images pull from
  elsewhere. This is rarely the case, unless you've taken special care
  to mirror all the various components (from their respective
  registries) to your own. In such a case, you probably know what you're
  mirroring and can adjust individual variables.

- nowadays, various components live on different registries.
  With Docker Inc tightening rate limits for Docker Hub, it's even more
  likely that we'll see increased diversity in where images are hosted
2025-02-23 10:15:41 +02:00

235 lines
14 KiB
YAML
Raw Blame History

---
# ma1sd is a Federated Matrix Identity Server
# Project source code URL: https://github.com/ma1uta/ma1sd
matrix_ma1sd_enabled: true
matrix_ma1sd_scheme: https
matrix_ma1sd_hostname: ''
matrix_ma1sd_container_image_self_build: false
matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git"
matrix_ma1sd_container_image_self_build_branch: "{{ matrix_ma1sd_version }}"
# renovate: datasource=docker depName=ma1uta/ma1sd
matrix_ma1sd_version: "2.5.0"
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}"
matrix_ma1sd_docker_image_name_prefix: "{{ 'localhost/' if matrix_ma1sd_container_image_self_build else 'docker.io/' }}"
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"
# We need the docker src directory to be named ma1sd. See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/588
matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src/ma1sd"
matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config"
matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data"
matrix_ma1sd_container_port: 8090
# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/{{ matrix_ma1sd_container_port }} in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
matrix_ma1sd_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_ma1sd_container_extra_arguments: []
# List of systemd services that matrix-ma1sd.service depends on
matrix_ma1sd_systemd_required_services_list: "{{ matrix_ma1sd_systemd_required_services_list_default + matrix_ma1sd_systemd_required_services_list_auto + matrix_ma1sd_systemd_required_services_list_custom }}"
matrix_ma1sd_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_ma1sd_systemd_required_services_list_auto: []
matrix_ma1sd_systemd_required_services_list_custom: []
# List of systemd services that matrix-ma1sd.service wants
matrix_ma1sd_systemd_wanted_services_list: "{{ matrix_ma1sd_systemd_wanted_services_list_default + matrix_ma1sd_systemd_wanted_services_list_auto + matrix_ma1sd_systemd_wanted_services_list_custom }}"
matrix_ma1sd_systemd_wanted_services_list_default: []
matrix_ma1sd_systemd_wanted_services_list_auto: []
matrix_ma1sd_systemd_wanted_services_list_custom: []
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_ma1sd_container_network: ""
# A list of additional container networks that matrix-ma1sd would be connected to.
# The playbook does not create these networks, so make sure they already exist.
#
# Use this to expose matrix-ma1sd to another docker network, that matrix-ma1sd might have to reach for authentication (e.g. an ldap instance)
matrix_ma1sd_container_additional_networks: "{{ matrix_ma1sd_container_additional_networks_auto + matrix_ma1sd_container_additional_networks_custom }}"
matrix_ma1sd_container_additional_networks_auto: []
matrix_ma1sd_container_additional_networks_custom: []
# matrix_ma1sd_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_ma1sd_container_labels_additional_labels`.
matrix_ma1sd_container_labels_traefik_enabled: true
matrix_ma1sd_container_labels_traefik_docker_network: "{{ matrix_ma1sd_container_network }}"
matrix_ma1sd_container_labels_traefik_entrypoints: web-secure
matrix_ma1sd_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls whether labels will be added that expose ma1sd's /_matrix/identity endpoints
matrix_ma1sd_container_labels_matrix_identity_enabled: "{{ matrix_ma1sd_container_labels_traefik_enabled }}"
matrix_ma1sd_container_labels_matrix_identity_hostname: "{{ matrix_ma1sd_hostname }}"
matrix_ma1sd_container_labels_matrix_identity_path_prefix: "/_matrix/identity"
matrix_ma1sd_container_labels_matrix_identity_traefik_rule: "Host(`{{ matrix_ma1sd_container_labels_matrix_identity_hostname }}`) && PathPrefix(`{{ matrix_ma1sd_container_labels_matrix_identity_path_prefix }}`)"
matrix_ma1sd_container_labels_matrix_identity_traefik_priority: 0
matrix_ma1sd_container_labels_matrix_identity_traefik_entrypoints: "{{ matrix_ma1sd_container_labels_traefik_entrypoints }}"
matrix_ma1sd_container_labels_matrix_identity_traefik_tls: "{{ matrix_ma1sd_container_labels_matrix_identity_traefik_entrypoints != 'web' }}"
matrix_ma1sd_container_labels_matrix_identity_traefik_tls_certResolver: "{{ matrix_ma1sd_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose ma1sd's /_matrix/client/VERSION/user_directory/search endpoint
matrix_ma1sd_container_labels_matrix_client_user_directory_search_enabled: "{{ matrix_ma1sd_container_labels_traefik_enabled }}"
matrix_ma1sd_container_labels_matrix_client_user_directory_search_hostname: "{{ matrix_ma1sd_hostname }}"
matrix_ma1sd_container_labels_matrix_client_user_directory_search_path_regexp: "/_matrix/client/(?P<version>(r0|v3))/user_directory/search"
matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_rule: "Host(`{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_hostname }}`) && PathRegexp(`{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_path_regexp }}`)"
matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_priority: 0
matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_entrypoints: "{{ matrix_ma1sd_container_labels_traefik_entrypoints }}"
matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_tls: "{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_entrypoints != 'web' }}"
matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_tls_certResolver: "{{ matrix_ma1sd_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose ma1sd's /_matrix/client/VERSION/register/TYPE/requestToken endpoints
# This allows another service to control registrations involving 3PIDs.
# To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md
matrix_ma1sd_container_labels_matrix_client_3pid_registration_enabled: false
matrix_ma1sd_container_labels_matrix_client_3pid_registration_hostname: "{{ matrix_ma1sd_hostname }}"
matrix_ma1sd_container_labels_matrix_client_3pid_registration_path_regexp: "/_matrix/client/(?P<version>(r0|v3))/register/(?P<type>(email|msisdn))/requestToken"
matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_rule: "Host(`{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_hostname }}`) && PathRegexp(`{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_path_regexp }}`)"
matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_priority: 0
matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_entrypoints: "{{ matrix_ma1sd_container_labels_traefik_entrypoints }}"
matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_tls: "{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_entrypoints != 'web' }}"
matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_tls_certResolver: "{{ matrix_ma1sd_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_ma1sd_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_ma1sd_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_ma1sd_container_labels_additional_labels: ''
# Your identity server is private by default.
# To ensure maximum discovery, you can make your identity server
# also forward lookups to the central matrix.org Identity server
# (at the cost of potentially leaking all your contacts information).
# Enabling this is discouraged. Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups
matrix_ma1sd_matrixorg_forwarding_enabled: false
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_ma1sd_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_ma1sd_database_*` variables
matrix_ma1sd_database_engine: 'sqlite'
matrix_ma1sd_sqlite_database_path_local: "{{ matrix_ma1sd_data_path }}/ma1sd.db"
matrix_ma1sd_sqlite_database_path_in_container: "/var/ma1sd/ma1sd.db"
matrix_ma1sd_database_username: 'matrix_ma1sd'
matrix_ma1sd_database_password: 'some-password'
matrix_ma1sd_database_hostname: ''
matrix_ma1sd_database_port: 5432
matrix_ma1sd_database_name: 'matrix_ma1sd'
matrix_ma1sd_database_connection_string: 'postgresql://{{ matrix_ma1sd_database_username }}:{{ matrix_ma1sd_database_password }}@{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }}'
# ma1sd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md
matrix_ma1sd_synapsesql_enabled: false
matrix_ma1sd_synapsesql_type: ""
matrix_ma1sd_synapsesql_connection: ""
# Setting up email-sending settings is required for using ma1sd.
matrix_ma1sd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
matrix_ma1sd_threepid_medium_email_connectors_smtp_host: ""
matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 587
matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 1
matrix_ma1sd_threepid_medium_email_connectors_smtp_login: ""
matrix_ma1sd_threepid_medium_email_connectors_smtp_password: ""
# DNS overwrites are useful for telling ma1sd how it can reach the homeserver directly.
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to ma1sd,
# so that ma1sd can rewrite the original URL to one that would reach the homeserver.
matrix_ma1sd_dns_overwrite_enabled: false
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_ma1sd_dns_overwrite_homeserver_client_value: ""
# Override the default session templates
# To use this, fill in the template variables with the full desired template as a multi-line YAML variable
#
# More info:
# https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/session/session-views.md
matrix_ma1sd_view_session_custom_templates_enabled: false
# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitSuccess.html
matrix_ma1sd_view_session_custom_onTokenSubmit_success_template: "" # noqa var-naming
# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitFailure.html
matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template: "" # noqa var-naming
# Override the default email templates
# To use this, fill in the template variables with the full desired template as a multi-line YAML variable
#
# More info:
# https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md
# https://github.com/ma1uta/ma1sd/tree/master/src/main/resources/threepids/email
matrix_ma1sd_threepid_medium_email_custom_templates_enabled: false
# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/invite-template.eml
matrix_ma1sd_threepid_medium_email_custom_invite_template: ""
# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/validate-template.eml
matrix_ma1sd_threepid_medium_email_custom_session_validation_template: ""
# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/unbind-notification.eml
matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template: ""
# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/mxid-template.eml
matrix_ma1sd_threepid_medium_email_custom_matrixid_template: ""
matrix_ma1sd_self_check_endpoint_url: "{{ matrix_ma1sd_scheme }}://{{ matrix_ma1sd_hostname }}/_matrix/identity/api/v1"
# Controls whether the self-check feature should validate SSL certificates.
matrix_ma1sd_self_check_validate_certificates: true
# Controls ma1sd logging verbosity for troubleshooting.
#
# See: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity
matrix_ma1sd_verbose_logging: false
# Setting up support for API prefixes
matrix_ma1sd_v1_enabled: true
matrix_ma1sd_v2_enabled: true
# Fix for missing 3PIDS bug
matrix_ma1sd_hashing_enabled: true
# Default ma1sd configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"
matrix_ma1sd_configuration_extension_yaml: |
# Your custom YAML configuration for ma1sd goes here.
# This configuration extends the default starting configuration (`matrix_ma1sd_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_ma1sd_configuration_yaml`.
#
# Example configuration extension follows:
#
# ldap:
# enabled: true
# connection:
# host: ldapHostnameOrIp
# tls: false
# port: 389
# baseDNs: ['OU=Users,DC=example,DC=org']
# bindDn: CN=My Ma1sd User,OU=Users,DC=example,DC=org
# bindPassword: TheUserPassword
matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml | from_yaml if matrix_ma1sd_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final ma1sd configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`.
matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml | from_yaml | combine(matrix_ma1sd_configuration_extension, recursive=True) }}"
Reference in New Issue View Git Blame Copy Permalink