mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-02-24 16:04:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
matrix-docker-ansible-deploy/roles/custom/matrix-static-files/defaults/main.yml
Slavi Pantaleev d6bf789710 Remove matrix_container_global_registry_prefix variable 
This is done for a few reasons:

- less globals and more indepdendence for each role is better. We rely
  on various externally-hosted roles and they don't rely on this global
  either.

- `matrix_container_global_registry_prefix` could make people think they
  could just override this variable and have all their images pull from
  elsewhere. This is rarely the case, unless you've taken special care
  to mirror all the various components (from their respective
  registries) to your own. In such a case, you probably know what you're
  mirroring and can adjust individual variables.

- nowadays, various components live on different registries.
  With Docker Inc tightening rate limits for Docker Hub, it's even more
  likely that we'll see increased diversity in where images are hosted
2025-02-23 10:15:41 +02:00

410 lines
28 KiB
YAML
Raw Blame History

---
# matrix-static-files is a role which generates and serves `/.well-known/matrix` files for the purposes of Matrix Delegation.
# It also exposes some variables which allow this role to be used for serving additional files.
matrix_static_files_enabled: true
matrix_static_files_identifier: matrix-static-files
# renovate: datasource=docker depName=joseluisq/static-web-server
matrix_static_files_version: 2.36.0
matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"
matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public"
matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known"
matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix"
# List of systemd services that matrix-static-files.service depends on
matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
# List of systemd services that matrix-static-files.service wants
matrix_static_files_systemd_wanted_services_list: "{{ matrix_static_files_systemd_wanted_services_list_auto + matrix_static_files_systemd_wanted_services_list_custom }}"
matrix_static_files_systemd_wanted_services_list_auto: []
matrix_static_files_systemd_wanted_services_list_custom: []
matrix_static_files_container_image: "{{ matrix_static_files_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_static_files_container_image_tag }}"
matrix_static_files_container_image_registry_prefix: docker.io/
matrix_static_files_container_image_tag: "{{ 'latest' if matrix_static_files_version == 'latest' else (matrix_static_files_version + '-alpine') }}"
matrix_static_files_container_image_force_pull: "{{ matrix_static_files_container_image.endswith(':latest') }}"
matrix_static_files_container_network: "{{ matrix_static_files_identifier }}"
# A list of additional container networks that matrix-static-files would be connected to.
# The playbook does not create these networks, so make sure they already exist.
matrix_static_files_container_additional_networks: []
# Controls whether the matrix-static-files container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8080"), or empty string to not expose.
matrix_static_files_container_http_host_bind_port: ''
# matrix_static_files_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_static_files_container_labels_additional_labels`.
matrix_static_files_container_labels_traefik_enabled: true
matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_static_files_container_network }}"
matrix_static_files_container_labels_traefik_entrypoints: web-secure
matrix_static_files_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls whether labels will be added that expose the well-known public endpoint on the Matrix domain.
matrix_static_files_container_labels_well_known_matrix_endpoint_enabled: true
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: ''
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix: /.well-known/matrix
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_rule: "Host(`{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname }}`) && PathPrefix(`{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix }}`)"
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_priority: 0
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_entrypoints: "{{ matrix_static_files_container_labels_traefik_entrypoints }}"
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls: "{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_entrypoints != 'web' }}"
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls_certResolver: "{{ matrix_static_files_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether the compress middleware (https://doc.traefik.io/traefik/middlewares/http/compress/) will be enabled for this router.
# The web-server only compresses known file types and our /.well-known/matrix/* files have no file extension.
# As such, they are not being compressed there and we compress them at the Traefik level.
matrix_static_files_container_labels_well_known_matrix_endpoint_middleware_compress_enabled: true
matrix_static_files_container_labels_well_known_matrix_endpoint_middleware_compress_minResponseBodyBytes: 100 # noqa var-naming
# Controls whether labels will be added that serve the base domain.
#
# This is similar to `matrix_static_files_container_labels_well_known_matrix_endpoint_*`, but does more.
#
# It's useful when you'd like to avoid setting up `/.well-known/matrix` redirects and can afford to point the base domain to the Matrix server.
#
# By default, these labels are configured to handle all paths for the provided base domain
# (see `matrix_static_files_container_labels_base_domain_traefik_path_prefix`), not just the `/.well-known/matrix` prefix.
#
# By default, an index.html page is also served (see `matrix_static_files_file_index_html_enabled`).
matrix_static_files_container_labels_base_domain_enabled: false
matrix_static_files_container_labels_base_domain_traefik_hostname: ''
matrix_static_files_container_labels_base_domain_traefik_path_prefix: /
matrix_static_files_container_labels_base_domain_traefik_rule: "Host(`{{ matrix_static_files_container_labels_base_domain_traefik_hostname }}`){% if matrix_static_files_container_labels_base_domain_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix }}`){% endif %}"
matrix_static_files_container_labels_base_domain_traefik_priority: 0
matrix_static_files_container_labels_base_domain_traefik_entrypoints: "{{ matrix_static_files_container_labels_traefik_entrypoints }}"
matrix_static_files_container_labels_base_domain_traefik_tls: "{{ matrix_static_files_container_labels_base_domain_traefik_entrypoints != 'web' }}"
matrix_static_files_container_labels_base_domain_traefik_tls_certResolver: "{{ matrix_static_files_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether the root path (/) at the base domain would respond with a redirect to some URL.
matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: false
matrix_static_files_container_labels_base_domain_root_path_redirection_regex: "^{{ matrix_static_files_scheme }}://{{ matrix_static_files_container_labels_base_domain_traefik_hostname }}{{ matrix_static_files_container_labels_base_domain_traefik_path_prefix }}$"
matrix_static_files_container_labels_base_domain_root_path_redirection_url: ""
# matrix_static_files_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_static_files_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_static_files_container_labels_additional_labels: ''
# Controls the SERVER_PORT environment variable.
# See: https://static-web-server.net/configuration/environment-variables/
matrix_static_files_environment_variable_server_port: 8080
# Controls the SERVER_LOG_LEVEL environment variable.
# See: https://static-web-server.net/configuration/environment-variables/
# Valid values: error, warn, info, debug or trace
matrix_static_files_environment_variable_server_log_level: error
# Controls the SERVER_LOG_REMOTE_ADDRESS environment variable.
# See: https://static-web-server.net/configuration/environment-variables/
matrix_static_files_environment_variable_server_log_remote_address: false
# Controls the SERVER_CONFIG_FILE environment variable.
# See: https://static-web-server.net/configuration/environment-variables/
matrix_static_files_environment_variable_server_config_file: /config/config.toml
# Additional environment variables.
matrix_static_files_environment_variables_additional_variables: ''
# Controls the caching time (max-age property of the `Cache-Control` HTTP header) for all `/.well-known/matrix/*` files.
# We use a somewhat long expires value is to prevent outages in case this is unreachable due to network failure
# or due to the base domain's server completely dying.
matrix_static_files_files_cache_time_hours: 4
########################################################################
# #
# Related to /.well-known/matrix/client #
# #
########################################################################
# Controls the m.homeserver/base_url property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_m_homeserver_base_url: "{{ matrix_homeserver_url }}"
# Controls the m.identity_server/base_url property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_m_identity_server_base_url: "{{ matrix_identity_server_url }}"
# Controls the m.integrations/managers/0/api_url property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_m_integrations_managers_api_url: "{{ matrix_integration_manager_rest_url }}"
# Controls the m.integrations/managers/0/ui_url property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_m_integrations_managers_ui_url: "{{ matrix_integration_manager_ui_url }}"
# Controls the io.element.jitsi/preferredDomain property in the /.well-known/matrix/client file
# This specifies the domain name where a Jitsi server is self-hosted.
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
# See: https://github.com/element-hq/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: ""
# Controls if the org.matrix.msc3575.authentication section of the /.well-known/matrix/client file is enabled.
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_enabled: false
# Controls the org.matrix.msc2965.authentication/issuer property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_issuer: ""
# Controls the org.matrix.msc2965.authentication/account property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: ""
# Controls the org.matrix.msc3575.proxy/url (sliding sync) property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: ""
# Controls whether the m.tile_server configuration is added to the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: false
# Controls the m.tile_server/map_style_url property in the /.well-known/matrix/client file
matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: ""
# Controls whether Element related entries (io.element.e2ee) should be added to the client well-known.
# By default if any of the following change from their default this would be set to true:
# `matrix_static_files_file_matrix_client_property_io_element_e2ee_default`
# `matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required`
# `matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods`
matrix_static_files_file_matrix_client_property_io_element_e2ee_entries_enabled: "{{ not matrix_static_files_file_matrix_client_property_io_element_e2ee_default or matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required or matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods | length > 0 }}"
# Controls the io.element.e2ee/default property in the /.well-known/matrix/client file,
# which instructs Element clients whether they should use End-to-End Encryption by default.
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md
matrix_static_files_file_matrix_client_property_io_element_e2ee_default: true
# Controls the io.element.e2ee/secure_backup_required property in the /.well-known/matrix/client file,
# which instructs Element clients whether they should require a secure backup set up before they can be used.
# Setting this to true will update `/.well-known/matrix/client` and tell Element clients require a secure backup.
# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md
matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required: false
# Controls the io.element.e2ee/secure_backup_setup_methods property in the /.well-known/matrix/client file,
# which instructs Element clients which backup methods from ["key", "passphrase"] should be used.
# When an empty list is provided, Element clients default to using both.
# Setting this to other than empty will update `/.well-known/matrix/client` and tell Element clients which method to use.
# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md
matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods: []
# Controls the io.element.e2ee/force_disable property in the /.well-known/matrix/client file,
# which can be set to `true` to instruct Element clients whether to disable End-to-End Encryption by default
# and to not show encryption related-settings in room settings.
# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md
matrix_static_files_file_matrix_client_property_io_element_e2ee_force_disable: false
# Controls whether `cc.etke.synapse-admin`-related entries should be added to the client well-known.
# By default, if there are entries in `matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin`, we show them (by enabling this).
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_enabled: "{{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin | default({}) | dict2items | length > 0 }}"
# Controls the cc.etke.synapse-admin property in the /.well-known/matrix/client file.
# See `matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_entries_enabled`
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin: "{{ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto | combine(matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom, recursive=True) }}"
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: {}
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_custom: {}
# Default /.well-known/matrix/client configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_client_configuration_extension_json`)
# or completely replace this variable with your own template.
matrix_static_files_file_matrix_client_configuration_json: "{{ lookup('template', 'templates/public/.well-known/matrix/client.j2') }}"
# Your custom JSON configuration for /.well-known/matrix/client should go to `matrix_static_files_file_matrix_client_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_client_configuration_extension_json`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_static_files_file_matrix_client_configuration_json`.
#
# Example configuration extension follows:
#
# matrix_static_files_file_matrix_client_configuration_extension_json: |
# {
# "m.another": "value",
# "m.yet_another": 3
# }
matrix_static_files_file_matrix_client_configuration_extension_json: '{}'
matrix_static_files_file_matrix_client_configuration_extension: "{{ matrix_static_files_file_matrix_client_configuration_extension_json | from_json if matrix_static_files_file_matrix_client_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final /.well-known/matrix/client configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_matrix_client_configuration_json` or `matrix_static_files_file_matrix_client_configuration_extension_json`.
matrix_static_files_file_matrix_client_configuration: "{{ matrix_static_files_file_matrix_client_configuration_json | combine(matrix_static_files_file_matrix_client_configuration_extension, recursive=True) }}"
########################################################################
# #
# /Related to /.well-known/matrix/client #
# #
########################################################################
########################################################################
# #
# Related to /.well-known/matrix/server #
# #
########################################################################
# Controls whether a `/.well-known/matrix/server` file is generated and used at all.
#
# If you wish to rely on DNS SRV records only, you can disable this.
# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
# using certificates for the base domain (`matrix_domain`) and not for the
# Matrix domain (`matrix_server_fqn_matrix`).
matrix_static_files_file_matrix_server_enabled: true
# Controls the m.server property in the /.well-known/matrix/server file
matrix_static_files_file_matrix_server_property_m_server: ''
# Default /.well-known/matrix/server configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_server_configuration_extension_json`)
# or completely replace this variable with your own template.
matrix_static_files_file_matrix_server_configuration_json: "{{ lookup('template', 'templates/public/.well-known/matrix/server.j2') }}"
# Your custom JSON configuration for /.well-known/matrix/server should go to `matrix_static_files_file_matrix_server_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_server_configuration_extension_json`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_static_files_file_matrix_server_configuration_json`.
#
# Example configuration extension follows:
#
# matrix_static_files_file_matrix_server_configuration_extension_json: |
# {
# "m.another": "value",
# "m.yet_another": 3
# }
matrix_static_files_file_matrix_server_configuration_extension_json: '{}'
matrix_static_files_file_matrix_server_configuration_extension: "{{ matrix_static_files_file_matrix_server_configuration_extension_json | from_json if matrix_static_files_file_matrix_server_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final /.well-known/matrix/server configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_matrix_server_configuration_json` or `matrix_static_files_file_matrix_server_configuration_extension_json`.
matrix_static_files_file_matrix_server_configuration: "{{ matrix_static_files_file_matrix_server_configuration_json | combine(matrix_static_files_file_matrix_server_configuration_extension, recursive=True) }}"
########################################################################
# #
# /Related to /.well-known/matrix/server #
# #
########################################################################
########################################################################
# #
# Related to /.well-known/matrix/support #
# #
########################################################################
# Controls whether a `/.well-known/matrix/support` file is generated and used at all.
# For details about this file, see the spec: https://github.com/matrix-org/matrix-spec-proposals/pull/1929
#
# This is not enabled by default, as for it to be useful, other information is necessary.
# See `matrix_static_files_file_matrix_support_property_m_contacts`, `matrix_static_files_file_matrix_support_property_m_support_page`, etc.
matrix_static_files_file_matrix_support_enabled: false
# Controls the m.contacts property in the /.well-known/matrix/support file
matrix_static_files_file_matrix_support_property_m_contacts: []
# Controls the m.support_page property in the /.well-known/matrix/support file
matrix_static_files_file_matrix_support_property_m_support_page: ""
# Default /.well-known/matrix/support configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_support_configuration_extension_json`)
# or completely replace this variable with your own template.
matrix_static_files_file_matrix_support_configuration_json: "{{ lookup('template', 'templates/public/.well-known/matrix/support.j2') }}"
# Your custom JSON configuration for /.well-known/matrix/support should go to `matrix_static_files_file_matrix_support_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_support_configuration_extension_json`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_static_files_file_matrix_support_configuration_json`.
#
# Example configuration extension follows:
#
# matrix_static_files_file_matrix_support_configuration_extension_json: |
# {
# "m.another": "value",
# "m.yet_another": 3
# }
matrix_static_files_file_matrix_support_configuration_extension_json: '{}'
matrix_static_files_file_matrix_support_configuration_extension: "{{ matrix_static_files_file_matrix_support_configuration_extension_json | from_json if matrix_static_files_file_matrix_support_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final /.well-known/matrix/support configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_matrix_support_configuration_json` or `matrix_static_files_file_matrix_support_configuration_extension_json`.
matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_file_matrix_support_configuration_json | combine(matrix_static_files_file_matrix_support_configuration_extension, recursive=True) }}"
########################################################################
# #
# /Related to /.well-known/matrix/support #
# #
########################################################################
########################################################################
# #
# Related to index.html #
# #
########################################################################
# Controls whether `matrix_static_files_file_index_html_template` would be dumped to an `index.html` file
# in the public directory (matrix_static_files_public_path).
#
# This is useful if you have enabled serving of the base domain (matrix_static_files_container_labels_base_domain_enabled)
# and wish to serve more than just the `/.well-known/matrix` files from it.
#
# You can also use the auxiliary role (https://github.com/mother-of-all-self-hosting/ansible-role-aux) to create files in
# the public directory (matrix_static_files_public_path) by yourself.
# If you're disabling this but are preparing some HTML files by yourself,
# consider explicitly disabling `matrix_static_files_container_labels_base_domain_root_path_redirection_enabled` as well.
# The default behavior when this is disabled is to enable root-path-redirection.
#
# Because you may wish to manage these static files yourself, disabling this variable will intentionally not delete an already existing `index.html` file.
matrix_static_files_file_index_html_enabled: "{{ matrix_static_files_container_labels_base_domain_enabled }}"
matrix_static_files_file_index_html_template: |-
<!doctype html>
<meta charset="utf-8" />
<html>
<body>
Hello from {{ matrix_static_files_container_labels_base_domain_traefik_hostname }}!
</body>
</html>
########################################################################
# #
# /Related to /index.html #
# #
########################################################################
matrix_static_files_scheme: https
# Controls whether the self-check feature should validate SSL certificates.
matrix_static_files_self_check_validate_certificates: "{{ matrix_static_files_scheme == 'https' }}"
matrix_static_files_self_check_hostname_matrix: ''
matrix_static_files_self_check_hostname_identity: ''
# Controls whether redirects will be followed when checking the `/.well-known/matrix/client` resource.
#
# As per the spec (https://matrix.org/docs/spec/client_server/r0.6.0#well-known-uri), it shouldn't be,
# so we default to not following redirects as well.
matrix_static_files_self_check_well_known_matrix_client_follow_redirects: none
# TODO - review this one
# Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected.
# If this has an empty value, they're just passed to the homeserver, which serves a static page.
# If you'd like to make `https://matrix.example.com` redirect to `https://element.example.com` (or something of that sort), specify the domain name here.
# Example value: `element.example.com` (or `{{ matrix_server_fqn_element }}`).
matrix_static_files_client_redirect_root_uri_to_domain: ""
Reference in New Issue View Git Blame Copy Permalink