You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
464 lines
20 KiB
464 lines
20 KiB
# The bare hostname which represents your identity.
|
|
# This is something like "example.com".
|
|
# Note: this playbook does not touch the server referenced here.
|
|
hostname_identity: "{{ host_specific_hostname_identity|lower }}"
|
|
|
|
# This is where your data lives and what we set up here.
|
|
# This and the Riot hostname (see below) are expected to be on the same server.
|
|
hostname_matrix: "matrix.{{ hostname_identity }}"
|
|
|
|
# This is where you access the web UI from and what we set up here.
|
|
# This and the Matrix hostname (see above) are expected to be on the same server.
|
|
hostname_riot: "riot.{{ hostname_identity }}"
|
|
|
|
|
|
matrix_user_username: "matrix"
|
|
matrix_user_uid: 991
|
|
matrix_user_gid: 991
|
|
|
|
matrix_base_data_path: "/matrix"
|
|
matrix_environment_variables_data_path: "{{ matrix_base_data_path }}/environment-variables"
|
|
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
|
|
|
matrix_homeserver_url: "https://{{ hostname_matrix }}"
|
|
matrix_identity_server_url: "https://{{ matrix_synapse_trusted_third_party_id_servers[0] }}"
|
|
|
|
# The Docker network that all services would be put into
|
|
matrix_docker_network: "matrix"
|
|
|
|
|
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.34.1.1-py3"
|
|
|
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
|
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
|
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
|
|
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
|
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
|
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
|
|
|
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages"
|
|
|
|
# Specifies which template files to use when configuring Synapse.
|
|
# If you'd like to have your own different configuration, feel free to copy and paste
|
|
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
|
|
# and then change the specific host's `vars.yaml` file like this:
|
|
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
|
|
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
|
|
|
|
matrix_synapse_macaroon_secret_key: ""
|
|
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
|
|
|
|
# These are the identity servers that would be trusted by Synapse if mxisd is NOT enabled
|
|
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
|
|
|
# These are the identity servers that would be trusted by Synapse if mxisd IS enabled
|
|
matrix_synapse_id_servers_own: "['{{ hostname_matrix }}']"
|
|
|
|
# The final list of identity servers to use for Synapse.
|
|
# The first one would also be used as riot-web's default identity server.
|
|
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_own if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
|
|
|
matrix_synapse_max_upload_size_mb: 10
|
|
matrix_synapse_max_log_file_size_mb: 100
|
|
matrix_synapse_max_log_files_count: 10
|
|
|
|
# Log levels
|
|
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
|
|
# warning: setting log level to DEBUG will make synapse log sensitive information such
|
|
# as access tokens
|
|
matrix_synapse_log_level: "INFO"
|
|
matrix_synapse_storage_sql_log_level: "INFO"
|
|
matrix_synapse_root_log_level: "INFO"
|
|
|
|
# Rate limits
|
|
matrix_synapse_rc_messages_per_second: 0.2
|
|
matrix_synapse_rc_message_burst_count: 10.0
|
|
|
|
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
|
# (things like number of users, number of messages sent, uptime, load, etc.)
|
|
matrix_synapse_report_stats: false
|
|
|
|
# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
|
|
# If users participate in large rooms with many other servers,
|
|
# disabling this will decrease server load significantly.
|
|
matrix_synapse_use_presence: true
|
|
|
|
# Controls whether people with access to the homeserver can register by themselves.
|
|
matrix_synapse_enable_registration: false
|
|
|
|
# Users who register on this homeserver will automatically be joined to these rooms.
|
|
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
|
|
matrix_synapse_auto_join_rooms: []
|
|
|
|
# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created
|
|
# automatically if they don't already exist.
|
|
matrix_synapse_autocreate_auto_join_rooms: true
|
|
|
|
# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup.
|
|
matrix_synapse_password_config_pepper: ""
|
|
|
|
# Controls the number of events that Matrix Synapse caches in memory.
|
|
matrix_synapse_event_cache_size: "100K"
|
|
|
|
# Controls cache sizes for Matrix Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
|
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
|
# To learn more, see:
|
|
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
|
# - https://github.com/matrix-org/synapse/issues/3939
|
|
matrix_synapse_cache_factor: 0.5
|
|
|
|
# Controls whether Matrix Synapse will federate at all.
|
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
|
matrix_synapse_federation_enabled: true
|
|
|
|
# A list of domain names that are allowed to federate with the given Matrix Synapse server.
|
|
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
|
|
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
|
|
matrix_synapse_federation_domain_whitelist: ~
|
|
|
|
# A list of additional "volumes" to mount in the container.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
|
matrix_synapse_container_additional_volumes: []
|
|
|
|
# A list of additional loggers to register in synapse.log.config.
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
|
|
matrix_synapse_additional_loggers: []
|
|
|
|
# A list of service config files
|
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
|
# Contains fs paths
|
|
matrix_synapse_app_service_config_files: []
|
|
|
|
# This is set dynamically during execution depending on whether
|
|
# any password providers have been enabled or not.
|
|
matrix_synapse_password_providers_enabled: false
|
|
|
|
|
|
# Enable this to activate the REST auth password provider module.
|
|
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
|
|
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.1/rest_auth_provider.py"
|
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
|
|
|
# Enable this to activate the Shared Secret Auth password provider module.
|
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
|
|
|
# Enable this to activate LDAP password provider
|
|
matrix_synapse_ext_password_provider_ldap_enabled: false
|
|
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
|
|
matrix_synapse_ext_password_provider_ldap_start_tls: true
|
|
matrix_synapse_ext_password_provider_ldap_base: ""
|
|
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
|
|
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
|
|
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
|
|
matrix_synapse_ext_password_provider_ldap_bind_password: ""
|
|
matrix_synapse_ext_password_provider_ldap_filter: ""
|
|
|
|
|
|
# The defaults below cause a postgres server to be configured (running within a container).
|
|
# Using an external server is possible by tweaking all of the parameters below.
|
|
matrix_postgres_use_external: false
|
|
matrix_postgres_connection_hostname: "matrix-postgres"
|
|
matrix_postgres_connection_username: "synapse"
|
|
matrix_postgres_connection_password: "synapse-password"
|
|
matrix_postgres_db_name: "homeserver"
|
|
|
|
matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres"
|
|
|
|
matrix_postgres_docker_image_v9: "postgres:9.6.11-alpine"
|
|
matrix_postgres_docker_image_v10: "postgres:10.6-alpine"
|
|
matrix_postgres_docker_image_v11: "postgres:11.1-alpine"
|
|
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
|
|
|
|
|
|
matrix_coturn_docker_image: "instrumentisto/coturn:4.5.0.8"
|
|
|
|
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
|
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
|
|
|
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
|
matrix_coturn_turn_static_auth_secret: ""
|
|
|
|
# UDP port-range to use for TURN
|
|
matrix_coturn_turn_udp_min_port: 49152
|
|
matrix_coturn_turn_udp_max_port: 49172
|
|
|
|
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
|
|
|
|
|
|
matrix_s3_media_store_enabled: false
|
|
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
|
|
matrix_s3_media_store_bucket_name: "your-bucket-name"
|
|
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
|
|
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
|
|
matrix_s3_media_store_region: "eu-central-1"
|
|
|
|
|
|
# By default, this playbook sets up a postfix mailer server (running in a container).
|
|
# This is so that Matrix Synapse can send email reminders for unread messages.
|
|
# Other services (like mxisd), however, also use that mailer to send emails through it.
|
|
matrix_mailer_enabled: true
|
|
|
|
matrix_mailer_docker_image: "panubo/postfix:latest"
|
|
|
|
matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
|
|
matrix_mailer_relay_use: false
|
|
matrix_mailer_relay_host_name: "mail.example.com"
|
|
matrix_mailer_relay_host_port: 587
|
|
matrix_mailer_relay_auth: false
|
|
matrix_mailer_relay_auth_username: ""
|
|
matrix_mailer_relay_auth_password: ""
|
|
|
|
|
|
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`).
|
|
# If you wish to use the public identity servers (matrix.org, vector.im, riot.im) instead of your own,
|
|
# you may wish to disable this.
|
|
matrix_mxisd_enabled: true
|
|
matrix_mxisd_docker_image: "kamax/mxisd:1.2.2"
|
|
matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
|
|
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
|
|
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
|
|
|
|
# Your identity server is private by default.
|
|
# To ensure maximum discovery, you can make your identity server
|
|
# also forward lookups to the central matrix.org Identity server
|
|
# (at the cost of potentially leaking all your contacts information).
|
|
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
|
|
matrix_mxisd_matrixorg_forwarding_enabled: false
|
|
|
|
# mxisd has serveral supported identity stores.
|
|
# One of them (which we enable by default) is storing identities directly in Synapse's database.
|
|
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md
|
|
#
|
|
# If you need to disable this in favor of some other store, you can toggle it to disabled here
|
|
# and add your own mxisd configuration for the other store in `matrix_mxisd_configuration_extension_yaml`.
|
|
matrix_mxisd_synapsesql_enabled: true
|
|
matrix_mxisd_synapsesql_type: postgresql
|
|
matrix_mxisd_synapsesql_connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
|
|
|
|
# Default mxisd configuration template which covers the generic use case.
|
|
# You can customize it by controlling the various variables inside it.
|
|
#
|
|
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
|
|
# or completely replace this variable with your own template.
|
|
matrix_mxisd_configuration_yaml: |
|
|
matrix:
|
|
domain: {{ hostname_identity }}
|
|
|
|
server:
|
|
name: {{ hostname_matrix }}
|
|
|
|
key:
|
|
path: /var/mxisd/sign.key
|
|
|
|
storage:
|
|
provider:
|
|
sqlite:
|
|
database: /var/mxisd/mxisd.db
|
|
|
|
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
|
|
forward:
|
|
servers: ['matrix-org']
|
|
{% endif %}
|
|
|
|
threepid:
|
|
medium:
|
|
email:
|
|
identity:
|
|
from: {{ matrix_mailer_sender_address }}
|
|
connectors:
|
|
smtp:
|
|
host: matrix-mailer
|
|
port: 587
|
|
tls: 0
|
|
|
|
synapseSql:
|
|
enabled: {{ matrix_mxisd_synapsesql_enabled }}
|
|
type: {{ matrix_mxisd_synapsesql_type }}
|
|
connection: {{ matrix_mxisd_synapsesql_connection }}
|
|
|
|
matrix_mxisd_configuration_extension_yaml: |
|
|
# Your custom YAML configuration for mxisd goes here.
|
|
# This configuration extends the default starting configuration (`matrix_mxisd_configuration_yaml`).
|
|
#
|
|
# You can override individual variables from the default configuration, or introduce new ones.
|
|
#
|
|
# If you need something more special, you can take full control by
|
|
# completely redefining `matrix_mxisd_configuration_yaml`.
|
|
#
|
|
# Example configuration extension follows:
|
|
#
|
|
# ldap:
|
|
# enabled: true
|
|
# connection:
|
|
# host: ldapHostnameOrIp
|
|
# tls: false
|
|
# port: 389
|
|
# baseDns: ['OU=Users,DC=example,DC=org']
|
|
# bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
|
|
# bindPassword: TheUserPassword
|
|
|
|
# Doing `|from_yaml` when the extension contains nothing yields an empty string ("").
|
|
# We need to ensure it's a dictionary or `|combine` (when building `matrix_mxisd_configuration`) will fail later.
|
|
matrix_mxisd_configuration_extension: "{{ matrix_mxisd_configuration_extension_yaml|from_yaml if matrix_mxisd_configuration_extension_yaml|from_yaml else {} }}"
|
|
|
|
# Holds the final mxisd configuration (a combination of the default and its extension).
|
|
# You most likely don't need to touch this variable. Instead, see `matrix_mxisd_configuration_yaml`.
|
|
matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}"
|
|
|
|
|
|
# Enable this to add support for matrix-corporal.
|
|
# See: https://github.com/devture/matrix-corporal
|
|
matrix_corporal_enabled: false
|
|
|
|
matrix_corporal_docker_image: "devture/matrix-corporal:1.2.2"
|
|
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
|
|
matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
|
|
matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
|
|
matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
|
|
|
|
matrix_corporal_matrix_timeout_milliseconds: 45000
|
|
|
|
matrix_corporal_reconciliation_retry_interval_milliseconds: 30000
|
|
matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal"
|
|
|
|
matrix_corporal_http_api_enabled: false
|
|
matrix_corporal_http_api_auth_token: ""
|
|
|
|
# Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value)
|
|
matrix_corporal_policy_provider_config: ""
|
|
|
|
matrix_corporal_debug: false
|
|
|
|
|
|
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
|
|
# If you wish to connect to your Matrix server by other means,
|
|
# you may wish to disable this.
|
|
matrix_riot_web_enabled: true
|
|
|
|
matrix_riot_web_docker_image: "bubuntux/riot-web:v0.17.8"
|
|
|
|
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
|
|
|
# Riot config.json customizations
|
|
matrix_riot_web_disable_custom_urls: true
|
|
matrix_riot_web_disable_guests: true
|
|
matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
|
|
matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api"
|
|
matrix_riot_web_integrations_widgets_urls: "https://scalar.vector.im/api"
|
|
matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
|
|
# Riot public room directory server(s)
|
|
matrix_riot_web_roomdir_servers: ['matrix.org']
|
|
matrix_riot_web_welcome_user_id: "@riot-bot:matrix.org"
|
|
|
|
|
|
# Riot home.html customizations
|
|
# Default home.html template file
|
|
matrix_riot_web_homepage_template: "{{ role_path }}/templates/riot-web/home.html.j2"
|
|
# Show general discussion about Matrix and Riot row
|
|
matrix_riot_web_homepage_template_general: true
|
|
# Show Matrix technical discussions row
|
|
matrix_riot_web_homepage_template_technical: true
|
|
# Show building services on Matrix row
|
|
matrix_riot_web_homepage_template_building: true
|
|
# Show contributing code to Matrix and Riot row
|
|
matrix_riot_web_homepage_template_contributing: true
|
|
|
|
# Matrix mautrix is a Matrix <-> Telegram bridge
|
|
# Enable telegram bridge
|
|
matrix_mautrix_telegram_enabled: false
|
|
|
|
matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.4.0"
|
|
|
|
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
|
|
|
# Get your own API keys at https://my.telegram.org/apps
|
|
matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
|
|
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
|
|
# Mautrix telegram public endpoint to log in to telegram
|
|
# Use an uuid so it's not easily discoverable
|
|
matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
|
|
|
|
|
|
# Matrix mautrix is a Matrix <-> Whatsapp bridge
|
|
# Enable whatsapp bridge
|
|
matrix_mautrix_whatsapp_enabled: false
|
|
|
|
matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
|
|
|
|
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
|
|
|
|
|
|
# By default, this playbook sets up its own nginx proxy server on port 80/443.
|
|
# This is fine if you're dedicating the whole server to Matrix.
|
|
# But in case that's not the case, you may wish to prevent that
|
|
# and take care of proxying by yourself.
|
|
matrix_nginx_proxy_enabled: true
|
|
|
|
matrix_nginx_proxy_docker_image: "nginx:1.15.8-alpine"
|
|
|
|
matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
|
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"
|
|
|
|
# The addresses where the Matrix Client API is.
|
|
# Certain extensions (like matrix-corporal) may override this in order to capture all traffic.
|
|
matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container: "matrix-synapse:8008"
|
|
matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:8008"
|
|
|
|
# Specifies when to reload the matrix-nginx-proxy service so that
|
|
# a new SSL certificate could go into effect.
|
|
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
|
|
|
# Specifies which SSL protocols to use when serving Riot and Synapse
|
|
# Note TLSv1.3 is not yet available in dockerized nginx
|
|
# See: https://github.com/nginxinc/docker-nginx/issues/190
|
|
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
|
|
|
|
# By default, this playbook automatically retrieves and auto-renews
|
|
# free SSL certificates from Let's Encrypt.
|
|
#
|
|
# The following retrieval methods are supported:
|
|
# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
|
|
# - "self-signed" - the playbook generates and self-signs certificates
|
|
# - "manually-managed" - lets you manage certificates by yourself (manually; see below)
|
|
#
|
|
# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
|
|
# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
|
|
# obeying the following hierarchy:
|
|
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
|
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
|
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
|
matrix_ssl_retrieval_method: "lets-encrypt"
|
|
|
|
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
|
matrix_ssl_lets_encrypt_staging: false
|
|
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
|
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
|
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
|
|
|
|
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
|
|
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
|
|
matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
|
|
|
|
# Variables to Control which parts of the role run.
|
|
run_setup: true
|
|
run_import_postgres: true
|
|
run_upgrade_postgres: true
|
|
run_start: true
|
|
run_register_user: true
|
|
run_import_sqlite_db: true
|
|
run_import_media_store: true
|
|
run_self_check: true
|