mirror of
https://github.com/famedly/ansible-collection-matrix
synced 2024-12-14 05:02:27 +00:00
264 lines
10 KiB
YAML
264 lines
10 KiB
YAML
---
|
|
matrix_synapse_docker_volumes: "{{ matrix_synapse_base_docker_volumes + matrix_synapse_extra_docker_volumes }}"
|
|
matrix_synapse_base_docker_volumes:
|
|
- "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}"
|
|
- "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}"
|
|
- "{{ matrix_synapse_base_path }}/homeserver.yaml:{{ matrix_synapse_base_path }}/homeserver.yaml"
|
|
- "{{ matrix_synapse_base_path }}/log.config:{{ matrix_synapse_base_path }}/log.config"
|
|
- "{{ matrix_synapse_base_path }}/tls:{{ matrix_synapse_base_path }}/tls"
|
|
matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}"
|
|
|
|
# Worker-specific config
|
|
matrix_synapse_media_worker_override: {}
|
|
matrix_synapse_fed_sender_override: {}
|
|
matrix_synapse_worker_fed_senders: []
|
|
matrix_synapse_worker_metrics_listener:
|
|
- type: metrics
|
|
port: "{{ matrix_synapse_worker_metrics_port }}"
|
|
matrix_synapse_worker_config:
|
|
start_pushers: "{{ not matrix_synapse_worker_push }}"
|
|
notify_appservices: "{{ not matrix_synapse_worker_appservice }}"
|
|
update_user_directory: "{{ not matrix_synapse_worker_user_search }}"
|
|
listeners:
|
|
- port: "{{ matrix_synapse_worker_replication_port }}"
|
|
bind_addresses:
|
|
- "{{ matrix_synapse_worker_replication_bind_ip }}"
|
|
type: http
|
|
resources:
|
|
- names: [ replication ]
|
|
|
|
# homeserver.yml
|
|
matrix_synapse_base_config:
|
|
server_name: "{{ matrix_server_name }}"
|
|
public_baseurl: "{{ matrix_synapse_public_baseurl }}"
|
|
tls_certificate_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.crt"
|
|
tls_private_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.key"
|
|
acme:
|
|
enabled: false
|
|
url: https://acme-v01.api.letsencrypt.org/directory
|
|
port: 80
|
|
bind_addresses: ['::', '0.0.0.0']
|
|
reprovision_threshold: 30
|
|
no_tls: false
|
|
tls_fingerprints: []
|
|
pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
|
|
soft_file_limit: 0
|
|
use_presence: true
|
|
listeners:
|
|
- port: 8448
|
|
bind_addresses:
|
|
- '::'
|
|
- '0.0.0.0'
|
|
type: http
|
|
tls: true
|
|
x_forwarded: false
|
|
resources:
|
|
- names: [client]
|
|
compress: true
|
|
- names: [federation]
|
|
compress: false
|
|
- port: 8008
|
|
tls: false
|
|
bind_addresses:
|
|
- '::'
|
|
- '0.0.0.0'
|
|
type: http
|
|
x_forwarded: false
|
|
resources:
|
|
- names: [client]
|
|
compress: true
|
|
- names: [federation]
|
|
compress: false
|
|
database:
|
|
name: "psycopg2"
|
|
args:
|
|
user: "{{ matrix_synapse_pg_user }}"
|
|
password: "{{ matrix_synapse_pg_pass }}"
|
|
database: "{{ matrix_synapse_pg_db }}"
|
|
host: "{{ matrix_synapse_pg_host }}"
|
|
cp_min: 5
|
|
cp_max: 10
|
|
redis:
|
|
enabled: "{{ matrix_synapse_redis_enabled }}"
|
|
host: "{{ matrix_synapse_redis_host }}"
|
|
port: "{{ matrix_synapse_redis_port }}"
|
|
password: "{{ matrix_synapse_redis_pass }}"
|
|
log_config: "{{ matrix_synapse_base_path }}/log.config"
|
|
event_cache_size: "10K"
|
|
rc_messages_per_second: 0.2
|
|
rc_message_burst_count: 10.0
|
|
federation_rc_window_size: 1000
|
|
federation_rc_sleep_limit: 10
|
|
federation_rc_sleep_delay: 500
|
|
federation_rc_reject_limit: 50
|
|
federation_rc_concurrent: 3
|
|
media_store_path: "{{ matrix_synapse_base_path }}/media_store"
|
|
uploads_path: "{{ matrix_synapse_base_path }}/uploads"
|
|
max_upload_size: "23M"
|
|
max_image_pixels: "32M"
|
|
dynamic_thumbnails: false
|
|
thumbnail_sizes:
|
|
- width: 32
|
|
height: 32
|
|
method: crop
|
|
- width: 96
|
|
height: 96
|
|
method: crop
|
|
- width: 320
|
|
height: 240
|
|
method: scale
|
|
- width: 640
|
|
height: 480
|
|
method: scale
|
|
- width: 800
|
|
height: 600
|
|
method: scale
|
|
url_preview_enabled: true
|
|
url_preview_ip_range_blacklist:
|
|
- '127.0.0.0/8'
|
|
- '10.0.0.0/8'
|
|
- '172.16.0.0/12'
|
|
- '192.168.0.0/16'
|
|
- '100.64.0.0/10'
|
|
- '169.254.0.0/16'
|
|
- '::1/128'
|
|
- 'fe80::/64'
|
|
- 'fc00::/7'
|
|
url_preview_url_blacklist:
|
|
- username: '*'
|
|
- netloc: 'google.com'
|
|
- netloc: '*.google.com'
|
|
- netloc: 'twitter.com'
|
|
- netloc: '*.twitter.com'
|
|
- netloc: 't.co'
|
|
- netloc: '*.t.co'
|
|
max_spider_size: "10M"
|
|
enable_registration: False
|
|
registration_shared_secret: >-
|
|
{{ registration_shared_secret_file.content | b64decode }}
|
|
form_secret: "{{ form_secret_file.content | b64decode }}"
|
|
bcrypt_rounds: 12
|
|
allow_guest_access: False
|
|
trusted_third_party_id_servers:
|
|
- matrix.org
|
|
- vector.im
|
|
autocreate_auto_join_rooms: true
|
|
enable_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
|
report_stats: "{{ matrix_synapse_report_stats }}"
|
|
app_service_config_files: []
|
|
track_appservice_user_ips: False
|
|
macaroon_secret_key: "{{ macaroon_file.content | b64decode }}"
|
|
expire_access_token: False
|
|
signing_key_path: "{{ matrix_synapse_signing_key_path }}"
|
|
old_signing_keys: {}
|
|
key_refresh_interval: "1d" # 1 Day.
|
|
# TODO: More servers should be added
|
|
perspectives:
|
|
servers:
|
|
"matrix.org":
|
|
verify_keys:
|
|
"ed25519:auto":
|
|
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
|
|
password_config:
|
|
enabled: true
|
|
push:
|
|
include_content: false
|
|
enable_group_creation: true
|
|
alias_creation_rules:
|
|
- user_id: "*"
|
|
alias: "*"
|
|
action: allow
|
|
matrix_synapse_docker_labels_complete: "{{ matrix_synapse_docker_labels_base | combine(matrix_synapse_docker_labels) }}"
|
|
matrix_synapse_docker_labels_base:
|
|
version: "{{ matrix_synapse_version if (matrix_synapse_container_tag == 'v' + matrix_synapse_version) else matrix_synapse_container_tag }}"
|
|
matrix_synapse_worker_labels_base: "{{ matrix_synapse_docker_labels_base }}"
|
|
|
|
# Control where which paths get routed
|
|
matrix_synapse_worker_client_sync_endpoints:
|
|
- "/_matrix/client/(r0|v3)/sync$"
|
|
- "/_matrix/client/(api/v1|r0|v3)/events$"
|
|
- "/_matrix/client/(api/v1|r0|v3)/initialSync$"
|
|
- "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$"
|
|
matrix_synapse_worker_client_api_endpoints:
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$"
|
|
- "/_matrix/client/(v1|unstable)/org.matrix.msc2946/rooms/.*/hierarchy$"
|
|
- "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/devices$"
|
|
- "/_matrix/client/versions$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"
|
|
- "/_matrix/client/(r0|v3|unstable)/joined_groups$"
|
|
- "/_matrix/client/(r0|v3|unstable)/publicised_groups$"
|
|
- "/_matrix/client/(r0|v3|unstable)/publicised_groups/"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/search$"
|
|
matrix_synapse_worker_client_encryption_endpoints:
|
|
- "/_matrix/client/(r0|v3|unstable)/keys/query$"
|
|
- "/_matrix/client/(r0|v3|unstable)/keys/changes$"
|
|
- "/_matrix/client/(r0|v3|unstable)/keys/claim$"
|
|
- "/_matrix/client/(r0|v3|unstable)/room_keys/"
|
|
matrix_synapse_worker_client_login_endpoints:
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/login$"
|
|
- "/_matrix/client/(r0|v3|unstable)/register$"
|
|
- "/_matrix/client/v1/register/m.login.registration_token/validity$"
|
|
matrix_synapse_worker_client_send_endpoints:
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/join/"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
|
|
matrix_synapse_worker_client_device_endpoints:
|
|
- "/_matrix/client/(r0|v3|unstable)/sendToDevice/"
|
|
matrix_synapse_worker_client_account_data_endpoints:
|
|
- "/_matrix/client/(r0|v3|unstable)/.*/tags"
|
|
- "/_matrix/client/(r0|v3|unstable)/.*/account_data"
|
|
matrix_synapse_worker_client_receipts_endpoints:
|
|
- "/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt"
|
|
- "/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers"
|
|
matrix_synapse_worker_client_presence_endpoints:
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/presence/"
|
|
matrix_synapse_worker_federation_endpoints:
|
|
- "/_matrix/federation/v1/event/"
|
|
- "/_matrix/federation/v1/state/"
|
|
- "/_matrix/federation/v1/state_ids/"
|
|
- "/_matrix/federation/v1/backfill/"
|
|
- "/_matrix/federation/v1/get_missing_events/"
|
|
- "/_matrix/federation/v1/publicRooms"
|
|
- "/_matrix/federation/v1/query/"
|
|
- "/_matrix/federation/v1/make_join/"
|
|
- "/_matrix/federation/v1/make_leave/"
|
|
- "/_matrix/federation/(v1|v2)/send_join/"
|
|
- "/_matrix/federation/(v1|v2)/send_leave/"
|
|
- "/_matrix/federation/(v1|v2)/invite/"
|
|
- "/_matrix/federation/v1/event_auth/"
|
|
- "/_matrix/federation/v1/exchange_third_party_invite/"
|
|
- "/_matrix/federation/v1/user/devices/"
|
|
- "/_matrix/federation/v1/get_groups_publicised$"
|
|
- "/_matrix/key/v2/query"
|
|
- "/_matrix/federation/(v1|unstable)/org.matrix.msc2946/hierarchy/"
|
|
- "/_matrix/federation/v1/send/"
|
|
matrix_synapse_worker_media_endpoints:
|
|
- "/_matrix/media/"
|
|
- "/_synapse/admin/v1/purge_media_cache$"
|
|
- "/_synapse/admin/v1/room/.*/media.*$"
|
|
- "/_synapse/admin/v1/user/.*/media.*$"
|
|
- "/_synapse/admin/v1/media/.*$"
|
|
- "/_synapse/admin/v1/quarantine_media/.*$"
|
|
matrix_synapse_worker_user_search_endpoints:
|
|
- "/_matrix/client/(api/v1|r0|unstable)/user_directory/search$"
|
|
matrix_synapse_worker_sso_generic_endpoints:
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect"
|
|
- "/_synapse/client/pick_idp$"
|
|
- "/_synapse/client/pick_username"
|
|
- "/_synapse/client/new_user_consent$"
|
|
- "/_synapse/client/sso_register$"
|
|
matrix_synapse_worker_sso_oidc_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/oidc/callback$' ] }}"
|
|
matrix_synapse_worker_sso_saml_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_synapse/client/saml2/authn_response$' ] }}"
|
|
matrix_synapse_worker_sso_cas_endpoints: "{{ matrix_synapse_worker_sso_generic_endpoints + [ '/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$' ] }}"
|