fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
740 Commits
1 Branch
0 Tags
7.5 MiB
 
 
 
 
 
 
Tag: Branch: Tree: fda3632908
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fda3632908'
${ noResults }
ansible-roles/roles/matrix_synapse/templates/homeserver.yaml.j2

211 lines
6.5 KiB
Raw Blame History

---
{% if synapse_tls %}
tls_certificate_path: "{{ synapse_root_dir }}/etc/{{ synapse_server_name }}.crt"
tls_private_key_path: "{{ synapse_root_dir }}/etc/{{ synapse_server_name }}.tls.key"
tls_dh_params_path: "{{ synapse_root_dir }}/etc/{{ synapse_server_name }}.tls.dh"
{% endif %}
server_name: '{{ synapse_server_name }}'
public_baseurl: '{{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name) }}'
pid_file: {{ synapse_root_dir }}/tmp/homeserver.pid
web_client: False
soft_file_limit: 0
filter_timeline_limit: {{ synapse_timeline_limit }}
listeners:
{% if synapse_tls %}
- port: {{ synapse_tls_port }}
bind_addresses: [ {{ synapse_tls_listen_ip | join(',') }} ]
type: http
tls: true
x_forwarded: {{ ('0.0.0.0/0' in synapse_tls_src_ip) | ternary('False','True') }}
resources:
- names: [ client, federation ]
compress: False
{% endif %}
- port: {{ synapse_port }}
bind_addresses: [ {{ synapse_listen_ip | join(',') }} ]
type: http
tls: False
x_forwarded: {{ ('0.0.0.0/0' in synapse_src_ip) | ternary('False','True') }}
resources:
- names: [ client, federation ]
compress: False
database:
name: psycopg2
args:
database: '{{ synapse_pg_db_name }}'
host: '{{ synapse_pg_db_server }}'
user: '{{ synapse_pg_db_user }}'
password: '{{ synapse_pg_db_pass }}'
cp_min: 5
cp_max: 10
event_cache_size: '10K'
verbose: 0
log_config: '{{ synapse_root_dir }}/etc/logging.conf'
{% if '*' not in synapse_federation_domain_whitelist %}
{% if synapse_federation_domain_whitelist | length > 0 %}
federation_domain_whitelist:
{% for domain in synapse_federation_domain_whitelist %}
- '{{ domain }}'
{% endfor %}
{% else %}
federation_domain_whitelist: []
{% endif %}
{% endif %}
{% if synapse_federation_ip_blacklist | length > 0 %}
federation_ip_range_blacklist:
{% for ip in synapse_federation_ip_blacklist %}
- '{{ ip }}'
{% endfor %}
{% else %}
federation_ip_range_blacklist: []
{% endif %}
media_store_path: '{{ synapse_root_dir }}/media_store'
uploads_path: '{{ synapse_root_dir }}/uploads'
max_upload_size: '{{ synapse_upload_max_size }}'
{% if synapse_turn_uris is defined and synapse_turn_uris | length > 0 %}
turn_uris:
{% for uri in synapse_turn_uris %}
- '{{ uri }}'
{% endfor %}
turn_shared_secret: '{{ synapse_turn_shared_secret | default(turnserver_auth_secret) }}'
turn_user_lifetime: '1h'
turn_allow_guests: {{ synapse_turn_allow_guests | ternary('True', 'False') }}
{% endif %}
enable_registration: {{ synapse_enable_registration | ternary('True', 'False') }}
{% if synapse_registration_shared_secret is defined %}
registration_shared_secret: '{{ synapse_registration_shared_secret }}'
{% endif %}
bcrypt_rounds: 12
allow_guest_access: {{ synapse_allow_guest_access | ternary('True', 'False') }}
rc_message:
per_second: {{ synapse_rc_message_per_sec }}
burst_count: {{ synapse_rc_message_burst }}
rc_login:
address:
per_second: {{ synapse_rc_login_per_sec }}
burst_count: {{ synapse_rc_login_burst }}
account:
per_second: {{ synapse_rc_login_per_sec }}
burst_count: {{ synapse_rc_login_burst }}
failed_attempts:
per_second: {{ synapse_rc_login_per_sec }}
burst_count: {{ synapse_rc_login_burst }}
enable_metrics: False
report_stats: False
default_identity_server: '{{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name) }}'
macaroon_secret_key: '{{ synapse_macaroon_key }}'
expire_access_token: False
{% if synapse_url_preview %}
url_preview_enabled: True
{% if synapse_url_preview_ip_range_blacklist is defined and synapse_url_preview_ip_range_blacklist | length > 0 %}
url_preview_ip_range_blacklist:
{% for ip in synapse_url_preview_ip_range_blacklist %}
- '{{ ip }}'
{% endfor %}
{% endif %}
{% if synapse_url_preview_ip_range_whitelist is defined and synapse_url_preview_ip_range_whitelist | length > 0 %}
url_preview_ip_range_whitelist:
{% for ip in synapse_url_preview_ip_range_whitelist %}
- '{{ ip }}'
{% endfor %}
{% endif %}
{% if synapse_url_preview_url_blacklist is defined and synapse_url_preview_url_blacklist | length > 0 %}
url_preview_url_blacklist:
{{ synapse_url_preview_url_blacklist | to_nice_yaml(indent=2, width=1000) }}
{% endif %}
max_spider_size: {{ synapse_max_spider_size }}
{% endif %}
form_secret: '{{ synapse_form_secret }}'
signing_key_path: '{{ synapse_root_dir }}/etc/{{ synapse_server_name }}.signing.key'
trusted_key_servers:
- server_name: 'matrix.org'
suppress_key_server_warning: True
email:
enable_notifs: True
smtp_host: 'localhost'
smtp_port: 25
require_transport_security: False
notif_from: '{{ synapse_smtp_from }}'
app_name: '{{ synapse_app_name }}'
notif_for_new_users: True
{% if synapse_client_url is defined %}
client_base_url: '{{ synapse_client_base_url }}'
{% endif %}
{% if 'ldap' in synapse_auth or 'rest' in synapse_auth or synapse_auth in ['ldap','rest'] %}
password_providers:
{% endif %}
{% if synapse_auth == 'ldap' or 'ldap' in synapse_auth %}
- module: 'ldap_auth_provider.LdapAuthProvider'
config:
enabled: True
uri: '{{ synapse_ldap_uri }}'
start_tls: {{ synapse_ldap_start_tls | ternary('True', 'False') }}
base: '{{ synapse_ldap_user_base }}'
attributes:
uid: '{{ synapse_ldap_attr_uid }}'
mail: '{{ synapse_ldap_attr_email }}'
name: '{{ synapse_ldap_attr_name }}'
{% if synapse_ldap_bind_dn is defined and synapse_ldap_bind_pass is defined %}
bind_dn: '{{ synapse_ldap_bind_dn }}'
bind_password: '{{ synapse_ldap_bind_pass }}'
{% endif %}
filter: '{{ synapse_ldap_filter }}'
{% endif %}
{% if synapse_auth == 'rest' or 'rest' in synapse_auth %}
- module: 'rest_auth_provider.RestAuthProvider'
config:
endpoint: '{{ synapse_auth_rest_uri }}'
{% endif %}
{% if synapse_auth == 'oidc' or 'oidc' in synapse_auth %}
oidc_config:
enabled: True
issuer: '{{ synapse_oidc_server }}'
client_id: '{{ synapse_oidc_client }}'
client_secret: '{{ synapse_oidc_secret }}'
user_mapping_provider:
config:
localpart_template: '{{ synapse_oidc_localpart }}'
{% if synapse_oidc_display_name is defined %}
display_name_template: '{{ synapse_oidc_display_name }}'
{% endif %}
sso:
client_whitelist:
- {{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name + '/') }}
update_profile_information: True
{% endif %}
password_config:
enabled: {{ ('internal' in synapse_auth or 'ldap' in synapse_auth or 'rest' in synapse_auth) | ternary('True', 'False') }}
alias_creation_rules:
- user_id: '*'
alias: '*'
action: allow
...