xoxys.matrix/defaults/main.yml

169 lines
5.0 KiB
YAML
Raw Normal View History

2019-01-18 13:52:23 +00:00
---
matrix_version: 0.34.1.1
matrix_user: matrix
matrix_user_home: "/home/{{ matrix_user }}"
# matrix_uid: # defaults to not set
matrix_group: "{{ matrix_user }}"
# matrix_gid: # defaults to not set
matrix_extra_groups: []
# Ensure EPEL repo is available at this server
matrix_dependencies:
- "@Development tools"
- libtiff-devel
- libjpeg-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- tcl-devel
- tk-devel
- redhat-rpm-config
- python-virtualenv
2019-01-19 01:41:42 +00:00
- python36-devel
2019-01-18 13:52:23 +00:00
- libffi-devel
- openssl-devel
# Create separate LVM storage for matrix
matrix_lvm_enabled: False
# This variables are only necessary if matrix_lvm_enabled is 'True'
# Set physical volumes to use in LVM
# matrix_lvm_pvs: # ['/dev/sdb', '/dev/sdc']
# matrix_lvm_vg: # "vg_matrix"
# matrix_lvm_lv: # "lv_matrix"
# matrix_lvm_fstype: # ext4
# matrix_lvm_size: # "50G"
matrix_base_dir: "/opt/matrix"
matrix_conf_dir: "{{ matrix_base_dir }}/config"
2019-01-19 00:30:45 +00:00
matrix_data_dir: "{{ matrix_base_dir }}/data"
matrix_log_dir: "{{ matrix_base_dir }}/log"
2019-01-18 13:52:23 +00:00
2019-01-23 20:30:38 +00:00
matrix_log_file_level: INFO
matrix_log_console_level: ERROR
matrix_log_synapse_level: INFO
matrix_log_synapse_sql_level: INFO
matrix_log_ldap_level: INFO
matrix_log_ldap_auth_level: INFO
matrix_logrotate_enabled: False
matrix_logrotate_config:
- log: "{{ matrix_log_dir }}/homeserver.log"
options:
- weekly
- rotate 4
- maxsize 250K
- compress
- shred
matrix_server_url: example.com
matrix_client_url: https://matrix.example.com
2019-01-19 00:30:45 +00:00
matrix_http_bind_ips:
- '::'
- '0.0.0.0'
matrix_http_bind_port: 8008
matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
matrix_https_bind_port: 8448
2019-01-18 13:52:23 +00:00
2019-01-19 21:02:52 +00:00
matrix_ldap_auth_enabled: False
matrix_ldap_auth_server: ldaps://ldap.example.com:636
matrix_ldap_auth_use_starttls: "false"
matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
matrix_ldap_auth_uid_attr: "uid"
matrix_ldap_auth_mail_attr: "email"
matrix_ldap_auth_name_attr: "cn"
# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
# matrix_ldap_auth_bind_password: # defaults to not set
# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set
2019-01-18 13:52:23 +00:00
matrix_postgres_enabled: False
2019-01-19 00:30:45 +00:00
matrix_postgres_ssl_mode: disable
matrix_postgres_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
2019-01-18 13:52:23 +00:00
matrix_postgres_server: postgres.example.com
matrix_postgres_port: 5432
matrix_postgres_superuser: postgres
matrix_postgres_password: secure
matrix_postgres_db:
name: matrix
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8'
encoding: UTF-8
template: template0
login_host: localhost
login_user: "{{ matrix_postgres_superuser }}"
login_password: "{{ matrix_postgres_password }}"
# login_unix_socket: # defaults to not set
port: "{{ matrix_postgres_port }}"
# owner: # defaults to not set
state: present
matrix_postgres_user:
name: pgmatrix
password: matrix
encrypted: 'yes'
# priv: # defaults to not set
# role_attr_flags: # defaults to not set
db: "{{ matrix_postgres_db.name }}"
login_host: localhost
login_user: "{{ matrix_postgres_superuser }}"
login_password: "{{ matrix_postgres_password }}"
# login_unix_socket: # defaults to not set
port: "{{ matrix_postgres_port }}"
state: present
matrix_iptables_enabled: False
matrix_open_ports:
- name: allow_matrix_web
rules: |
2019-01-19 01:00:00 +00:00
-A INPUT -m state --state NEW -p tcp --dport {{ matrix_http_bind_port }} -j ACCEPT
2019-01-18 13:52:23 +00:00
state: present
2019-01-21 20:03:18 +00:00
matrix_url_preview_enabled: False
# List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. You should specify any internal services in your
# network that you do not want synapse to try to connect to, otherwise
# anyone in any Matrix room could cause your synapse to issue arbitrary
# GET requests to your internal services, causing serious security issues.
2019-01-21 20:59:36 +00:00
# matrix_url_preview_ip_blacklist: # defaults to not set
2019-01-21 20:54:33 +00:00
# - '127.0.0.0/8'
# - '10.0.0.0/8'
# - '172.16.0.0/12'
# - '192.168.0.0/16'
# - '100.64.0.0/10'
# - '169.254.0.0/16'
# - '::1/128'
# - 'fe80::/64'
# - 'fc00::/7'
2019-01-21 20:03:18 +00:00
# Optional list of URL matches that the URL preview spider is
# denied from accessing.
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
# matrix_url_preview_url_blacklist:
2019-01-21 20:54:33 +00:00
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
# - netloc: '^([A-f0-9:]+:+)+[A-f0-9]+$'
2019-01-21 20:03:18 +00:00
matrix_url_preview_max_spider_size: 10M
2019-01-19 00:30:45 +00:00
matrix_tls_enabled: False
2019-01-19 02:27:47 +00:00
matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
matrix_tls_dhparam_size: 2048
2019-01-19 00:30:45 +00:00
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
2019-01-18 13:52:23 +00:00
matrix_tls_cert_source: mycert.pem
matrix_tls_key_source: mykey.pem
matrix_nginx_vhost_enabled: False
matrix_nginx_server: localhost
matrix_nginx_vhost_dir: /etc/nginx/sites-available
matrix_nginx_vhost_symlink: /etc/nginx/sites-enabled
matrix_nginx_iptables_enabled: False
matrix_nginx_tls_enabled: False
matrix_nginx_tls_cert_file: matrix-cert.pem
matrix_nginx_tls_key_file: matrix-key.pem
2019-01-19 01:00:00 +00:00
matrix_nginx_proxy_port: "{{ matrix_http_bind_port }}"
matrix_nginx_proxy_ip: "{{ matrix_http_bind_ips[0] }}"