2019-01-18 13:52:23 +00:00
|
|
|
---
|
|
|
|
matrix_version: 0.34.1.1
|
|
|
|
|
|
|
|
matrix_user: matrix
|
|
|
|
matrix_user_home: "/home/{{ matrix_user }}"
|
|
|
|
# matrix_uid: # defaults to not set
|
|
|
|
matrix_group: "{{ matrix_user }}"
|
|
|
|
# matrix_gid: # defaults to not set
|
|
|
|
matrix_extra_groups: []
|
|
|
|
|
|
|
|
# Ensure EPEL repo is available at this server
|
|
|
|
matrix_dependencies:
|
|
|
|
- "@Development tools"
|
|
|
|
- libtiff-devel
|
|
|
|
- libjpeg-devel
|
|
|
|
- libzip-devel
|
|
|
|
- freetype-devel
|
|
|
|
- lcms2-devel
|
|
|
|
- libwebp-devel
|
|
|
|
- tcl-devel
|
|
|
|
- tk-devel
|
|
|
|
- redhat-rpm-config
|
|
|
|
- python-virtualenv
|
2019-01-19 01:41:42 +00:00
|
|
|
- python36-devel
|
2019-01-18 13:52:23 +00:00
|
|
|
- libffi-devel
|
|
|
|
- openssl-devel
|
|
|
|
|
|
|
|
# Create separate LVM storage for matrix
|
|
|
|
matrix_lvm_enabled: False
|
|
|
|
# This variables are only necessary if matrix_lvm_enabled is 'True'
|
|
|
|
# Set physical volumes to use in LVM
|
|
|
|
# matrix_lvm_pvs: # ['/dev/sdb', '/dev/sdc']
|
|
|
|
# matrix_lvm_vg: # "vg_matrix"
|
|
|
|
# matrix_lvm_lv: # "lv_matrix"
|
|
|
|
# matrix_lvm_fstype: # ext4
|
|
|
|
# matrix_lvm_size: # "50G"
|
|
|
|
|
|
|
|
matrix_base_dir: "/opt/matrix"
|
|
|
|
matrix_conf_dir: "{{ matrix_base_dir }}/config"
|
2019-01-19 00:30:45 +00:00
|
|
|
matrix_data_dir: "{{ matrix_base_dir }}/data"
|
2019-01-30 21:35:57 +00:00
|
|
|
matrix_log_dir: "{{ matrix_base_dir }}/log"
|
2019-01-18 13:52:23 +00:00
|
|
|
|
2019-01-23 20:30:38 +00:00
|
|
|
matrix_log_file_level: INFO
|
|
|
|
matrix_log_console_level: ERROR
|
|
|
|
matrix_log_synapse_level: INFO
|
|
|
|
matrix_log_synapse_sql_level: INFO
|
|
|
|
matrix_log_ldap_level: INFO
|
|
|
|
matrix_log_ldap_auth_level: INFO
|
|
|
|
|
2019-01-30 21:35:57 +00:00
|
|
|
matrix_logrotate_enabled: False
|
|
|
|
matrix_logrotate_config:
|
|
|
|
- log: "{{ matrix_log_dir }}/homeserver.log"
|
|
|
|
options:
|
|
|
|
- weekly
|
|
|
|
- rotate 4
|
|
|
|
- maxsize 250K
|
|
|
|
- compress
|
|
|
|
- shred
|
|
|
|
|
2019-01-20 13:55:58 +00:00
|
|
|
matrix_server_url: example.com
|
|
|
|
matrix_client_url: https://matrix.example.com
|
2019-01-19 00:30:45 +00:00
|
|
|
|
|
|
|
matrix_http_bind_ips:
|
|
|
|
- '::'
|
|
|
|
- '0.0.0.0'
|
|
|
|
matrix_http_bind_port: 8008
|
|
|
|
|
|
|
|
matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
|
|
|
|
matrix_https_bind_port: 8448
|
2019-01-18 13:52:23 +00:00
|
|
|
|
2019-01-19 21:02:52 +00:00
|
|
|
matrix_ldap_auth_enabled: False
|
|
|
|
matrix_ldap_auth_server: ldaps://ldap.example.com:636
|
|
|
|
matrix_ldap_auth_use_starttls: "false"
|
|
|
|
matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
|
|
|
|
matrix_ldap_auth_uid_attr: "uid"
|
|
|
|
matrix_ldap_auth_mail_attr: "email"
|
|
|
|
matrix_ldap_auth_name_attr: "cn"
|
|
|
|
# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
|
|
|
|
# matrix_ldap_auth_bind_password: # defaults to not set
|
|
|
|
# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set
|
|
|
|
|
2019-01-18 13:52:23 +00:00
|
|
|
matrix_postgres_enabled: False
|
2019-01-19 00:30:45 +00:00
|
|
|
matrix_postgres_ssl_mode: disable
|
2019-01-19 14:37:45 +00:00
|
|
|
matrix_postgres_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
|
2019-01-18 13:52:23 +00:00
|
|
|
matrix_postgres_server: postgres.example.com
|
|
|
|
matrix_postgres_port: 5432
|
|
|
|
matrix_postgres_superuser: postgres
|
|
|
|
matrix_postgres_password: secure
|
|
|
|
|
|
|
|
matrix_postgres_db:
|
|
|
|
name: matrix
|
|
|
|
lc_collate: en_US.UTF-8
|
|
|
|
lc_ctype: en_US.UTF-8'
|
|
|
|
encoding: UTF-8
|
|
|
|
template: template0
|
|
|
|
login_host: localhost
|
|
|
|
login_user: "{{ matrix_postgres_superuser }}"
|
|
|
|
login_password: "{{ matrix_postgres_password }}"
|
|
|
|
# login_unix_socket: # defaults to not set
|
|
|
|
port: "{{ matrix_postgres_port }}"
|
|
|
|
# owner: # defaults to not set
|
|
|
|
state: present
|
|
|
|
|
|
|
|
matrix_postgres_user:
|
|
|
|
name: pgmatrix
|
|
|
|
password: matrix
|
|
|
|
encrypted: 'yes'
|
|
|
|
# priv: # defaults to not set
|
|
|
|
# role_attr_flags: # defaults to not set
|
|
|
|
db: "{{ matrix_postgres_db.name }}"
|
|
|
|
login_host: localhost
|
|
|
|
login_user: "{{ matrix_postgres_superuser }}"
|
|
|
|
login_password: "{{ matrix_postgres_password }}"
|
|
|
|
# login_unix_socket: # defaults to not set
|
|
|
|
port: "{{ matrix_postgres_port }}"
|
|
|
|
state: present
|
|
|
|
|
|
|
|
matrix_iptables_enabled: False
|
|
|
|
matrix_open_ports:
|
|
|
|
- name: allow_matrix_web
|
|
|
|
rules: |
|
2019-01-19 01:00:00 +00:00
|
|
|
-A INPUT -m state --state NEW -p tcp --dport {{ matrix_http_bind_port }} -j ACCEPT
|
2019-01-18 13:52:23 +00:00
|
|
|
state: present
|
|
|
|
|
2019-01-21 20:03:18 +00:00
|
|
|
matrix_url_preview_enabled: False
|
|
|
|
|
|
|
|
# List of IP address CIDR ranges that the URL preview spider is denied
|
|
|
|
# from accessing. You should specify any internal services in your
|
|
|
|
# network that you do not want synapse to try to connect to, otherwise
|
|
|
|
# anyone in any Matrix room could cause your synapse to issue arbitrary
|
|
|
|
# GET requests to your internal services, causing serious security issues.
|
2019-01-21 20:59:36 +00:00
|
|
|
# matrix_url_preview_ip_blacklist: # defaults to not set
|
2019-01-21 20:54:33 +00:00
|
|
|
# - '127.0.0.0/8'
|
|
|
|
# - '10.0.0.0/8'
|
|
|
|
# - '172.16.0.0/12'
|
|
|
|
# - '192.168.0.0/16'
|
|
|
|
# - '100.64.0.0/10'
|
|
|
|
# - '169.254.0.0/16'
|
|
|
|
# - '::1/128'
|
|
|
|
# - 'fe80::/64'
|
|
|
|
# - 'fc00::/7'
|
2019-01-21 20:03:18 +00:00
|
|
|
|
|
|
|
# Optional list of URL matches that the URL preview spider is
|
|
|
|
# denied from accessing.
|
|
|
|
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
|
|
|
|
# matrix_url_preview_url_blacklist:
|
2019-01-21 20:54:33 +00:00
|
|
|
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
|
|
|
|
# - netloc: '^([A-f0-9:]+:+)+[A-f0-9]+$'
|
2019-01-21 20:03:18 +00:00
|
|
|
matrix_url_preview_max_spider_size: 10M
|
|
|
|
|
2019-01-19 00:30:45 +00:00
|
|
|
matrix_tls_enabled: False
|
2019-01-19 02:27:47 +00:00
|
|
|
matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
|
|
|
|
matrix_tls_dhparam_size: 2048
|
2019-01-19 00:30:45 +00:00
|
|
|
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
|
|
|
|
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
|
2019-01-18 13:52:23 +00:00
|
|
|
matrix_tls_cert_source: mycert.pem
|
|
|
|
matrix_tls_key_source: mykey.pem
|
|
|
|
|
|
|
|
matrix_nginx_vhost_enabled: False
|
|
|
|
matrix_nginx_server: localhost
|
|
|
|
matrix_nginx_vhost_dir: /etc/nginx/sites-available
|
|
|
|
matrix_nginx_vhost_symlink: /etc/nginx/sites-enabled
|
|
|
|
matrix_nginx_iptables_enabled: False
|
|
|
|
matrix_nginx_tls_enabled: False
|
|
|
|
matrix_nginx_tls_cert_file: matrix-cert.pem
|
|
|
|
matrix_nginx_tls_key_file: matrix-key.pem
|
2019-01-19 01:00:00 +00:00
|
|
|
matrix_nginx_proxy_port: "{{ matrix_http_bind_port }}"
|
|
|
|
matrix_nginx_proxy_ip: "{{ matrix_http_bind_ips[0] }}"
|