xoxys.matrix/defaults/main.yml

---
matrix_version: "1.2.1"

matrix_user: matrix
matrix_user_home: "/home/{{ matrix_user }}"
matrix_group: "{{ matrix_user }}"
matrix_extra_groups: []

# @var matrix_packages:description: Ensure EPEL repo is available at this server
matrix_packages:
  - "@Development tools"
  - libtiff-devel
  - libjpeg-devel
  - libzip-devel
  - freetype-devel
  - lcms2-devel
  - libwebp-devel
  - tcl-devel
  - tk-devel
  - redhat-rpm-config
  - python36-devel
  - libffi-devel
  - openssl-devel

matrix_packages_extra: []

matrix_base_dir: "/opt/matrix"
matrix_conf_dir: "{{ matrix_base_dir }}/config"
matrix_data_dir: "{{ matrix_base_dir }}/data"
matrix_log_dir: "{{ matrix_base_dir }}/log"

matrix_log_file_level: INFO
matrix_log_console_level: ERROR
matrix_log_synapse_level: INFO
matrix_log_synapse_sql_level: INFO
matrix_log_ldap_level: INFO
matrix_log_ldap_auth_level: INFO

matrix_restart_policy: "on-failure"

matrix_server_url: example.com
matrix_client_url: https://matrix.example.com

matrix_web_client_location: /path/to/web/root
matrix_filter_timeline_limit: -1

matrix_http_bind_ips:
  - '::'
  - '0.0.0.0'
matrix_http_bind_port: 8008

matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
matrix_https_bind_port: 8448

matrix_ldap_auth_enabled: False
matrix_ldap_auth_server: ldaps://ldap.example.com:636
matrix_ldap_auth_use_starttls: "false"
matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
matrix_ldap_auth_uid_attr: "uid"
matrix_ldap_auth_mail_attr: "email"
matrix_ldap_auth_name_attr: "cn"
# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
# matrix_ldap_auth_bind_password: # defaults to not set
# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set

# @var matrix_db_type:description: Sopported values are `pgsql` and `sqlite`.
matrix_db_type: pgsql
matrix_db_server: localhost
matrix_db_port: 5432
matrix_db_name: matrix
matrix_db_user: pgmatrix
matrix_db_password: secure
matrix_db_ssl_mode: disable
matrix_db_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt

matrix_url_preview_enabled: False

# List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. You should specify any internal services in your
# network that you do not want synapse to try to connect to, otherwise
# anyone in any Matrix room could cause your synapse to issue arbitrary
# GET requests to your internal services, causing serious security issues.
# matrix_url_preview_ip_blacklist: # defaults to not set
#   - '127.0.0.0/8'
#   - '10.0.0.0/8'
#   - '172.16.0.0/12'
#   - '192.168.0.0/16'
#   - '100.64.0.0/10'
#   - '169.254.0.0/16'
#   - '::1/128'
#   - 'fe80::/64'
#   - 'fc00::/7'

# Optional list of URL matches that the URL preview spider is
# denied from accessing.
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
# matrix_url_preview_url_blacklist:
#   - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
#   - netloc: '^([A-f0-9:]+:+)+[A-f0-9]+$'
matrix_url_preview_max_spider_size: 10M

# @var matrix_rc_login_address:description: >
# Ratelimiting settings for login requests based on the client's IP address.
# @end
# @var matrix_rc_login_address: >
# matrix_rc_login_address:
#   per_second: 0.17
#   burst_count: 3
# @var

# @var matrix_rc_login_account:description: >
# Ratelimiting settings for login requests based on the account the
# client is attempting to log into.
# @end
# @var matrix_rc_login_account: >
# matrix_rc_login_account:
#   per_second: 0.17
#   burst_count: 3
# @var

matrix_macaroon_secret_key: "jr;vhMlW=+U8pwBhVE^=6.,M94Gcyg_07Z-nNAsgj4ZZ:ew:HV"
matrix_form_secret: "oFP3m&,r^wJ=Tr#=Ruww5+h0e;-DZqcuVGXV4XgRZIAt~Gv2YF"

matrix_tls_enabled: False
matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
matrix_tls_dhparam_size: 2048
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
matrix_tls_cert_source: mycert.pem
matrix_tls_key_source: mykey.pem