--- matrix_version: "1.2.1" matrix_user: matrix matrix_user_home: "/home/{{ matrix_user }}" matrix_group: "{{ matrix_user }}" matrix_extra_groups: [] # @var matrix_packages:description: Ensure EPEL repo is available at this server matrix_packages: - "@Development tools" - libtiff-devel - libjpeg-devel - libzip-devel - freetype-devel - lcms2-devel - libwebp-devel - tcl-devel - tk-devel - redhat-rpm-config - python-virtualenv - python36-devel - libffi-devel - openssl-devel matrix_packages_extra: [] matrix_base_dir: "/opt/matrix" matrix_conf_dir: "{{ matrix_base_dir }}/config" matrix_data_dir: "{{ matrix_base_dir }}/data" matrix_log_dir: "{{ matrix_base_dir }}/log" matrix_log_file_level: INFO matrix_log_console_level: ERROR matrix_log_synapse_level: INFO matrix_log_synapse_sql_level: INFO matrix_log_ldap_level: INFO matrix_log_ldap_auth_level: INFO matrix_logrotate_enabled: False matrix_logrotate_config: - log: "{{ matrix_log_dir }}/homeserver.log" options: - weekly - rotate 5 - maxsize 512K - compress - delaycompress - "create 640 {{ matrix_user }} {{ matrix_group }}" matrix_restart_policy: "on-failure" matrix_server_url: example.com matrix_client_url: https://matrix.example.com matrix_web_client_location: /path/to/web/root matrix_filter_timeline_limit: -1 matrix_http_bind_ips: - '::' - '0.0.0.0' matrix_http_bind_port: 8008 matrix_https_bind_ips: "{{ matrix_http_bind_ips }}" matrix_https_bind_port: 8448 matrix_ldap_auth_enabled: False matrix_ldap_auth_server: ldaps://ldap.example.com:636 matrix_ldap_auth_use_starttls: "false" matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com" matrix_ldap_auth_uid_attr: "uid" matrix_ldap_auth_mail_attr: "email" matrix_ldap_auth_name_attr: "cn" # matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set # matrix_ldap_auth_bind_password: # defaults to not set # matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set # @var matrix_db_type:description: Sopported values are `pgsql` and `sqlite`. matrix_db_type: pgsql matrix_db_server: localhost matrix_db_port: 5432 matrix_db_name: matrix matrix_db_user: pgmatrix matrix_db_password: secure matrix_db_ssl_mode: disable matrix_db_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt matrix_url_preview_enabled: False # List of IP address CIDR ranges that the URL preview spider is denied # from accessing. You should specify any internal services in your # network that you do not want synapse to try to connect to, otherwise # anyone in any Matrix room could cause your synapse to issue arbitrary # GET requests to your internal services, causing serious security issues. # matrix_url_preview_ip_blacklist: # defaults to not set # - '127.0.0.0/8' # - '10.0.0.0/8' # - '172.16.0.0/12' # - '192.168.0.0/16' # - '100.64.0.0/10' # - '169.254.0.0/16' # - '::1/128' # - 'fe80::/64' # - 'fc00::/7' # Optional list of URL matches that the URL preview spider is # denied from accessing. # https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit # matrix_url_preview_url_blacklist: # - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' # - netloc: '^([A-f0-9:]+:+)+[A-f0-9]+$' matrix_url_preview_max_spider_size: 10M # @var matrix_rc_login_address:description: > # Ratelimiting settings for login requests based on the client's IP address. # @end # @var matrix_rc_login_address: > # matrix_rc_login_address: # per_second: 0.17 # burst_count: 3 # @var # @var matrix_rc_login_account:description: > # Ratelimiting settings for login requests based on the account the # client is attempting to log into. # @end # @var matrix_rc_login_account: > # matrix_rc_login_account: # per_second: 0.17 # burst_count: 3 # @var matrix_macaroon_secret_key: "jr;vhMlW=+U8pwBhVE^=6.,M94Gcyg_07Z-nNAsgj4ZZ:ew:HV" matrix_form_secret: "oFP3m&,r^wJ=Tr#=Ruww5+h0e;-DZqcuVGXV4XgRZIAt~Gv2YF" matrix_tls_enabled: False matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem" matrix_tls_dhparam_size: 2048 matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem" matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem" matrix_tls_cert_source: mycert.pem matrix_tls_key_source: mykey.pem