---
matrix_version: 0.34.1.1

matrix_user: matrix
matrix_user_home: "/home/{{ matrix_user }}"
# matrix_uid: # defaults to not set
matrix_group: "{{ matrix_user }}"
# matrix_gid: # defaults to not set
matrix_extra_groups: []

# Ensure EPEL repo is available at this server
matrix_dependencies:
  - "@Development tools"
  - libtiff-devel
  - libjpeg-devel
  - libzip-devel
  - freetype-devel
  - lcms2-devel
  - libwebp-devel
  - tcl-devel
  - tk-devel
  - redhat-rpm-config
  - python-virtualenv
  - libffi-devel
  - openssl-devel

# Create separate LVM storage for matrix
matrix_lvm_enabled: False
# This variables are only necessary if matrix_lvm_enabled is 'True'
# Set physical volumes to use in LVM
# matrix_lvm_pvs: # ['/dev/sdb', '/dev/sdc']
# matrix_lvm_vg:  # "vg_matrix"
# matrix_lvm_lv: # "lv_matrix"
# matrix_lvm_fstype: # ext4
# matrix_lvm_size: # "50G"

matrix_base_dir: "/opt/matrix"
matrix_conf_dir: "{{ matrix_base_dir }}/config"
matrix_data_dir: "{{ matrix_base_dir }}/data"

matrix_base_url: http://localhost

matrix_http_bind_ips:
  - '::'
  - '0.0.0.0'
matrix_http_bind_port: 8008

matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
matrix_https_bind_port: 8448

matrix_postgres_enabled: False
matrix_postgres_ssl_mode: disable
matrix_postgres_server: postgres.example.com
matrix_postgres_port: 5432
matrix_postgres_superuser: postgres
matrix_postgres_password: secure

matrix_postgres_db:
  name: matrix
  lc_collate: en_US.UTF-8
  lc_ctype: en_US.UTF-8'
  encoding: UTF-8
  template: template0
  login_host: localhost
  login_user: "{{ matrix_postgres_superuser }}"
  login_password: "{{ matrix_postgres_password }}"
  # login_unix_socket: # defaults to not set
  port: "{{ matrix_postgres_port }}"
  # owner: # defaults to not set
  state: present

matrix_postgres_user:
  name: pgmatrix
  password: matrix
  encrypted: 'yes'
  # priv: # defaults to not set
  # role_attr_flags: # defaults to not set
  db: "{{ matrix_postgres_db.name }}"
  login_host: localhost
  login_user: "{{ matrix_postgres_superuser }}"
  login_password: "{{ matrix_postgres_password }}"
  # login_unix_socket: # defaults to not set
  port: "{{ matrix_postgres_port }}"
  state: present

matrix_iptables_enabled: False
matrix_open_ports:
  - name: allow_matrix_web
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport {{ matrix_bind_port }} -j ACCEPT
    state: present

matrix_tls_enabled: False
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
matrix_tls_cert_source: mycert.pem
matrix_tls_key_source: mykey.pem

matrix_nginx_vhost_enabled: False
matrix_nginx_server: localhost
matrix_nginx_vhost_dir: /etc/nginx/sites-available
matrix_nginx_vhost_symlink: /etc/nginx/sites-enabled
matrix_nginx_iptables_enabled: False
matrix_nginx_tls_enabled: False
matrix_nginx_tls_cert_file: matrix-cert.pem
matrix_nginx_tls_key_file: matrix-key.pem