xoxys.matrix/defaults/main.yml

131 lines
3.9 KiB
YAML

---
matrix_version: "1.12.0"
matrix_user: matrix
matrix_user_home: "/home/{{ matrix_user }}"
matrix_group: "{{ matrix_user }}"
matrix_extra_groups: []
# @var matrix_packages:description: Ensure EPEL repo is available at this server
matrix_packages:
- "@Development tools"
- libtiff-devel
- libjpeg-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- tcl-devel
- tk-devel
- redhat-rpm-config
- python36-devel
- libffi-devel
- openssl-devel
matrix_packages_extra: []
matrix_base_dir: "/opt/matrix"
matrix_conf_dir: "{{ matrix_base_dir }}/config"
matrix_data_dir: "{{ matrix_base_dir }}/data"
matrix_log_dir: "{{ matrix_base_dir }}/log"
matrix_log_file_level: INFO
matrix_log_console_level: ERROR
matrix_log_synapse_level: INFO
matrix_log_synapse_sql_level: INFO
matrix_log_ldap_level: INFO
matrix_log_ldap_auth_level: INFO
matrix_restart_policy: "on-failure"
matrix_server_url: example.com
matrix_client_url: https://matrix.example.com
matrix_web_client_location: /path/to/web/root
matrix_filter_timeline_limit: -1
matrix_http_bind_ips:
- '::'
- '0.0.0.0'
matrix_http_bind_port: 8008
matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
matrix_https_bind_port: 8448
matrix_ldap_auth_enabled: False
matrix_ldap_auth_server: ldaps://ldap.example.com:636
matrix_ldap_auth_use_starttls: "false"
matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
matrix_ldap_auth_uid_attr: "uid"
matrix_ldap_auth_mail_attr: "email"
matrix_ldap_auth_name_attr: "cn"
# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
# matrix_ldap_auth_bind_password: # defaults to not set
# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set
# @var matrix_db_type:description: Sopported values are `pgsql` and `sqlite`.
matrix_db_type: pgsql
matrix_db_server: localhost
matrix_db_port: 5432
matrix_db_name: matrix
matrix_db_user: pgmatrix
matrix_db_password: secure
matrix_db_ssl_mode: disable
matrix_db_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
matrix_url_preview_enabled: False
# List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. You should specify any internal services in your
# network that you do not want synapse to try to connect to, otherwise
# anyone in any Matrix room could cause your synapse to issue arbitrary
# GET requests to your internal services, causing serious security issues.
# matrix_url_preview_ip_blacklist: # defaults to not set
# - '127.0.0.0/8'
# - '10.0.0.0/8'
# - '172.16.0.0/12'
# - '192.168.0.0/16'
# - '100.64.0.0/10'
# - '169.254.0.0/16'
# - '::1/128'
# - 'fe80::/64'
# - 'fc00::/7'
# Optional list of URL matches that the URL preview spider is
# denied from accessing.
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
# matrix_url_preview_url_blacklist:
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
# - netloc: '^([A-f0-9:]+:+)+[A-f0-9]+$'
matrix_url_preview_max_spider_size: 10M
# @var matrix_rc_login_address:description: >
# Ratelimiting settings for login requests based on the client's IP address.
# @end
# @var matrix_rc_login_address: >
# matrix_rc_login_address:
# per_second: 0.17
# burst_count: 3
# @var
# @var matrix_rc_login_account:description: >
# Ratelimiting settings for login requests based on the account the
# client is attempting to log into.
# @end
# @var matrix_rc_login_account: >
# matrix_rc_login_account:
# per_second: 0.17
# burst_count: 3
# @var
matrix_macaroon_secret_key: "jr;vhMlW=+U8pwBhVE^=6.,M94Gcyg_07Z-nNAsgj4ZZ:ew:HV"
matrix_form_secret: "oFP3m&,r^wJ=Tr#=Ruww5+h0e;-DZqcuVGXV4XgRZIAt~Gv2YF"
matrix_tls_enabled: False
matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
matrix_tls_dhparam_size: 2048
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
matrix_tls_cert_source: mycert.pem
matrix_tls_key_source: mykey.pem