--- # The bare domain name which represents your Matrix identity. # Matrix user IDs for your server will be of the form (`@alice:example.com`). # # Note: this playbook does not touch the server referenced here. # Installation happens on another server ("matrix.example.com", see `matrix_server_fqn_matrix`). # # If you've deployed using the wrong domain, you'll have to run the Uninstalling step, # because you can't change the Domain after deployment. matrix_domain: homedungeon.xyz # synapse-admin matrix_synapse_admin_enabled: true # federation matrix_static_files_container_labels_base_domain_enabled: true # The Matrix homeserver software to install. # See: # - `roles/custom/matrix-base/defaults/main.yml` for valid options # - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice # # By default, we use Synapse, because it's the only full-featured Matrix server at the moment. # # Note that the homeserver implementation of a server will not be able to be changed without data loss. matrix_homeserver_implementation: synapse # A secret used as a base, for generating various other secrets. # You can put any string here, but generating a strong one is preferred. You can create one with a command like `pwgen -s 64 1`. matrix_homeserver_generic_secret_key: '{{ vault.matrix_homeserver_generic_secret_key }}' # By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server. # It will retrieve SSL certificates for you on-demand and forward requests to all other components. # For alternatives, see `docs/configuring-playbook-own-webserver.md`. matrix_playbook_reverse_proxy_type: playbook-managed-traefik # Controls whether container networks will be created with IPv6 support. # # If you also have IPv6 support on your server/network and AAAA DNS records pointing to the server, # enabling this will effectively give you full public IPv6 connectivity (powered by NAT66). # # We recommend leaving this enabled even if you don't currently have IPv6 connectivity on your server/network. # This way, once you eventually get IPv6 connectivity, you won't have to change anything (besides DNS records). # # Flipping this setting later on requires manual work (stopping services, deleting and recreating all container networks). # # In the future, this setting will likely default to `true`, so if you really want IPv6 disabled, explicitly set this to `false`. # # People managing Docker themselves and running an older Docker version will need additional configuration. # # Learn more in `docs/configuring-ipv6.md`. devture_systemd_docker_base_ipv6_enabled: true # A Postgres password to use for the superuser Postgres user (called `matrix` by default). # # The playbook creates additional Postgres users and databases (one for each enabled service) using this superuser account. # # Changing this value subsequently requires manual work. # The value used here must be shorter than 100 characters. postgres_connection_password: '{{ vault.postgres_connection_password }}' # By default, we configure coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file. # If this value is an external IP address, you can skip this section. # # If `ansible_host` is not the server's external IP address, you have 2 choices: # 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below) # 2. Uncomment and adjust the line below to specify an IP address manually # # By default, auto-detection will be attempted using the `https://ifconfig.co/json` API. # Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role # (see `roles/custom/matrix-coturn/defaults/main.yml`). # # If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses. # Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']` # # matrix_coturn_turn_external_ip_address: '' ## Disable ACME / Let's Encrypt support. #traefik_config_certificatesResolvers_acme_enabled: false # ## Disabling ACME support (above) automatically disables the SSL directory to be created. ## Force-enable it to be created with this configuration, because we'll add our certificate files there. #traefik_ssl_dir_enabled: true # ## Tell Traefik to load our custom SSL key pair by extending provider configuration. ## The key pair files are created below, in `aux_file_definitions`. ## Note that the `/ssl/…` path is an **in-container path**, not a path on the host (like `/matrix/traefik/ssl`). Do not change it! #traefik_provider_configuration_extension_yaml: # tls: # certificates: # - certFile: /ssl/cert.pem # keyFile: /ssl/privkey.pem # stores: # default: # defaultCertificate: # certFile: /ssl/cert.pem # keyFile: /ssl/privkey.pem # # Use the aux role to create our custom files on the server. # If you'd like to do this manually, remove this `aux_file_definitions` variable. #aux_file_definitions: # # Create the privkey.pem file on the server by # # uploading a file from the computer where Ansible is running. # - dest: "{{ traefik_ssl_dir_path }}/privkey.pem" # src: inventory/ssl/privkey.pem # # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # # Mind the indentation level (indented with two white space characters). # # content: | # # FILE CONTENT # # HERE # # # Create the cert.pem file on the server # # uploading a file from the computer where Ansible is running. # - dest: "{{ traefik_ssl_dir_path }}/cert.pem" # src: inventory/ssl/cert.pem # # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # # Mind the indentation level (indented with two white space characters). # # content: | # # FILE CONTENT # # HERE ######################################################################## # # # jitsi # # # ######################################################################## jitsi_enabled: true ######################################################################## # # # /jitsi # # # ######################################################################## ######################################################################## # # # ntfy # # # ######################################################################## ntfy_enabled: true ntfy_web_root: app ntfy_credentials: - username: nikitsim password: "{{ vault.ntfy_password_nikitsim }}" admin: false - username: reaper password: "{{ vault.ntfy_password_reaper }}" admin: true ######################################################################## # # # /ntfy # # # ######################################################################## # appservice-double-puppet (for bridges) matrix_appservice_double_puppet_enabled: true # mautrix bridges matrix_bridges_encryption_enabled: true matrix_bridges_encryption_default: true # mautrix-telegram matrix_mautrix_telegram_enabled: true matrix_mautrix_telegram_api_id: "{{ vault.matrix_mautrix_telegram_api_id }}" matrix_mautrix_telegram_api_hash: "{{ vault.matrix_mautrix_telegram_api_hash }}" matrix_mautrix_telegram_bot_token: "{{ vault.matrix_mautrix_telegram_bot_token }}" matrix_mautrix_telegram_configuration_extension_yaml: | bridge: permissions: '*': relaybot matrix_mautrix_telegram_filter_mode: whitelist