matrix/helsinki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
helsinki/host_vars/matrix.homedungeon.xyz/vars.yml
Nikita Simonov 9309bff1a2 cleanup
2026-02-23 01:11:33 +04:00

179 lines
8.2 KiB
YAML
Raw Permalink Blame History

---
# The bare domain name which represents your Matrix identity.
# Matrix user IDs for your server will be of the form (`@alice:example.com`).
#
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.example.com", see `matrix_server_fqn_matrix`).
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
matrix_domain: homedungeon.xyz
# synapse-admin
matrix_synapse_admin_enabled: true
# federation
matrix_static_files_container_labels_base_domain_enabled: true
# The Matrix homeserver software to install.
# See:
# - `roles/custom/matrix-base/defaults/main.yml` for valid options
# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
#
# By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
#
# Note that the homeserver implementation of a server will not be able to be changed without data loss.
matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred. You can create one with a command like `pwgen -s 64 1`.
matrix_homeserver_generic_secret_key: '{{ vault.matrix_homeserver_generic_secret_key }}'
# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
# For alternatives, see `docs/configuring-playbook-own-webserver.md`.
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
# Controls whether container networks will be created with IPv6 support.
#
# If you also have IPv6 support on your server/network and AAAA DNS records pointing to the server,
# enabling this will effectively give you full public IPv6 connectivity (powered by NAT66).
#
# We recommend leaving this enabled even if you don't currently have IPv6 connectivity on your server/network.
# This way, once you eventually get IPv6 connectivity, you won't have to change anything (besides DNS records).
#
# Flipping this setting later on requires manual work (stopping services, deleting and recreating all container networks).
#
# In the future, this setting will likely default to `true`, so if you really want IPv6 disabled, explicitly set this to `false`.
#
# People managing Docker themselves and running an older Docker version will need additional configuration.
#
# Learn more in `docs/configuring-ipv6.md`.
devture_systemd_docker_base_ipv6_enabled: true
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service) using this superuser account.
#
# Changing this value subsequently requires manual work.
# The value used here must be shorter than 100 characters.
postgres_connection_password: '{{ vault.postgres_connection_password }}'
# By default, we configure coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.
#
# If `ansible_host` is not the server's external IP address, you have 2 choices:
# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
# 2. Uncomment and adjust the line below to specify an IP address manually
#
# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
# (see `roles/custom/matrix-coturn/defaults/main.yml`).
#
# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
#
# matrix_coturn_turn_external_ip_address: ''
## Disable ACME / Let's Encrypt support.
#traefik_config_certificatesResolvers_acme_enabled: false
#
## Disabling ACME support (above) automatically disables the SSL directory to be created.
## Force-enable it to be created with this configuration, because we'll add our certificate files there.
#traefik_ssl_dir_enabled: true
#
## Tell Traefik to load our custom SSL key pair by extending provider configuration.
## The key pair files are created below, in `aux_file_definitions`.
## Note that the `/ssl/…` path is an **in-container path**, not a path on the host (like `/matrix/traefik/ssl`). Do not change it!
#traefik_provider_configuration_extension_yaml:
# tls:
# certificates:
# - certFile: /ssl/cert.pem
# keyFile: /ssl/privkey.pem
# stores:
# default:
# defaultCertificate:
# certFile: /ssl/cert.pem
# keyFile: /ssl/privkey.pem
#
# Use the aux role to create our custom files on the server.
# If you'd like to do this manually, remove this `aux_file_definitions` variable.
#aux_file_definitions:
# # Create the privkey.pem file on the server by
# # uploading a file from the computer where Ansible is running.
# - dest: "{{ traefik_ssl_dir_path }}/privkey.pem"
# src: inventory/ssl/privkey.pem
# # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# # Mind the indentation level (indented with two white space characters).
# # content: |
# # FILE CONTENT
# # HERE
#
# # Create the cert.pem file on the server
# # uploading a file from the computer where Ansible is running.
# - dest: "{{ traefik_ssl_dir_path }}/cert.pem"
# src: inventory/ssl/cert.pem
# # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# # Mind the indentation level (indented with two white space characters).
# # content: |
# # FILE CONTENT
# # HERE
########################################################################
# #
# jitsi #
# #
########################################################################
jitsi_enabled: true
########################################################################
# #
# /jitsi #
# #
########################################################################
########################################################################
# #
# ntfy #
# #
########################################################################
ntfy_enabled: true
ntfy_web_root: app
ntfy_credentials:
- username: nikitsim
password: "{{ vault.ntfy_password_nikitsim }}"
admin: false
- username: reaper
password: "{{ vault.ntfy_password_reaper }}"
admin: true
########################################################################
# #
# /ntfy #
# #
########################################################################
# appservice-double-puppet (for bridges)
matrix_appservice_double_puppet_enabled: true
# mautrix bridges
matrix_bridges_encryption_enabled: true
matrix_bridges_encryption_default: true
# mautrix-telegram
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault.matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault.matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_bot_token: "{{ vault.matrix_mautrix_telegram_bot_token }}"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
permissions:
'*': relaybot
matrix_mautrix_telegram_filter_mode: whitelist
Reference in New Issue View Git Blame Copy Permalink