-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathmain.yml
86 lines (83 loc) · 4.54 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
##### MATRIX REAL-TIME COMMUNICATION SERVER #####
# fully qualified domain name of the matrix-synapse server instance
matrix_synapse_fqdn: matrix.CHANGEME.org
# username/password for the matrix admin user
matrix_synapse_admin_user: "CHANGEME"
matrix_synapse_admin_password: "CHANGEME25"
# postgresql database password for synapse
matrix_synapse_db_password: "CHANGEME20"
# random secret used to register new users
matrix_synapse_registration_shared_secret: "CHANGEME25"
# random secret used to sign access tokens
matrix_synapse_macaroon_secret_key: "CHANGEME25"
# yes/no: whether room invites to users on this server should be blocked (except those sent by local server admins).
matrix_synapse_block_non_admin_invites: no
# yes/no: whether to enable URL previews
matrix_synapse_enable_url_previews: yes
# start/stop the matrix-synapse service, enable/disable it on boot (yes/no) (redirect users to maintenance page if disabled)
matrix_synapse_enable_service: yes
# yes/no: aggregate (verbose) synapse logs to syslog
matrix_synapse_homeserver_logs_to_syslog: no
# HTTPS and SSL/TLS certificate mode for the matrix-synapse webserver virtualhost
# letsencrypt: acquire a certificate from letsencrypt.org
# selfsigned: generate a self-signed certificate
matrix_synapse_https_mode: selfsigned
# firewall zones for the matrix server, if nodiscc.xsrv.common/firewalld role is deployed
# 'zone:' is one of firewalld zones, set 'state:' to 'disabled' to remove the rule (the default is state: enabled)
matrix_firewalld_zones:
- zone: internal
state: enabled
- zone: public
state: disabled
##### LDAP AUTHENTICATION #####
# enable/disable LDAP authentication (yes/no)
matrix_synapse_ldap: no
# if LDAP authentication is enabled, the following options must be set
# LDAP server URI
matrix_synapse_ldap_uri: "ldaps://{{ openldap_fqdn | default('ldap.CHANGEME.org') }}:636"
# use STARTTLS to connect to the LADP server
matrix_synapse_ldap_starttls: yes
# base DN to look for users in the LDAP directory
matrix_synapse_base_dn: "ou=users,dc=CHANGEME,dc=org"
# LDAP attributes corresponding to the `uid, mail, name` matrix properties
matrix_synapse_ldap_uid_attr: "cn"
matrix_synapse_ldap_mail_attr: "mail"
matrix_synapse_ldap_name_attr: "givenName"
# bind username and password to authenticate to the LDAP server
matrix_synapse_ldap_bind_dn: "cn=bind,ou=system,dc=CHANGEME,dc=org"
matrix_synapse_ldap_bind_password: "{{ openldap_bind_password | default('CHANGEME') }}"
# login filter used to lookup valid users in the LDAP directory
matrix_synapse_ldap_filter: "(objectClass=posixAccount)"
# verify validity of SSL/TLS certificates presented by the LDAP server
matrix_synapse_ldap_validate_certs: yes
##### SYNAPSE-ADMIN #####
# enable/disable the synapse-admin virtualhost (redirect users to maintenance page if disabled)
matrix_synapse_admin_enable_service: yes
# synapse-admin version (https://github.com/Awesome-Technologies/synapse-admin/releases)
matrix_synapse_admin_version: "0.10.3"
# list of IP addresses allowed to access synapse-admin and synapse admin API endpoints (IP or IP/netmask format)
# set to empty list [] to allow access from any IP address
matrix_synapse_admin_allowed_hosts: []
##### ELEMENT #####
# fully qualified domain name of the element application instance
matrix_element_fqdn: "chat.CHANGEME.org"
# mode for element video rooms (jitsi/element_call)
matrix_element_video_rooms_mode: "element_call"
# when matrix_element_video_rooms_mode = 'jitsi', domain of the Jitsi instance to use for video calls
# you can set this to your own Jitsi domain if you are hosting one, but this will NOT work with Jitsi instances set up as "secure domain"/authenticated
matrix_element_jitsi_preferred_domain: "meet.element.io"
# when matrix_element_video_rooms_mode = 'element_call', domain of the Element Call instance to use for video calls
matrix_element_call_domain: "call.element.io"
# matrix element web client version (https://github.com/vector-im/element-web/releases)
matrix_element_version: "1.11.89"
# element installation directory
element_install_dir: "/var/www/{{ matrix_element_fqdn }}"
# HTTPS and SSL/TLS certificate mode for the matrix-element webserver virtualhost
# letsencrypt: acquire a certificate from letsencrypt.org
# selfsigned: generate a self-signed certificate
matrix_element_https_mode: selfsigned
# enable/disable the element virtualhost (redirect users to maintenance page if disabled)
matrix_element_enable_service: yes
# list of IP addresses allowed to access element (IP or IP/netmask format)
# set to empty list [] to allow access from any IP address
matrix_element_allowed_hosts: []