diff --git a/tasks/main.yml b/tasks/main.yml index 010631d..d4911f4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -51,51 +51,38 @@ ## ## Most settings are configurable but some settings are owned by the chart and can't overwritten additional: - email: - from: '"Matrix Authentication Service" ' - reply_to: '"No reply" ' - transport: smtp - mode: tls - hostname: postfix.eom.dev - port: 587 - username: matrix-authentication-service - password: "{{ matrix_auth_service_admin_password }}" - upstream_oauth2: - providers: - - id: 01JG22H4F0G8PYCZ5HVTQVHBC4 - issuer: https://google.com/ - client_id: "{{ matrix_google_oidc_client_id }}" - client_secret: "{{ matrix_google_oidc_client_secret }}" - token_endpoint_auth_method: client_secret_basic - discovery_mode: oidc - claims_imports: - subject: - template: "{{ '{{ user.sub }}' | quote }}" - - # -- The localpart is the local part of the user's Matrix ID. - # For example, on the `example.com` server, if the localpart is `alice`, - # the user's Matrix ID will be `@alice:example.com`. - localpart: - action: require - template: "{{ '{{ user.preferred_username }}' | quote }}" - - # -- The display name is the user's display name. - displayname: - action: suggest - template: "{{ '{{ user.name }}' | quote }}" - - # -- An email address to import. - email: - action: suggest - template: "{{ '{{ user.email }}' | quote }}" - # -- Whether the email address must be marked as verified. - # Possible values are: - # - `import`: mark the email address as verified if the upstream provider - # has marked it as verified, using the `email_verified` claim. - # This is the default. - # - `always`: mark the email address as verified - # - `never`: mark the email address as not verified - set_email_verification: import + 0-customConfig: + config: | + email: + from: '"Matrix Authentication Service" ' + reply_to: '"No reply" ' + transport: smtp + mode: tls + hostname: postfix.eom.dev + port: 587 + username: matrix-authentication-service + password: "{{ matrix_auth_service_admin_password }}" + upstream_oauth2: + providers: + - id: 01JG22H4F0G8PYCZ5HVTQVHBC4 + human_name: Google + brand_name: google + issuer: https://accounts.google.com + client_id: "{{ matrix_google_oidc_client_id }}" + client_secret: "{{ matrix_google_oidc_client_secret }}" + token_endpoint_auth_method: client_secret_post + scope: openid profile email + claims_imports: + localpart: + action: ignore + displayname: + action: require + template: "{{ '{{ user.name }}' }}" + email: + action: require + template: "{{ '{{ user.email }}' }}" + account_name: + template: "{{ '{{ user.email }}' }}" ingress: host: mas.eom.dev postgres: @@ -112,7 +99,7 @@ ## The size of a PersistentVolumeClaim to be constructed ## Ignored if existingClaim is provided - size: 256Gi + size: 2Ti ## The StorageClass to be used by the constructed PersistentVolumeClaim. ## Will use the cluster default if not provided @@ -126,26 +113,16 @@ ## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads ## You may need to adjust your ingress controller to also allow uploads of this size maxUploadSize: 100M - ## Key used to sign events and federation requests. - ## This needs to be the full signing key starting `ed25519 ...`. - ## This secret is optional, and will be generated by the `initSecrets` job - ## if it is empty. - ## It can either be provided inline in the Helm chart e.g.: - ## signingKey: - ## value: SecretValue - ## - ## Or it can be provided via an existing Secret e.g.: - ## signingKey: - ## secret: existing-secret - ## secretKey: key-in-secret - signingKey: {} ingress: host: synapse.eom.dev - custom-config: - config: | - smtp_host: postfix.eom.dev - smtp_port: 587 - smtp_user: synapse - smtp_pass: {{ synapse_admin_password }} - client_base_url: https://element.eom.dev/ + additional: + 1-custom-config: + config: | + smtp_host: postfix.eom.dev + smtp_port: 587 + smtp_user: synapse + smtp_pass: {{ synapse_admin_password }} + client_base_url: https://element.eom.dev/ + auto_join_rooms: + - "#general:eom.dev"