DevOps/ansible-role-matrix-stack
2
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DevOps:eed66cd1834e81e7eb7c341f4f06d0354ce00f82
Branches Tags
DevOps:main
...
compare: DevOps:main
Branches Tags
DevOps:main

4 Commits
eed66cd183 ... main

Author SHA1 Message Date
Eric Meehan
014aa3e8da Coturn support 2025-11-06 11:32:39 -05:00
Eric Meehan
e33440366c Closes #3 2025-11-03 22:58:41 -05:00
Eric Meehan
ba8fa9ab66 Auth service 2025-06-26 12:58:00 -04:00
Eric Meehan
8c2356d303 Updated configurations 2025-05-25 22:11:55 -04:00
1 changed files with 95 additions and 66 deletions
Expand all files Collapse all files

161
tasks/main.yml
View File

@@ -29,11 +29,22 @@
matrixRTC:
ingress:
host: rtc.eom.dev
hostAliases:
- hostnames:
- eom.dev
- matrix.eom.dev
- rtc.eom.dev
- synapse.eom.dev
ip: 136.56.38.209
elementWeb:
ingress:
host: element.eom.dev
elementAdmin:
ingress:
host: element-admin.eom.dev
matrixAuthenticationService:
## Additional configuration to provide to Matrix Authentication Service.
@@ -51,51 +62,60 @@
##
## Most settings are configurable but some settings are owned by the chart and can't overwritten
additional:
email:
from: '"Matrix Authentication Service" <matrix-authentication-service@eom.dev>'
reply_to: '"No reply" <no-reply@eom.dev>'
transport: smtp
mode: tls
hostname: postfix.eom.dev
port: 587
username: matrix-authentication-service
password: "{{ matrix_auth_service_admin_password }}"
upstream_oauth2:
providers:
- id: 01JG22H4F0G8PYCZ5HVTQVHBC4
issuer: https://google.com/
client_id: "{{ matrix_google_oidc_client_id }}"
client_secret: "{{ matrix_google_oidc_client_secret }}"
token_endpoint_auth_method: client_secret_basic
discovery_mode: oidc
claims_imports:
subject:
template: "{{ '{{ user.sub }}' | quote }}"
# -- The localpart is the local part of the user's Matrix ID.
# For example, on the `example.com` server, if the localpart is `alice`,
# the user's Matrix ID will be `@alice:example.com`.
localpart:
action: require
template: "{{ '{{ user.preferred_username }}' | quote }}"
# -- The display name is the user's display name.
displayname:
action: suggest
template: "{{ '{{ user.name }}' | quote }}"
# -- An email address to import.
email:
action: suggest
template: "{{ '{{ user.email }}' | quote }}"
# -- Whether the email address must be marked as verified.
# Possible values are:
# - `import`: mark the email address as verified if the upstream provider
# has marked it as verified, using the `email_verified` claim.
# This is the default.
# - `always`: mark the email address as verified
# - `never`: mark the email address as not verified
set_email_verification: import
0-customConfig:
config: |
passwords:
enabled: true
email:
from: '"Matrix Authentication Service" <matrix-authentication-service@eom.dev>'
reply_to: '"No reply" <no-reply@eom.dev>'
transport: smtp
mode: tls
hostname: postfix.eom.dev
port: 587
username: matrix-authentication-service
password: "{{ matrix_auth_service_admin_password }}"
upstream_oauth2:
providers:
- id: 01K96AQEZKKABW34PY3R6BVNJ4
human_name: Dex
brand_name: dex
issuer: https://dex.eom.dev/
client_id: "{{ matrix_dex_oidc_client_id }}"
client_secret: "{{ matrix_dex_oidc_client_secret }}"
token_endpoint_auth_method: client_secret_basic
scope: openid profile email
claims_imports:
localpart:
action: suggest
template: "{{ '{{ user.uid }}' }}"
displayname:
action: require
template: "{{ '{{ user.name }}' }}"
email:
action: require
template: "{{ '{{ user.email }}' }}"
account_name:
template: "{{ '{{ user.email }}' }}"
- id: 01JG22H4F0G8PYCZ5HVTQVHBC4
human_name: Google
brand_name: google
issuer: https://accounts.google.com
client_id: "{{ matrix_google_oidc_client_id }}"
client_secret: "{{ matrix_google_oidc_client_secret }}"
token_endpoint_auth_method: client_secret_post
scope: openid profile email
claims_imports:
localpart:
action: ignore
displayname:
action: require
template: "{{ '{{ user.name }}' }}"
email:
action: require
template: "{{ '{{ user.email }}' }}"
account_name:
template: "{{ '{{ user.email }}' }}"
ingress:
host: mas.eom.dev
postgres:
@@ -112,7 +132,7 @@
## The size of a PersistentVolumeClaim to be constructed
## Ignored if existingClaim is provided
size: 256Gi
size: 2Ti
## The StorageClass to be used by the constructed PersistentVolumeClaim.
## Will use the cluster default if not provided
@@ -126,26 +146,35 @@
## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads
## You may need to adjust your ingress controller to also allow uploads of this size
maxUploadSize: 100M
## Key used to sign events and federation requests.
## This needs to be the full signing key starting `ed25519 ...`.
## This secret is optional, and will be generated by the `initSecrets` job
## if it is empty.
## It can either be provided inline in the Helm chart e.g.:
## signingKey:
## value: SecretValue
##
## Or it can be provided via an existing Secret e.g.:
## signingKey:
## secret: existing-secret
## secretKey: key-in-secret
signingKey: {}
ingress:
host: synapse.eom.dev
custom-config:
config: |
smtp_host: postfix.eom.dev
smtp_port: 587
smtp_user: synapse
smtp_pass: {{ synapse_admin_password }}
client_base_url: https://element.eom.dev/
additional:
1-custom-config:
config: |
experimental_features:
msc3266_enabled: true
msc4222_enabled: true
max_event_delay_duration: 24h
rc_message:
per_second: 0.5
burst_count: 30
rc_delayed_event_mgmt:
per_second: 1
burst_count: 20
enable_metrics: true
smtp_host: postfix.eom.dev
smtp_port: 587
smtp_user: synapse
smtp_pass: {{ synapse_admin_password }}
turn_uris:
- turns:coturn.eom.dev?transport=udp
- turns:coturn.eom.dev?transport=tcp
turn_shared_secret: {{ coturn_shared_secret }}
turn_user_lifetime: 86400000
turn_allow_guests: false
client_base_url: https://element.eom.dev/
auto_join_rooms:
- "#main:eom.dev"
- "#general:eom.dev"
- "#help:eom.dev"