Compare commits
4 Commits
eed66cd183
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 014aa3e8da | |||
| e33440366c | |||
| ba8fa9ab66 | |||
| 8c2356d303 |
161
tasks/main.yml
161
tasks/main.yml
@@ -29,11 +29,22 @@
|
|||||||
matrixRTC:
|
matrixRTC:
|
||||||
ingress:
|
ingress:
|
||||||
host: rtc.eom.dev
|
host: rtc.eom.dev
|
||||||
|
hostAliases:
|
||||||
|
- hostnames:
|
||||||
|
- eom.dev
|
||||||
|
- matrix.eom.dev
|
||||||
|
- rtc.eom.dev
|
||||||
|
- synapse.eom.dev
|
||||||
|
ip: 136.56.38.209
|
||||||
|
|
||||||
elementWeb:
|
elementWeb:
|
||||||
ingress:
|
ingress:
|
||||||
host: element.eom.dev
|
host: element.eom.dev
|
||||||
|
|
||||||
|
elementAdmin:
|
||||||
|
ingress:
|
||||||
|
host: element-admin.eom.dev
|
||||||
|
|
||||||
matrixAuthenticationService:
|
matrixAuthenticationService:
|
||||||
|
|
||||||
## Additional configuration to provide to Matrix Authentication Service.
|
## Additional configuration to provide to Matrix Authentication Service.
|
||||||
@@ -51,51 +62,60 @@
|
|||||||
##
|
##
|
||||||
## Most settings are configurable but some settings are owned by the chart and can't overwritten
|
## Most settings are configurable but some settings are owned by the chart and can't overwritten
|
||||||
additional:
|
additional:
|
||||||
email:
|
0-customConfig:
|
||||||
from: '"Matrix Authentication Service" <matrix-authentication-service@eom.dev>'
|
config: |
|
||||||
reply_to: '"No reply" <no-reply@eom.dev>'
|
passwords:
|
||||||
transport: smtp
|
enabled: true
|
||||||
mode: tls
|
email:
|
||||||
hostname: postfix.eom.dev
|
from: '"Matrix Authentication Service" <matrix-authentication-service@eom.dev>'
|
||||||
port: 587
|
reply_to: '"No reply" <no-reply@eom.dev>'
|
||||||
username: matrix-authentication-service
|
transport: smtp
|
||||||
password: "{{ matrix_auth_service_admin_password }}"
|
mode: tls
|
||||||
upstream_oauth2:
|
hostname: postfix.eom.dev
|
||||||
providers:
|
port: 587
|
||||||
- id: 01JG22H4F0G8PYCZ5HVTQVHBC4
|
username: matrix-authentication-service
|
||||||
issuer: https://google.com/
|
password: "{{ matrix_auth_service_admin_password }}"
|
||||||
client_id: "{{ matrix_google_oidc_client_id }}"
|
upstream_oauth2:
|
||||||
client_secret: "{{ matrix_google_oidc_client_secret }}"
|
providers:
|
||||||
token_endpoint_auth_method: client_secret_basic
|
- id: 01K96AQEZKKABW34PY3R6BVNJ4
|
||||||
discovery_mode: oidc
|
human_name: Dex
|
||||||
claims_imports:
|
brand_name: dex
|
||||||
subject:
|
issuer: https://dex.eom.dev/
|
||||||
template: "{{ '{{ user.sub }}' | quote }}"
|
client_id: "{{ matrix_dex_oidc_client_id }}"
|
||||||
|
client_secret: "{{ matrix_dex_oidc_client_secret }}"
|
||||||
# -- The localpart is the local part of the user's Matrix ID.
|
token_endpoint_auth_method: client_secret_basic
|
||||||
# For example, on the `example.com` server, if the localpart is `alice`,
|
scope: openid profile email
|
||||||
# the user's Matrix ID will be `@alice:example.com`.
|
claims_imports:
|
||||||
localpart:
|
localpart:
|
||||||
action: require
|
action: suggest
|
||||||
template: "{{ '{{ user.preferred_username }}' | quote }}"
|
template: "{{ '{{ user.uid }}' }}"
|
||||||
|
displayname:
|
||||||
# -- The display name is the user's display name.
|
action: require
|
||||||
displayname:
|
template: "{{ '{{ user.name }}' }}"
|
||||||
action: suggest
|
email:
|
||||||
template: "{{ '{{ user.name }}' | quote }}"
|
action: require
|
||||||
|
template: "{{ '{{ user.email }}' }}"
|
||||||
# -- An email address to import.
|
account_name:
|
||||||
email:
|
template: "{{ '{{ user.email }}' }}"
|
||||||
action: suggest
|
- id: 01JG22H4F0G8PYCZ5HVTQVHBC4
|
||||||
template: "{{ '{{ user.email }}' | quote }}"
|
human_name: Google
|
||||||
# -- Whether the email address must be marked as verified.
|
brand_name: google
|
||||||
# Possible values are:
|
issuer: https://accounts.google.com
|
||||||
# - `import`: mark the email address as verified if the upstream provider
|
client_id: "{{ matrix_google_oidc_client_id }}"
|
||||||
# has marked it as verified, using the `email_verified` claim.
|
client_secret: "{{ matrix_google_oidc_client_secret }}"
|
||||||
# This is the default.
|
token_endpoint_auth_method: client_secret_post
|
||||||
# - `always`: mark the email address as verified
|
scope: openid profile email
|
||||||
# - `never`: mark the email address as not verified
|
claims_imports:
|
||||||
set_email_verification: import
|
localpart:
|
||||||
|
action: ignore
|
||||||
|
displayname:
|
||||||
|
action: require
|
||||||
|
template: "{{ '{{ user.name }}' }}"
|
||||||
|
email:
|
||||||
|
action: require
|
||||||
|
template: "{{ '{{ user.email }}' }}"
|
||||||
|
account_name:
|
||||||
|
template: "{{ '{{ user.email }}' }}"
|
||||||
ingress:
|
ingress:
|
||||||
host: mas.eom.dev
|
host: mas.eom.dev
|
||||||
postgres:
|
postgres:
|
||||||
@@ -112,7 +132,7 @@
|
|||||||
|
|
||||||
## The size of a PersistentVolumeClaim to be constructed
|
## The size of a PersistentVolumeClaim to be constructed
|
||||||
## Ignored if existingClaim is provided
|
## Ignored if existingClaim is provided
|
||||||
size: 256Gi
|
size: 2Ti
|
||||||
|
|
||||||
## The StorageClass to be used by the constructed PersistentVolumeClaim.
|
## The StorageClass to be used by the constructed PersistentVolumeClaim.
|
||||||
## Will use the cluster default if not provided
|
## Will use the cluster default if not provided
|
||||||
@@ -126,26 +146,35 @@
|
|||||||
## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads
|
## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads
|
||||||
## You may need to adjust your ingress controller to also allow uploads of this size
|
## You may need to adjust your ingress controller to also allow uploads of this size
|
||||||
maxUploadSize: 100M
|
maxUploadSize: 100M
|
||||||
## Key used to sign events and federation requests.
|
|
||||||
## This needs to be the full signing key starting `ed25519 ...`.
|
|
||||||
## This secret is optional, and will be generated by the `initSecrets` job
|
|
||||||
## if it is empty.
|
|
||||||
## It can either be provided inline in the Helm chart e.g.:
|
|
||||||
## signingKey:
|
|
||||||
## value: SecretValue
|
|
||||||
##
|
|
||||||
## Or it can be provided via an existing Secret e.g.:
|
|
||||||
## signingKey:
|
|
||||||
## secret: existing-secret
|
|
||||||
## secretKey: key-in-secret
|
|
||||||
signingKey: {}
|
|
||||||
ingress:
|
ingress:
|
||||||
host: synapse.eom.dev
|
host: synapse.eom.dev
|
||||||
custom-config:
|
additional:
|
||||||
config: |
|
1-custom-config:
|
||||||
smtp_host: postfix.eom.dev
|
config: |
|
||||||
smtp_port: 587
|
experimental_features:
|
||||||
smtp_user: synapse
|
msc3266_enabled: true
|
||||||
smtp_pass: {{ synapse_admin_password }}
|
msc4222_enabled: true
|
||||||
client_base_url: https://element.eom.dev/
|
max_event_delay_duration: 24h
|
||||||
|
rc_message:
|
||||||
|
per_second: 0.5
|
||||||
|
burst_count: 30
|
||||||
|
rc_delayed_event_mgmt:
|
||||||
|
per_second: 1
|
||||||
|
burst_count: 20
|
||||||
|
enable_metrics: true
|
||||||
|
smtp_host: postfix.eom.dev
|
||||||
|
smtp_port: 587
|
||||||
|
smtp_user: synapse
|
||||||
|
smtp_pass: {{ synapse_admin_password }}
|
||||||
|
turn_uris:
|
||||||
|
- turns:coturn.eom.dev?transport=udp
|
||||||
|
- turns:coturn.eom.dev?transport=tcp
|
||||||
|
turn_shared_secret: {{ coturn_shared_secret }}
|
||||||
|
turn_user_lifetime: 86400000
|
||||||
|
turn_allow_guests: false
|
||||||
|
client_base_url: https://element.eom.dev/
|
||||||
|
auto_join_rooms:
|
||||||
|
- "#main:eom.dev"
|
||||||
|
- "#general:eom.dev"
|
||||||
|
- "#help:eom.dev"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user