--- # tasks file for ansible-role-matrix-stack - name: Deploy Matrix Stack kubernetes.core.helm: name: matrix chart_ref: oci://ghcr.io/element-hq/ess-helm/matrix-stack release_namespace: "{{ release_namespace }}" create_namespace: true values: certManager: clusterIssuer: ca-issuer serverName: "{{ server_name }}" ingress: className: nginx annotations: nginx.ingress.kubernetes.io/configuration-snippet: proxy_intercept_errors off; initSecrets: enabled: true serviceAccount: ## Whether a ServiceAccount should be created by the chart or not create: true ## What name to give the ServiceAccount. If not provided the chart will provide the name automatically name: "" ## Annotations to add to the service account annotations: {} matrixRTC: ingress: host: rtc.eom.dev elementWeb: ingress: host: element.eom.dev matrixAuthenticationService: ## Additional configuration to provide to Matrix Authentication Service. ## Each key under additional is an additional config to merge into Matrix Authentication Service config.yaml ## Full details on available configuration options can be found at https://element-hq.github.io/matrix-authentication-service/reference/configuration.html ## This can be provided in-line in the Helm Chart and/or via an existing Secret ## e.g. ## additional: ## 0-customConfig: ## config: | ## ## 1-customConfig: ## configSecret: custom-config ## configSecretKey: shared.yaml ## ## Most settings are configurable but some settings are owned by the chart and can't overwritten additional: 0-customConfig: config: | email: from: '"Matrix Authentication Service" ' reply_to: '"No reply" ' transport: smtp mode: tls hostname: postfix.eom.dev port: 587 username: matrix-authentication-service password: "{{ matrix_auth_service_admin_password }}" upstream_oauth2: providers: - id: 01JG22H4F0G8PYCZ5HVTQVHBC4 human_name: Google brand_name: google issuer: https://accounts.google.com client_id: "{{ matrix_google_oidc_client_id }}" client_secret: "{{ matrix_google_oidc_client_secret }}" token_endpoint_auth_method: client_secret_post scope: openid profile email claims_imports: localpart: action: ignore displayname: action: require template: "{{ '{{ user.name }}' }}" email: action: require template: "{{ '{{ user.email }}' }}" account_name: template: "{{ '{{ user.email }}' }}" ingress: host: mas.eom.dev postgres: storage: size: 2Ti synapse: ## Configures the media store for Synapse media: ## Configures the PersistentVolumeClaim to be used for storage storage: ## Name of an existing PersistentVolumeClaim in this namespace that should be used # existingClaim: ## The size of a PersistentVolumeClaim to be constructed ## Ignored if existingClaim is provided size: 2Ti ## The StorageClass to be used by the constructed PersistentVolumeClaim. ## Will use the cluster default if not provided ## Ignored if existingClaim is provided # storageClass: ## Whether to instruct Helm to keep or delete the constructed PersistentVolumeClaim when uninstalling the chart ## Ignored if existingClaim is provided resourcePolicy: keep ## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads ## You may need to adjust your ingress controller to also allow uploads of this size maxUploadSize: 100M ingress: host: synapse.eom.dev additional: 1-custom-config: config: | smtp_host: postfix.eom.dev smtp_port: 587 smtp_user: synapse smtp_pass: {{ synapse_admin_password }} client_base_url: https://element.eom.dev/ auto_join_rooms: - "#general:eom.dev"