DevOps/ansible-role-matrix-stack
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
main
ansible-role-matrix-stack/tasks/main.yml

129 lines
4.8 KiB
YAML
Raw Permalink Blame History

---
# tasks file for ansible-role-matrix-stack
- name: Deploy Matrix Stack
kubernetes.core.helm:
name: matrix
chart_ref: oci://ghcr.io/element-hq/ess-helm/matrix-stack
release_namespace: "{{ release_namespace }}"
create_namespace: true
values:
certManager:
clusterIssuer: ca-issuer
serverName: "{{ server_name }}"
ingress:
className: nginx
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: proxy_intercept_errors off;
initSecrets:
enabled: true
serviceAccount:
## Whether a ServiceAccount should be created by the chart or not
create: true
## What name to give the ServiceAccount. If not provided the chart will provide the name automatically
name: ""
## Annotations to add to the service account
annotations: {}
matrixRTC:
ingress:
host: rtc.eom.dev
elementWeb:
ingress:
host: element.eom.dev
matrixAuthenticationService:
## Additional configuration to provide to Matrix Authentication Service.
## Each key under additional is an additional config to merge into Matrix Authentication Service config.yaml
## Full details on available configuration options can be found at https://element-hq.github.io/matrix-authentication-service/reference/configuration.html
## This can be provided in-line in the Helm Chart and/or via an existing Secret
## e.g.
## additional:
## 0-customConfig:
## config: |
## <any valid configuration>
## 1-customConfig:
## configSecret: custom-config
## configSecretKey: shared.yaml
##
## Most settings are configurable but some settings are owned by the chart and can't overwritten
additional:
0-customConfig:
config: |
email:
from: '"Matrix Authentication Service" <matrix-authentication-service@eom.dev>'
reply_to: '"No reply" <no-reply@eom.dev>'
transport: smtp
mode: tls
hostname: postfix.eom.dev
port: 587
username: matrix-authentication-service
password: "{{ matrix_auth_service_admin_password }}"
upstream_oauth2:
providers:
- id: 01JG22H4F0G8PYCZ5HVTQVHBC4
human_name: Google
brand_name: google
issuer: https://accounts.google.com
client_id: "{{ matrix_google_oidc_client_id }}"
client_secret: "{{ matrix_google_oidc_client_secret }}"
token_endpoint_auth_method: client_secret_post
scope: openid profile email
claims_imports:
localpart:
action: ignore
displayname:
action: require
template: "{{ '{{ user.name }}' }}"
email:
action: require
template: "{{ '{{ user.email }}' }}"
account_name:
template: "{{ '{{ user.email }}' }}"
ingress:
host: mas.eom.dev
postgres:
storage:
size: 2Ti
synapse:
## Configures the media store for Synapse
media:
## Configures the PersistentVolumeClaim to be used for storage
storage:
## Name of an existing PersistentVolumeClaim in this namespace that should be used
# existingClaim:
## The size of a PersistentVolumeClaim to be constructed
## Ignored if existingClaim is provided
size: 2Ti
## The StorageClass to be used by the constructed PersistentVolumeClaim.
## Will use the cluster default if not provided
## Ignored if existingClaim is provided
# storageClass:
## Whether to instruct Helm to keep or delete the constructed PersistentVolumeClaim when uninstalling the chart
## Ignored if existingClaim is provided
resourcePolicy: keep
## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads
## You may need to adjust your ingress controller to also allow uploads of this size
maxUploadSize: 100M
ingress:
host: synapse.eom.dev
additional:
1-custom-config:
config: |
smtp_host: postfix.eom.dev
smtp_port: 587
smtp_user: synapse
smtp_pass: {{ synapse_admin_password }}
client_base_url: https://element.eom.dev/
auto_join_rooms:
- "#general:eom.dev"
Reference in New Issue View Git Blame Copy Permalink