set up tailscale cert resolver
This commit is contained in:
@@ -33,7 +33,7 @@ services:
|
||||
- "--entrypoints.web-secure.address=:443"
|
||||
- "--entrypoints.matrix-federation.address=:8448"
|
||||
- "--entrypoints.matrix-internal-matrix-client-api.address=:8008"
|
||||
- "--certificatesresolvers.default.tailscale=true"
|
||||
- "--certificatesresolvers.ts.tailscale=true"
|
||||
ports:
|
||||
- "443:443"
|
||||
- "8448:8448"
|
||||
|
||||
122
matrix/ansible-playbook-config/example/vars.yml
Normal file
122
matrix/ansible-playbook-config/example/vars.yml
Normal file
@@ -0,0 +1,122 @@
|
||||
---
|
||||
# The bare domain name which represents your Matrix identity.
|
||||
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
||||
#
|
||||
# Note: this playbook does not touch the server referenced here.
|
||||
# Installation happens on another server ("matrix.<matrix-domain>").
|
||||
#
|
||||
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
|
||||
# because you can't change the Domain after deployment.
|
||||
#
|
||||
# Example value: example.com
|
||||
matrix_domain: "{{ vault_matrix_domain }}"
|
||||
|
||||
# The Matrix homeserver software to install.
|
||||
# See:
|
||||
# - `roles/custom/matrix-base/defaults/main.yml` for valid options
|
||||
# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
|
||||
matrix_homeserver_implementation: synapse
|
||||
|
||||
# A secret used as a base, for generating various other secrets.
|
||||
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
||||
matrix_homeserver_generic_secret_key: "{{ vault_matrix_homeserver_generic_secret_key }}"
|
||||
|
||||
# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
|
||||
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
|
||||
# For alternatives, see `docs/configuring-playbook-own-webserver.md`.
|
||||
matrix_playbook_reverse_proxy_type: other-traefik-container
|
||||
|
||||
# Uncomment and adjust if your Traefik container is on another network
|
||||
matrix_playbook_reverse_proxy_container_network: traefik
|
||||
|
||||
# Adjust to point to your Traefik container
|
||||
matrix_playbook_reverse_proxy_hostname: traefik
|
||||
|
||||
devture_traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
|
||||
|
||||
# Uncomment and tweak the variable below if the name of your federation entrypoint is different
|
||||
# than the default value (matrix-federation).
|
||||
# matrix_federation_traefik_entrypoint_name: matrix-federation
|
||||
|
||||
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
|
||||
#
|
||||
# In case SSL renewal fails at some point, you'll also get an email notification there.
|
||||
#
|
||||
# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
|
||||
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
|
||||
#
|
||||
# Example value: someone@example.com
|
||||
devture_traefik_config_certificatesResolvers_acme_email: ''
|
||||
# Defined in the separate traefik container
|
||||
devture_traefik_certResolver_primary: 'ts'
|
||||
|
||||
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
|
||||
#
|
||||
# The playbook creates additional Postgres users and databases (one for each enabled service)
|
||||
# using this superuser account.
|
||||
devture_postgres_connection_password: "{{ vault_devture_postgres_connection_password }}"
|
||||
|
||||
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
|
||||
# If this value is an external IP address, you can skip this section.
|
||||
#
|
||||
# If `ansible_host` is not the server's external IP address, you have 2 choices:
|
||||
# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
|
||||
# 2. Uncomment and adjust the line below to specify an IP address manually
|
||||
#
|
||||
# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
|
||||
# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role
|
||||
# (see `roles/custom/matrix-coturn/defaults/main.yml`).
|
||||
#
|
||||
# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
|
||||
# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
|
||||
#
|
||||
# matrix_coturn_turn_external_ip_address: ''
|
||||
|
||||
# No coturn needed for my own personal server
|
||||
matrix_coturn_enabled: false
|
||||
|
||||
# No need for a client (and this way no issue with the domain)
|
||||
matrix_client_element_enabled: false
|
||||
|
||||
# Handle users with synapse admin
|
||||
matrix_synapse_admin_enabled: true
|
||||
|
||||
# Use Keycloak authentication
|
||||
matrix_synapse_oidc_enabled: true
|
||||
|
||||
matrix_synapse_oidc_providers:
|
||||
- idp_id: keycloak
|
||||
idp_name: "KeyCloak"
|
||||
issuer: "{{ vault_issuer }}"
|
||||
client_id: "Matrix"
|
||||
client_secret: "{{ vault_synapse_keycloak }}"
|
||||
scopes: ["openid", "profile"]
|
||||
user_mapping_provider:
|
||||
config:
|
||||
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
|
||||
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
|
||||
email_template: "{% raw %}{{ user.email }}{% endraw %}"
|
||||
allow_existing_users: true # Optional
|
||||
backchannel_logout_enabled: true # Optional
|
||||
|
||||
# Bridges
|
||||
|
||||
# Enable double puppeting for all bridges
|
||||
matrix_appservice_double_puppet_enabled: true
|
||||
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||
|
||||
matrix_mautrix_whatsapp_enabled: true
|
||||
|
||||
matrix_mautrix_telegram_enabled: true
|
||||
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
|
||||
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
|
||||
|
||||
matrix_mautrix_signal_enabled: true
|
||||
matrix_mautrix_signal_configuration_extension_yaml: "{{ vault_matrix_mautrix_signal_configuration_extension_yaml }}"
|
||||
|
||||
matrix_mautrix_slack_enabled: true
|
||||
|
||||
matrix_mautrix_discord_enabled: true
|
||||
matrix_mautrix_discord_configuration_extension_yaml: "{{ vault_matrix_mautrix_discord_configuration_extension_yaml }}"
|
||||
Reference in New Issue
Block a user