Add comment to the variables.yml file
This commit is contained in:
parent
33bec0b44e
commit
485e7e84a0
|
@ -1,30 +1,59 @@
|
|||
---
|
||||
|
||||
# Name of the instance
|
||||
instance: matrix
|
||||
|
||||
matrix:
|
||||
|
||||
# Server name will determine your Matrix ID (@user:server_name), it cannot be changed later
|
||||
server_name: matrix.[[ .consul.domain ]]
|
||||
|
||||
# The public URL where user should go to reach the web interface
|
||||
public_url: https://matrix.[[ .consul.domain ]]
|
||||
|
||||
# Are guests allowed
|
||||
allow_guests: false
|
||||
|
||||
# Consul settings, to connect to the postgres service
|
||||
consul:
|
||||
connect:
|
||||
upstreams:
|
||||
- destination_name: postgres[[ .consul.suffix ]]
|
||||
local_bind_port: 5432
|
||||
|
||||
# SYnpase settings
|
||||
synapse:
|
||||
|
||||
# The docker image to use
|
||||
image: '[[ .docker.repo ]]matrix-synapse:1.98.0-1'
|
||||
|
||||
# Additional env var to set in the container
|
||||
env: {}
|
||||
|
||||
# You can define a custom yaml config which will be merged over the default one.
|
||||
# Eg, to setup OIDC auth
|
||||
# config:
|
||||
# oidc_providers:
|
||||
# - idp_id: oidc
|
||||
# idp_name: ACME
|
||||
# issuer: https://sso.example.org
|
||||
# client_id: matrix
|
||||
# client_secret: '{{ with secret "kv/service/matrix" }}{{ .Data.data.oidc_secret }}{{ end }}'
|
||||
# scope:
|
||||
# - openid
|
||||
# - email
|
||||
# - profile
|
||||
# user_mapping_provider:
|
||||
# config:
|
||||
# display_name_template: '{{"{{"}} user.name {{"}}"}}'
|
||||
# email_template: '{{"{{"}} user.email {{"}}"}}'
|
||||
config: {}
|
||||
|
||||
# Secrets used by Synapse
|
||||
macaroon_secret_key: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.macaroon_secret_key }}{{ end }}'
|
||||
form_secret: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.form_secret }}{{ end }}'
|
||||
|
||||
# URL preview settings
|
||||
url_preview:
|
||||
enabled: true
|
||||
ip_range_blacklist:
|
||||
|
@ -45,6 +74,7 @@ matrix:
|
|||
- username: '*'
|
||||
- netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
|
||||
|
||||
# Postgres database to use
|
||||
db:
|
||||
host: 127.0.0.1
|
||||
port: 5432
|
||||
|
@ -52,32 +82,46 @@ matrix:
|
|||
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]-synapse" }}{{ .Data.username }}{{ end }}'
|
||||
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]-synapse" }}{{ .Data.password }}{{ end }}'
|
||||
|
||||
# Wait for the postgres service to be ready before starting
|
||||
wait_for:
|
||||
- service: postgres[[ .consul.suffix ]]
|
||||
|
||||
# Resource allocation
|
||||
resources:
|
||||
cpu: 500
|
||||
memory: 384
|
||||
|
||||
# Element settings.
|
||||
# Note : element will be served by the nginx container, so all the image, resources etc. are set there
|
||||
element:
|
||||
map_style_url: https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx
|
||||
|
||||
# Nginx will servce static files (well-known, element, synapse-admin), and proxy requests to synapse
|
||||
nginx:
|
||||
|
||||
# The image to use
|
||||
image: '[[ .docker.repo ]]matrix-element:1.11.52-1'
|
||||
|
||||
# Resource allocation
|
||||
resources:
|
||||
cpu: 20
|
||||
memory: 16
|
||||
|
||||
# Traefik settings, to expose the service
|
||||
traefik:
|
||||
enabled: true
|
||||
|
||||
# Element will need some custom CSP
|
||||
csp:
|
||||
script-src: "'self' https://usercontent.riot.im https://scalar.vector.im"
|
||||
worker-src: "'self' blob:"
|
||||
connect-src: "'self' https://scalar.vector.im https://api.maptiler.com"
|
||||
img-src: "'self' data: blob: https://img.youtube.com https://*.ytimg.com"
|
||||
frame-src: "'self' blob: https://scalar.vector.im/ https://meet.element.io"
|
||||
|
||||
# List of middleware to apply
|
||||
middlewares: []
|
||||
|
||||
# Override base_middlewares to remove csp-relaxed@file
|
||||
base_middlewares:
|
||||
- rate-limit-high@file
|
||||
|
@ -86,6 +130,8 @@ matrix:
|
|||
- hsts@file
|
||||
- compression@file
|
||||
|
||||
# Admin will apply to requests directed to /_admin/ (synapse-admin) and /_synapse/admin (admin API)
|
||||
# so you can restrict it further
|
||||
admin:
|
||||
base_middlewares:
|
||||
- rate-limit-high@file
|
||||
|
@ -95,7 +141,9 @@ matrix:
|
|||
- compression@file
|
||||
middlewares: []
|
||||
|
||||
# Volumes used for data persistance
|
||||
volumes:
|
||||
# Synapse will use this volume to store media, signing keys etc.
|
||||
data:
|
||||
type: csi
|
||||
source: "[[ .instance ]]-synapse-data"
|
||||
|
|
Loading…
Reference in New Issue