nomad
/
matrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add comment to the variables.yml file

This commit is contained in:
Daniel Berteaud 2023-12-21 12:31:40 +01:00
parent 33bec0b44e
commit 485e7e84a0
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
variables.yml
View File

@ -1,30 +1,59 @@
---
# Name of the instance
instance: matrix
matrix:
# Server name will determine your Matrix ID (@user:server_name), it cannot be changed later
server_name: matrix.[[ .consul.domain ]]
# The public URL where user should go to reach the web interface
public_url: https://matrix.[[ .consul.domain ]]
# Are guests allowed
allow_guests: false
# Consul settings, to connect to the postgres service
consul:
connect:
upstreams:
- destination_name: postgres[[ .consul.suffix ]]
local_bind_port: 5432
# SYnpase settings
synapse:
# The docker image to use
image: '[[ .docker.repo ]]matrix-synapse:1.98.0-1'
# Additional env var to set in the container
env: {}
# You can define a custom yaml config which will be merged over the default one.
# Eg, to setup OIDC auth
# config:
# oidc_providers:
# - idp_id: oidc
# idp_name: ACME
# issuer: https://sso.example.org
# client_id: matrix
# client_secret: '{{ with secret "kv/service/matrix" }}{{ .Data.data.oidc_secret }}{{ end }}'
# scope:
# - openid
# - email
# - profile
# user_mapping_provider:
# config:
# display_name_template: '{{"{{"}} user.name {{"}}"}}'
# email_template: '{{"{{"}} user.email {{"}}"}}'
config: {}
# Secrets used by Synapse
macaroon_secret_key: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.macaroon_secret_key }}{{ end }}'
form_secret: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.form_secret }}{{ end }}'
# URL preview settings
url_preview:
enabled: true
ip_range_blacklist:
@ -45,6 +74,7 @@ matrix:
- username: '*'
- netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
# Postgres database to use
db:
host: 127.0.0.1
port: 5432
@ -52,32 +82,46 @@ matrix:
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]-synapse" }}{{ .Data.username }}{{ end }}'
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]-synapse" }}{{ .Data.password }}{{ end }}'
# Wait for the postgres service to be ready before starting
wait_for:
- service: postgres[[ .consul.suffix ]]
# Resource allocation
resources:
cpu: 500
memory: 384
# Element settings.
# Note : element will be served by the nginx container, so all the image, resources etc. are set there
element:
map_style_url: https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx
# Nginx will servce static files (well-known, element, synapse-admin), and proxy requests to synapse
nginx:
# The image to use
image: '[[ .docker.repo ]]matrix-element:1.11.52-1'
# Resource allocation
resources:
cpu: 20
memory: 16
# Traefik settings, to expose the service
traefik:
enabled: true
# Element will need some custom CSP
csp:
script-src: "'self' https://usercontent.riot.im https://scalar.vector.im"
worker-src: "'self' blob:"
connect-src: "'self' https://scalar.vector.im https://api.maptiler.com"
img-src: "'self' data: blob: https://img.youtube.com https://*.ytimg.com"
frame-src: "'self' blob: https://scalar.vector.im/ https://meet.element.io"
# List of middleware to apply
middlewares: []
# Override base_middlewares to remove csp-relaxed@file
base_middlewares:
- rate-limit-high@file
@ -86,6 +130,8 @@ matrix:
- hsts@file
- compression@file
# Admin will apply to requests directed to /_admin/ (synapse-admin) and /_synapse/admin (admin API)
# so you can restrict it further
admin:
base_middlewares:
- rate-limit-high@file
@ -95,7 +141,9 @@ matrix:
- compression@file
middlewares: []
# Volumes used for data persistance
volumes:
# Synapse will use this volume to store media, signing keys etc.
data:
type: csi
source: "[[ .instance ]]-synapse-data"