Mantrix with Ansible

Revision as of 05:34, 7 September 2024 by Maintenance script (talk | contribs) (Initial)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Return to server-guides

Pushing Updates

Remotely Pushing updates with ssh command

<syntaxhighlight lang="shell"># sync the var config section with local rsync -avz /Users/sacas/Git/Irregularchat2.0/matrix-docker-ansible-deploy [email protected]:/root/Git/

push ansible setup and start

ssh [email protected] 'ansible-playbook -i /root/Git/matrix-docker-ansible-deploy/inventory/hosts /root/Git/matrix-docker-ansible-deploy/setup.yml --tags=setup-all,start &'

ensure-matrix-users-created can be added before start when creating users but user creation should be done with sso</syntaxhighlight>

Configuration

---
= The bare domain name which represents your Matrix identity. =
= Matrix user ids for your server will be of the form (<code>@user:<matrix-domain></code>). =
#
= Note: this playbook does not touch the server referenced here. =
= Installation happens on another server ("matrix.<matrix-domain>"). =
#
= If you've deployed using the wrong domain, you'll have to run the Uninstalling step, =
= because you can't change the Domain after deployment. =
#
= Example value: example.com =
matrix_domain: irregulars.io

############CUSTOM############
matrix_synapse_allow_public_rooms_over_federation: true

matrix_base_data_path: "/datadrive/matrix"
devture_systemd_service_manager_up_verification_delay_seconds: 7 

matrix_homeserver_admin_contacts:
  - matrix_id: "@sac:irregulars.io"
    email_address: [email protected]
    role: admin
  - email_address: [email protected]
    role: security

matrix_ssl_lets_encrypt_support_email: '[email protected]'

= This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains. =
#
= In case SSL renewal fails at some point, you'll also get an email notification there. =
#
= If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt), =
= you won't be required to define this variable (see <code>docs/configuring-playbook-ssl-certificates.md</code>). =
#
= Example value: [email protected] =
devture_traefik_config_certificatesResolvers_acme_email: '[email protected]'


matrix_registration_enabled: true
matrix_registration_admin_secret: "secret_here"


matrix_homeserver_generic_secret_key: 'secret_here'
devture_postgres_connection_password: 'secret_here'


=== Signal Bot ### ===
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_relaybot_enabled: true
matrix_mautrix_signal_login_shared_secret: 'secret_here'
matrix_mautrix_signal_bridge_permissions: {"@sac:irregulars.io": "admin", "''": "user", "''": "relay"}
=== Signal Bot ### ===

=== SSO Configuration ### ===
= oidc_providers: =
=   - idp_id: authentik =
=     idp_name: authentik =
=     discover: true =
=     issuer: "https://sso.irregulars.io/application/o/element-messenger/" # TO BE FILLED: domain and slug =
=     client_id: "74efbe99d72cb3913b853b6a2b2f9d44b5687a6d" # TO BE FILLED =
=     client_secret: "111ca129a5d5ddecd621e006aa50287a8b9b9d37af7ab9e9783daa38a4394f3ec30591f4af91baf629a63e5e5ad38527dafe54afaee584676164f7d69ef5dd2f" # TO BE FILLED =
=     client_auth_method: client_secret_post =
=     scopes: ["openid", "profile"] =
=     authorization_endpoint: "https://sso.irregulars.io/application/o/authorize/" =
=     token_endpoint: "https://sso.irregulars.io/application/o/token/" =
=     userinfo_endpoint: "https://sso.irregulars.io/application/o/userinfo/" =
=     jwks_uri: "https://sso.irregulars.io/application/o/element-messenger/jwks/" =
=     skip_verification: true =
=     user_mapping_provider: =
=       config: =
=         subject_claim: "id" =
=         localpart_template: "{{ user.login }}" =
=         display_name_template: "{{ user.name }}" =
=         email_template: "{{ user.email }}" =
=     attribute_requirements: =
=       - attribute: userGroup =
=         value: "synapseUsers" =
=== //SSO Configuration ### ===


############ //CUSTOM ############
= The Matrix homeserver software to install. =
= See: =
=  - <code>roles/custom/matrix-base/defaults/main.yml</code> for valid options =
= - the <code>docs/configuring-playbook-IMPLEMENTATION_NAME.md</code> documentation page, if one is available for your implementation choice =
== matrix_homeserver_implementation: synapse ==
#https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dendrite.md
matrix_homeserver_implementation: dendrite

= A secret used as a base, for generating various other secrets. =


= By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server. =
= It will retrieve SSL certificates for you on-demand and forward requests to all other components. =
= For alternatives, see <code>docs/configuring-playbook-own-webserver.md</code>. =
matrix_playbook_reverse_proxy_type: playbook-managed-traefik