Add matrix authentication service role

2025-03-22 02:02:32 +02:00
parent ffe3279886
commit 974621ee16
5 changed files with 240 additions and 0 deletions
--- a/roles/matrix_authentication_service/meta/argument_specs.yaml
+++ b/roles/matrix_authentication_service/meta/argument_specs.yaml
@@ -0,0 +1,132 @@
+---
+argument_specs:
+  main:
+    description: "Sets up a matrix authentication service podman container."
+    options:
+      matrix_authentication_service_additional_networks:
+        description: A list of additional podman networks for the matrix authentication service container.
+        type: list
+        required: false
+        default: []
+        elements: str
+      matrix_authentication_service_domain:
+        description: Domain for matrix authentication service
+        type: str
+        required: true
+      matrix_authentication_service_homeserver_name:
+        description: Homserver server name
+        type: str
+        required: true
+      matrix_authentication_service_homeserver_address:
+        description: Address where homeserver is accessible to matrix authentication service
+        type: str
+        required: true
+      matrix_authentication_service_client_secret:
+        description: >
+          See [upstream docs](https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html#provision-a-client-for-the-homeserver-to-use)
+        type: str
+        required: true
+      matrix_authentication_service_homeserver_secret:
+        description: See [upstream docs](https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix)
+        type: str
+        required: true
+      matrix_authentication_service_secrets:
+        description:
+          - Matrix authentication service secrets.
+          - See [upstream docs](https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#secrets) for more info
+        type: dict
+        required: true
+        options:
+          encryption:
+            type: str
+            required: true
+          keys:
+            type: list
+            required: true
+            elements: dict
+            options:
+              kid:
+                type: str
+                required: true
+              key:
+                type: str
+                required: true
+      matrix_authentication_service_email_smtp_server:
+        description: email.smtp_host, set this to enable sending emails
+        type: str
+        required: false
+        default: ""
+      matrix_authentication_service_email_smtp_user:
+        description: Required if matrix_authentication_service_email_smtp_server is set
+        type: str
+      matrix_authentication_service_email_smtp_password:
+        description: Required if matrix_authentication_service_email_smtp_server is set
+        type: str
+      matrix_authentication_service_email_from:
+        description: Required if matrix_authentication_service_email_smtp_server is set
+        type: str
+
+      matrix_authentication_service_upstream_oauth2_client_id:
+        description: See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#upstream_oauth2providers
+        type: str
+        required: false
+        default: ""
+      matrix_authentication_service_upstream_oauth2_human_name:
+        description: Required if matrix_authentication_service_upstream_oauth2_client_id is set
+        type: str
+      matrix_authentication_service_upstream_oauth2_client_secret:
+        description: Required if matrix_authentication_service_upstream_oauth2_client_id is set
+        type: str
+      matrix_authentication_service_upstream_oauth2_issuer:
+        description: Required if matrix_authentication_service_upstream_oauth2_client_id is set
+        type: str
+      matrix_authentication_service_upstream_oauth2_scope:
+        description: Required if matrix_authentication_service_upstream_oauth2_client_id is set
+        type: str
+      matrix_authentication_service_upstream_oauth2_claims_imports:
+        description: Required if matrix_authentication_service_upstream_oauth2_client_id is set
+        type: dict
+        options:
+          subject:
+            type: dict
+            required: false
+            options:
+              template:
+                type: str
+                required: true
+          localpart:
+            type: dict
+            required: true
+            options:
+              action:
+                type: str
+                required: true
+              template:
+                description: Required if action is not ignore
+                type: str
+          displayname:
+            type: dict
+            required: true
+            options:
+              action:
+                type: str
+                required: true
+              template:
+                description: Required if action is not ignore
+                type: str
+          email:
+            type: dict
+            required: true
+            options:
+              action:
+                type: str
+                required: true
+              template:
+                description: Required if action is not ignore
+                type: str
+
+      matrix_authentication_service_postgres_tag:
+        description: Postgres tag to use for matrix authentication service postgres container
+        type: str
+        required: false
+        default: 16-alpine