87 lines
2.7 KiB
Django/Jinja
87 lines
2.7 KiB
Django/Jinja
---
|
|
# vim:ft=yaml
|
|
# {{ ansible_managed }}
|
|
|
|
http:
|
|
listeners:
|
|
- name: web
|
|
resources:
|
|
- name: discovery
|
|
- name: human
|
|
- name: oauth
|
|
- name: compat
|
|
- name: graphql
|
|
- name: assets
|
|
binds:
|
|
- address: '[::]:8080'
|
|
proxy_protocol: false
|
|
- name: internal
|
|
resources:
|
|
- name: health
|
|
binds:
|
|
- host: localhost
|
|
port: 8081
|
|
proxy_protocol: false
|
|
trusted_proxies:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/10
|
|
- 127.0.0.1/8
|
|
- fd00::/8
|
|
- ::1/128
|
|
public_base: https://{{ matrix_authentication_service_domain }}/
|
|
database:
|
|
host: matrix-authentication-service-postgres
|
|
username: matrix_authentication_service
|
|
password: "{{ service_podman_secrets['matrix-authentication-service-postgres'] }}"
|
|
database: matrix_authentication_service
|
|
|
|
secrets:
|
|
{{ matrix_authentication_service_secrets | to_nice_yaml(indent=2) | indent(2) }}
|
|
|
|
passwords:
|
|
enabled: {{ matrix_authentication_service_upstream_oauth2_client_id | length == 0 }}
|
|
schemes:
|
|
- version: 1
|
|
algorithm: argon2id
|
|
minimum_complexity: 3
|
|
|
|
clients:
|
|
- client_id: 0000000000000000000SYNAPSE
|
|
client_auth_method: client_secret_basic
|
|
client_secret: "{{ matrix_authentication_service_client_secret }}"
|
|
|
|
matrix:
|
|
homeserver: {{ matrix_authentication_service_homeserver_name }}
|
|
secret: "{{ matrix_authentication_service_homeserver_secret }}"
|
|
endpoint: {{ matrix_authentication_service_homeserver_address }}
|
|
|
|
account:
|
|
email_change_allowed: true
|
|
displayname_change_allowed: true
|
|
password_registration_enabled: false
|
|
|
|
{% if matrix_authentication_service_email_smtp_server | length > 0 %}
|
|
email:
|
|
from: '{{ matrix_authentication_service_email_from }}'
|
|
transport: smtp
|
|
mode: starttls
|
|
hostname: {{ matrix_authentication_service_email_smtp_server }}
|
|
port: 587
|
|
username: {{ matrix_authentication_service_email_smtp_user }}
|
|
password: {{ matrix_authentication_service_email_smtp_password }}
|
|
{% endif %}
|
|
{% if matrix_authentication_service_upstream_oauth2_client_id | length > 0 %}
|
|
upstream_oauth2:
|
|
providers:
|
|
- id: 01JD3SBR0NMQB0M1WE3HF26E48
|
|
human_name: "{{ matrix_authentication_service_upstream_oauth2_human_name }}"
|
|
issuer: "{{ matrix_authentication_service_upstream_oauth2_issuer }}"
|
|
client_id: "{{ matrix_authentication_service_upstream_oauth2_client_id }}"
|
|
client_secret: "{{ matrix_authentication_service_upstream_oauth2_client_secret }}"
|
|
scope: "{{ matrix_authentication_service_upstream_oauth2_scope }}"
|
|
claims_imports:
|
|
{{ matrix_authentication_service_upstream_oauth2_claims_imports | to_nice_yaml(indent=2) | indent(8) }}
|
|
token_endpoint_auth_method: client_secret_basic
|
|
{% endif %}
|