Slavi Pantaleev 3fd6fd647f Put all containers in their own isolated Docker network (matrix)
Moving away from using the default bridge network to using our own.
This isolates our services from other Docker containers running
on the default network on the same host.

The benefits are that:

- isolation is a little better - we no longer share a default
bridge network with any other containers that might be running on the host

- there are no longer hard dependencies - we do service discovery
by DNS name, and not via explicit `--link` usage during container start,
so containers can start out of order and fail without bringing down others
with them
(`matrix-nginx-proxy` can continue running, even if one of the other services dies)

In the future, when other services get introduced,
the increased resilience and simplicity will help as well.
2018-08-08 08:57:48 +03:00

109 lines
5.0 KiB

# The bare hostname which represents your identity.
# This is something like "".
# Note: this playbook does not touch the server referenced here.
hostname_identity: "{{ host_specific_hostname_identity }}"
# This is where your data lives and what we set up here.
# This and the Riot hostname (see below) are expected to be on the same server.
hostname_matrix: "matrix.{{ hostname_identity }}"
# This is where you access the web UI from and what we set up here.
# This and the Matrix hostname (see above) are expected to be on the same server.
hostname_riot: "riot.{{ hostname_identity }}"
matrix_user_username: "matrix"
matrix_user_uid: 991
matrix_user_gid: 991
# The defaults below cause a postgres server to be configured (running within a container).
# Using an external server is possible by tweaking all of the parameters below.
matrix_postgres_use_external: false
matrix_postgres_connection_hostname: "matrix-postgres"
matrix_postgres_connection_username: "synapse"
matrix_postgres_connection_password: "synapse-password"
matrix_postgres_db_name: "homeserver"
matrix_base_data_path: "/matrix"
matrix_ssl_certs_path: "{{ matrix_base_data_path }}/ssl"
matrix_ssl_support_email: "{{ host_specific_matrix_ssl_support_email }}"
matrix_environment_variables_data_path: "{{ matrix_base_data_path }}/environment-variables"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
# Specifies which template files to use when configuring Synapse.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
# and then change the specific host's `vars.yaml` file like this:
# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars/<host>/homeserver.yaml.j2"
matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
matrix_synapse_macaroon_secret_key: ""
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_max_upload_size_mb: 10
matrix_max_log_file_size_mb: 100
matrix_max_log_files_count: 10
matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres"
matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"
matrix_nginx_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
matrix_scratchpad_dir: "{{ matrix_base_data_path }}/scratchpad"
docker_postgres_image_v9: "postgres:9.6.9-alpine"
docker_postgres_image_v10: "postgres:10.4-alpine"
docker_postgres_image_latest: "{{ docker_postgres_image_v10 }}"
docker_matrix_image: "matrixdotorg/synapse:v0.33.1"
docker_nginx_image: "nginx:1.15.2-alpine"
docker_riot_image: "avhost/docker-matrix-riot:v0.16.0"
docker_s3fs_image: "xueshanf/s3fs:latest"
docker_goofys_image: "cloudproto/goofys:latest"
docker_coturn_image: "instrumentisto/coturn:"
# The Docker network that all services would be put into
matrix_docker_network: "matrix"
# A shared secret (between Synapse and Coturn) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: ""
# UDP port-range to use for TURN
matrix_coturn_turn_udp_min_port: 49152
matrix_coturn_turn_udp_max_port: 49172
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
matrix_s3_media_store_enabled: false
matrix_s3_media_store_bucket_name: "your-bucket-name"
matrix_s3_media_store_aws_access_key: "your-aws-access-key"
matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
matrix_s3_media_store_region: "eu-central-1"
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
# If you wish to connect to your Matrix server by other means,
# you may wish to disable this.
matrix_riot_web_enabled: true
# By default, this playbook sets up its own nginx proxy server on port 80/443.
# This is fine if you're dedicating the whole server to Matrix.
# But in case that's not the case, you may wish to prevent that
# and take care of proxying by yourself.
matrix_nginx_proxy_enabled: true
# Specifies when to attempt to retrieve new SSL certificates from Let's Encrypt.
matrix_ssl_renew_cron_time_definition: "15 4 */5 * *"
# Specifies when to reload the matrix-nginx-proxy service so that
# a new SSL certificate could go into effect.
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"