mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-23 04:55:46 +00:00
299a8c4c7c
This makes all containers (except mautrix-telegram and mautrix-whatsapp), start as a non-root user. We do this, because we don't trust some of the images. In any case, we'd rather not trust ALL images and avoid giving `root` access at all. We can't be sure they would drop privileges or what they might do before they do it. Because Postfix doesn't support running as non-root, it had to be replaced by an Exim mail server. The matrix-nginx-proxy nginx container image is patched up (by replacing its main configuration) so that it can work as non-root. It seems like there's no other good image that we can use and that is up-to-date (https://hub.docker.com/r/nginxinc/nginx-unprivileged is outdated). Likewise for riot-web (https://hub.docker.com/r/bubuntux/riot-web/), we patch it up ourselves when starting (replacing the main nginx configuration). Ideally, it would be fixed upstream so we can simplify.
19 lines
627 B
YAML
19 lines
627 B
YAML
matrix_mailer_enabled: true
|
|
|
|
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
|
|
|
|
matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0"
|
|
|
|
# The user/group that the container runs with.
|
|
# These match the `exim` user/group within the container image.
|
|
matrix_mailer_container_user_uid: 100
|
|
matrix_mailer_container_user_gid: 101
|
|
|
|
matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
|
|
matrix_mailer_relay_use: false
|
|
matrix_mailer_relay_host_name: "mail.example.com"
|
|
matrix_mailer_relay_host_port: 587
|
|
matrix_mailer_relay_auth: false
|
|
matrix_mailer_relay_auth_username: ""
|
|
matrix_mailer_relay_auth_password: ""
|