mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-23 22:45:39 +00:00
- Move all domain→expected-status mapping to filter `web_health_expectations`. - Require explicit app selection via non-empty `group_names`; only those apps are included. - Add `www_enabled` flag (wired via `WWW_REDIRECT_ENABLED`) to generate/force www.* → 301. - Support `redirect_maps` to include manual redirects (sources forced to 301), independent of app selection. - Aliases always 301; canonicals use per-key override or `server.status_codes.default`, else [200,302,301]. - Remove legacy fallbacks (`server.status_codes.home` / `landingpage`). - Wire filter output into systemd ExecStart script as JSON expectations. - Normalize various templates to use `to_json` and minor spacing fixes. - Update app configs (e.g., YOURLS default=301; Confluence default=302; Bluesky web=405; MediaWiki/Confluence canonical/aliases). - Constructor now uses `WWW_REDIRECT_ENABLED` for domain generation. Tests: - Add comprehensive unit tests for filter: selection by group, keyed/default codes, aliases, www handling, redirect_maps, input sanitization. - Add unit tests for the standalone checker script (JSON parsing, OK/mismatch counting, sanitization). See conversation: https://chatgpt.com/share/68c2b93e-de58-800f-8c16-ea05755ba776
70 lines
2.9 KiB
Django/Jinja
70 lines
2.9 KiB
Django/Jinja
server_name: "{{ MATRIX_SERVER_NAME }}"
|
|
pid_file: /data/homeserver.pid
|
|
max_upload_size: {{ client_max_body_size }}
|
|
listeners:
|
|
- port: 8008
|
|
tls: false
|
|
type: http
|
|
x_forwarded: true
|
|
resources:
|
|
- names: [client, federation]
|
|
compress: false
|
|
database:
|
|
name: psycopg2
|
|
args:
|
|
user: "{{ database_username }}"
|
|
password: "{{ database_password }}"
|
|
database: "{{ database_name }}"
|
|
host: "{{ database_host }}"
|
|
cp_min: 5
|
|
cp_max: {{ POSTGRES_ALLOWED_AVG_CONNECTIONS }}
|
|
log_config: "{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}"
|
|
media_store_path: "/data/media_store"
|
|
registration_shared_secret: "{{ MATRIX_REGISTRATION_SHARED_SECRET }}"
|
|
report_stats: true
|
|
macaroon_secret_key: "{{ applications | get_app_conf(application_id, 'credentials.macaroon_secret_key') }}"
|
|
form_secret: "{{ applications | get_app_conf(application_id, 'credentials.form_secret') }}"
|
|
signing_key_path: "/data/{{ MATRIX_SYNAPSE_DOMAIN }}.signing.key"
|
|
web_client_location: "{{ WEB_PROTOCOL }}://{{ domains[application_id].element}}"
|
|
public_baseurl: "{{ MATRIX_SYNAPSE_URL }}"
|
|
trusted_key_servers:
|
|
- server_name: "matrix.org"
|
|
admin_contact: 'mailto:{{ users.administrator.email }}'
|
|
|
|
email:
|
|
smtp_host: "{{ SYSTEM_EMAIL.HOST }}"
|
|
smtp_port: "{{ SYSTEM_EMAIL.PORT }}"
|
|
smtp_user: "{{ users['no-reply'].email }}"
|
|
smtp_pass: "{{ users['no-reply'].mailu_token }}"
|
|
#force_tls: true
|
|
#require_transport_security: true
|
|
enable_tls: "{{ SYSTEM_EMAIL.TLS | upper }}"
|
|
notif_from: "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
|
|
app_name: "Matrix on {{ MATRIX_SYNAPSE_DOMAIN }}"
|
|
enable_notifs: true
|
|
notif_for_new_users: false
|
|
client_base_url: "{{ MATRIX_SYNAPSE_DOMAIN }}"
|
|
validation_token_lifetime: 15m
|
|
|
|
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
|
# @See https://matrix-org.github.io/synapse/latest/openid.html
|
|
oidc_providers:
|
|
- idp_id: keycloak
|
|
idp_name: "{{ OIDC.BUTTON_TEXT }}"
|
|
issuer: "{{ OIDC.CLIENT.ISSUER_URL }}"
|
|
client_id: "{{ OIDC.CLIENT.ID }}"
|
|
client_secret: "{{ OIDC.CLIENT.SECRET }}"
|
|
scopes: ["openid", "profile"]
|
|
user_mapping_provider:
|
|
config:
|
|
localpart_template: "{% raw %}{{ user.{% endraw %}{{ OIDC.ATTRIBUTES.USERNAME }}{% raw %}}}{% endraw %}"
|
|
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
|
|
backchannel_logout_enabled: true
|
|
{% endif %}
|
|
|
|
{% if MATRIX_BRIDGES | bool %}
|
|
app_service_config_files:
|
|
{% for item in MATRIX_BRIDGES %}
|
|
- {{ MATRIX_REGISTRATION_FILE_FOLDER }}{{ item.bridge_name }}.registration.yaml
|
|
{% endfor %}
|
|
{% endif %} |