roles/custom/matrix-dendrite/defaults/main.yml

---
# Dendrite is a second-generation Matrix homeserver currently in Beta
# Project source code URL: https://github.com/matrix-org/dendrite

matrix_dendrite_enabled: true

matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
matrix_dendrite_docker_image_name_prefix: "docker.io/"
matrix_dendrite_docker_image_tag: "v0.12.0"
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"

matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config"
matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage"
matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store"
matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats"
matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin"
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"

# By default, we make Dendrite only serve HTTP (not HTTPS).
# HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`).
#
# To enable HTTPS serving by Dendrite (directly):
# - `matrix_dendrite_https_bind_port` must be set
# - `-tls-cert` and `-tls-key` must be passed to Dendrite via `matrix_dendrite_process_extra_arguments`
# - the TLS certificate files must be mounted into the container using `matrix_dendrite_container_additional_volumes`
matrix_dendrite_http_bind_port: 8008
matrix_dendrite_https_bind_port: ~

# This is passed as an `-http-bind-address` flag to the Dendrite server in the container
matrix_dendrite_http_bind_address: "{{ (':' + matrix_dendrite_http_bind_port | string) if matrix_dendrite_http_bind_port else '' }}"

# This is passed as an `-https-bind-address` flag to the Dendrite server in the container
matrix_dendrite_https_bind_address: "{{ (':' + matrix_dendrite_https_bind_port | string) if matrix_dendrite_https_bind_port else '' }}"

# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_dendrite_container_network: "{{ matrix_docker_network }}"

# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_dendrite_container_additional_networks: []

# Controls whether the matrix-dendrite container exposes the HTTP port (tcp/{{ matrix_dendrite_http_bind_port }} in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
matrix_dendrite_container_http_host_bind_address: ""

# Controls whether the matrix-dendrite container exposes the HTTPS port (tcp/{{ matrix_dendrite_https_bind_port }} in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8448"), or empty string to not expose.
matrix_dendrite_container_https_host_bind_address: ""

# A list of extra arguments to pass to the container (`docker run` command)
# Also see `matrix_dendrite_container_arguments`
matrix_dendrite_container_extra_arguments: []

# matrix_dendrite_container_extra_arguments_auto is a list of extra arguments to pass to the container.
# This list is managed by the playbook. You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`.
matrix_dendrite_container_extra_arguments_auto: []

# matrix_dendrite_container_arguments holds the final list of extra arguments to pass to the container.
# You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`.
matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_arguments + matrix_dendrite_container_extra_arguments_auto }}"

# A list of extra arguments to pass to the container process (`dendrite-monolith` command)
# Example:
# matrix_dendrite_process_extra_arguments:
#  - "-tls-cert /some/path.crt"
#  - "-tls-key /some/path.pem"
matrix_dendrite_process_extra_arguments: []

# List of systemd services that matrix-dendrite.service depends on
matrix_dendrite_systemd_required_services_list: ["docker.service"]

# List of systemd services that matrix-dendrite.service wants
matrix_dendrite_systemd_wanted_services_list: []

# Specifies which template files to use when configuring Dendrite.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
# and then change the specific host's `vars.yml` file like this:
# matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"

matrix_dendrite_client_api_registration_shared_secret: ''
matrix_dendrite_allow_guest_access: false

matrix_dendrite_max_file_size_bytes: 10485760

# Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client.
# This is likely required if Dendrite is running behind a reverse proxy server.
matrix_dendrite_sync_api_real_ip_header: 'X-Forwarded-For'

# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
matrix_dendrite_tmp_directory_size_mb: 500

# Rate limits
matrix_dendrite_client_api_rate_limiting_enabled: true
matrix_dendrite_client_api_rate_limiting_threshold: 20
matrix_dendrite_client_api_rate_limiting_cooloff_ms: 500

# Controls whether people with access to the homeserver can register by themselves.
matrix_dendrite_client_api_registration_disabled: true

# reCAPTCHA API for validating registration attempts
matrix_dendrite_client_api_enable_registration_captcha: false
matrix_dendrite_client_api_recaptcha_public_key: ""
matrix_dendrite_client_api_recaptcha_private_key: ""
matrix_dendrite_client_api_recaptcha_siteverify_api: ""
matrix_dendrite_client_api_recaptcha_api_js_url: ""
matrix_dendrite_client_api_recaptcha_form_field: ""
matrix_dendrite_client_api_recaptcha_sitekey_class: ""

# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Dendrite extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
#
# Note: internally, this uses the `-v` flag for mounting the specified volumes.
# It's better (safer) to use the `--mount` flag for mounting volumes.
# To use `--mount`, specify it in `matrix_dendrite_container_extra_arguments`.
# Example: `matrix_dendrite_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
matrix_dendrite_container_additional_volumes: []

# A list of appservice config files (in-container filesystem paths).
# This list gets populated dynamically based on Dendrite extensions that have been enabled.
# You may wish to use this together with `matrix_dendrite_container_additional_volumes` or `matrix_dendrite_container_extra_arguments`.
# Also see `matrix_dendrite_app_service_config_files_final`
matrix_dendrite_app_service_config_files: []

# matrix_dendrite_app_service_config_files_auto is a list of appservice config files.
# This list is managed by the playbook. You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`.
matrix_dendrite_app_service_config_files_auto: []

# matrix_dendrite_app_service_config_files_final holds the final list of config files to pass to the container.
# You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`.
matrix_dendrite_app_service_config_files_final: "{{ matrix_dendrite_app_service_config_files + matrix_dendrite_app_service_config_files_auto }}"

# Enable exposure of metrics
matrix_dendrite_metrics_enabled: false
matrix_dendrite_metrics_username: "metrics"
matrix_dendrite_metrics_password: "metrics"

# Postgres database information
matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}"
matrix_dendrite_database_hostname: ''
matrix_dendrite_database_user: "dendrite"
matrix_dendrite_database_password: "itsasecret"
matrix_dendrite_federation_api_database: "dendrite_federationapi"
matrix_dendrite_key_server_database: "dendrite_keyserver"
matrix_dendrite_media_api_database: "dendrite_mediaapi"
matrix_dendrite_room_database: "dendrite_room"
matrix_dendrite_sync_api_database: "dendrite_syncapi"
matrix_dendrite_user_api_database: "dendrite_userapi"
matrix_dendrite_push_server_database: "dendrite_pushserver"
matrix_dendrite_relay_api_database: "dendrite_relayapi"
matrix_dendrite_mscs_database: "dendrite_mscs"

matrix_dendrite_client_api_turn_uris: []
matrix_dendrite_client_api_turn_shared_secret: ""
matrix_dendrite_client_api_turn_allow_guests: false

matrix_dendrite_disable_tls_validation: false

matrix_dendrite_trusted_id_servers:
  - "matrix.org"
  - "vector.im"

# Controls whether Dendrite will federate at all.
# Disable this to completely isolate your server from the rest of the Matrix network.
matrix_dendrite_federation_enabled: true

# Controls whether the self-check feature should validate SSL certificates.
matrix_dendrite_self_check_validate_certificates: true

# Default Dendrite configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_dendrite_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_dendrite_configuration_yaml: "{{ lookup('template', 'templates/dendrite/dendrite.yaml.j2') }}"

matrix_dendrite_configuration_extension_yaml: |
  # Your custom YAML configuration for Dendrite goes here.
  # This configuration extends the default starting configuration (`matrix_dendrite_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_dendrite_configuration_yaml`.
  #
  # Example configuration extension follows:
  #
  # server_notices:
  #   system_mxid_localpart: notices
  #   system_mxid_display_name: "Server Notices"
  #   system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
  #   room_name: "Server Notices"

matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_extension_yaml | from_yaml if matrix_dendrite_configuration_extension_yaml | from_yaml is mapping else {} }}"

# Holds the final Dendrite configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_dendrite_configuration_yaml`.
matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml | combine(matrix_dendrite_configuration_extension, recursive=True) }}"

matrix_dendrite_user_api_auto_join_rooms: []

# statistics reporting configuration. These statistics contain the server
# name, number of active users and some information on your deployment config.
matrix_dendrite_report_stats: false

# Contorls whether thumbnails for media content are generated dynamically
matrix_dendrite_media_api_dynamic_thumbnails: false
matrix_dendrite_media_api_max_thumbnail_generators: 10

# Controls whether the full-text search engine is enabled
matrix_dendrite_sync_api_search_enabled: false