configs/matrix/mas.yaml.tftpl at master · krasovs.ky/homelab

krasovs.ky / homelab
Personal Homelab
homelab / configs / matrix / mas.yaml.tftpl
at master 2.6 kB view raw
  1http:
  2  public_base: https://matrix-account.${base_domain}/
  3  listeners:
  4  - name: web
  5    resources:
  6    - name: discovery
  7    - name: human
  8    - name: oauth
  9    - name: compat
 10    - name: graphql
 11    - name: assets
 12    - name: adminapi
 13    - name: health
 14    binds:
 15    - address: '[::]:8080'
 16    proxy_protocol: false
 17  - name: internal
 18    resources:
 19    - name: prometheus
 20    - name: health
 21    binds:
 22    - host: localhost
 23      port: 8081
 24    proxy_protocol: false
 25  trusted_proxies:
 26  - 192.168.0.0/16
 27  - 172.16.0.0/12
 28  - 10.0.0.0/10
 29  - 127.0.0.1/8
 30  - fd00::/8
 31  - ::1/128
 32
 33database:
 34  uri: "postgresql://mas:${secrets.matrix_authentication_service_postgres_password}@matrix-postgres/mas"
 35  max_connections: 10
 36  min_connections: 0
 37  connect_timeout: 30
 38  idle_timeout: 600
 39  max_lifetime: 1800
 40
 41telemetry:
 42  tracing:
 43    propagators:
 44      - jaeger
 45    exporter: otlp
 46    endpoint: http://grafana-alloy:4318/v1/traces
 47  metrics:
 48    exporter: otlp
 49    endpoint: http://grafana-alloy:4318/v1/metrics
 50
 51email:
 52  from: '"Matrix Authentication Service" <noreply+matrix@krasovs.ky>'
 53  reply_to: '"Matrix Authentication Service" <noreply+matrix@krasovs.ky>'
 54  transport: smtp
 55  mode: tls
 56  hostname: smtps-proxy.fastmail.com
 57  port: 443
 58  username: savely@${base_domain}
 59  password: ${secrets.matrix_authentication_service_smtp_password}
 60
 61secrets:
 62  encryption: ${secrets.matrix_authentication_service_secrets_encryption}
 63  keys:
 64  - key: |
 65      ${indent(6, secrets.matrix_authentication_service_secrets_rsa_key)}
 66  - key: |
 67      ${indent(6, secrets.matrix_authentication_service_secrets_p256_key)}
 68  - key: |
 69      ${indent(6, secrets.matrix_authentication_service_secrets_p384_key)}
 70  - key: |
 71      ${indent(6, secrets.matrix_authentication_service_secrets_secp256k1_key)}
 72
 73passwords:
 74  enabled: false
 75
 76matrix:
 77  kind: synapse
 78  homeserver: ${base_domain}
 79  secret: ${secrets.matrix_authentication_service_secret}
 80  endpoint: https://matrix.${base_domain}/
 81
 82upstream_oauth2:
 83  providers:
 84  - id: 01K7WMWMAB8M7J0HR3S5FM5DR2
 85    synapse_idp_id: oidc-pocket-id
 86    issuer: "https://id.${base_domain}"
 87    human_name: "Pocket ID"
 88    client_id: "c6e8a96b-647f-47fe-8e75-2b05a6c79242"
 89    client_secret: "${secrets.synapse_oidc_client_secret}"
 90    token_endpoint_auth_method: client_secret_basic
 91    scope: "email openid profile"
 92    claims_imports:
 93      skip_confirmation: true
 94      localpart:
 95        action: require
 96        template: '{{ user.preferred_username }}'
 97      displayname:
 98        action: force
 99        template: '{{ user.name }}'
100      email:
101        action: force
102        template: "{{ user.email }}"