diff --git a/roles/matrix-conduit/templates/conduit/conduit.toml.j2 b/roles/matrix-conduit/templates/conduit/conduit.toml.j2 new file mode 100644 index 00000000..a6819ef4 --- /dev/null +++ b/roles/matrix-conduit/templates/conduit/conduit.toml.j2 @@ -0,0 +1,52 @@ +# ============================================================================= +# This is the official example config for Conduit. +# If you use it for your server, you will need to adjust it to your own needs. +# At the very least, change the server_name field! +# ============================================================================= + + +[global] +# The server_name is the pretty name of this server. It is used as a suffix for user +# and room ids. Examples: matrix.org, conduit.rs + +# The Conduit server needs all /_matrix/ requests to be reachable at +# https://your.server.name/ on port 443 (client-server) and 8448 (federation). + +# If that's not possible for you, you can create /.well-known files to redirect +# requests. See +# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client +# and +# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server +# for more information + +server_name = "{{ matrix_domain }}" + +# This is the only directory where Conduit will save its data +database_path = "/var/lib/matrix-conduit/" +database_backend = "rocksdb" + +# The port Conduit will be running on. You need to set up a reverse proxy in +# your web server (e.g. apache or nginx), so all requests to /_matrix on port +# 443 and 8448 will be forwarded to the Conduit instance running on this port +# Docker users: Don't change this, you'll need to map an external port to this. +port = {{ matrix_conduit_port_number }} + +# Max size for uploads +max_request_size = {{ matrix_conduit_max_request_size }} + +# Enables registration. If set to false, no users can register on this server. +allow_registration = {{ matrix_conduit_allow_registration }} + +allow_federation = {{ matrix_conduit_allow_federation }} + +# Enable the display name lightning bolt on registration. +enable_lightning_bolt = {{ matrix_conduit_enable_lightning_bolt }} + +trusted_servers = {{ matrix_conduit_trusted_servers }} + +max_concurrent_requests = {{ matrix_conduit_max_concurrent_requests }} + +log = "info,state_res=warn,rocket=off,_=off,sled=off" + +address = "0.0.0.0" + diff --git a/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 b/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 new file mode 100644 index 00000000..1254fcf1 --- /dev/null +++ b/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 @@ -0,0 +1,35 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Conduit Matrix homeserver +After=network.target + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-conduit 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-conduit \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduit_tmp_directory_size_mb }}m \ + --network={{ matrix_docker_network }} \ + -p 8448:6167 \ + --mount type=bind,src={{ matrix_conduit_config_dir_path }},dst=/etc/matrix-conduit,ro \ + --mount type=bind,src={{ matrix_conduit_data_dir_path }},dst=/var/lib/conduit \ + {% for arg in matrix_conduit_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_conduit_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-conduit 2>/dev/null || true' +ExecReload={{ matrix_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-conduit + +[Install] +WantedBy=multi-user.target