From c238978ac85f06381f06dbf5793b2b7ca79fa4a7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 14 Jan 2024 11:51:30 +0200 Subject: [PATCH] Add new global variable for controlling federation regardless of homeserver implementation The old variables still work. The global lets us avoid auto-detection logic like we're currently doing for `matrix_nginx_proxy_proxy_matrix_federation_api_enabled`. In the future, we'd just be able to reference `matrix_homeserver_federation_enabled` and know the up-to-date value regardless of homeserver. --- docs/configuring-playbook-dimension.md | 2 +- docs/configuring-playbook-federation.md | 2 +- group_vars/matrix_servers | 6 ++++++ roles/custom/matrix-base/defaults/main.yml | 4 ++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index cafe6f4d6..045be3616 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -5,7 +5,7 @@ If you're just installing Matrix services for the first time, please continue wi **Note**: Dimension is **[officially unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299)**. We recommend not bothering with installing it. -**Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). +**Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_homeserver_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). ## Decide on a domain and path diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 5a1e76e5d..a6e87d2a1 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -33,7 +33,7 @@ matrix_synapse_allow_public_rooms_over_federation: true To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml -matrix_synapse_federation_enabled: false +matrix_homeserver_federation_enabled: false ``` With that, your server's users will only be able to talk among themselves, but not to anyone who is on another server. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7555476fb..19bdaee81 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4105,6 +4105,8 @@ matrix_synapse_username: "{{ matrix_user_username }}" matrix_synapse_uid: "{{ matrix_user_uid }}" matrix_synapse_gid: "{{ matrix_user_gid }}" +matrix_synapse_federation_enabled: "{{ matrix_homeserver_federation_enabled }}" + matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url: "{{ ('http://matrix-ma1sd:' + matrix_ma1sd_container_port| string) }}" @@ -4809,6 +4811,8 @@ matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}" matrix_dendrite_hostname: "{{ matrix_server_fqn_matrix }}" +matrix_dendrite_federation_enabled: "{{ matrix_homeserver_federation_enabled }}" + matrix_dendrite_container_network: "{{ matrix_homeserver_container_network }}" matrix_dendrite_container_additional_networks: | @@ -4908,6 +4912,8 @@ matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}" matrix_conduit_hostname: "{{ matrix_server_fqn_matrix }}" +matrix_conduit_allow_federation: "{{ matrix_homeserver_federation_enabled }}" + matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}" matrix_conduit_container_additional_networks_auto: | diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 2d324c34f..8c709bff5 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -150,6 +150,10 @@ matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" # Specifies on which container network the homeserver is. matrix_homeserver_container_network: "matrix-homeserver" +# Specifies whether the homeserver will federate at all. +# Disable this to completely isolate your server from the rest of the Matrix network. +matrix_homeserver_federation_enabled: true + # Specifies which systemd services are responsible for the homeserver matrix_homeserver_systemd_services_list: []