mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-24 01:48:29 +01:00
Rename some variables
This commit is contained in:
parent
8cac29a5d5
commit
a43bcd81fe
15
CHANGELOG.md
15
CHANGELOG.md
@ -1,3 +1,18 @@
|
||||
# 2019-02-19
|
||||
|
||||
## Renaming variables
|
||||
|
||||
The following playbook variables were renamed:
|
||||
|
||||
- from `host_specific_hostname_identity` to `matrix_domain`
|
||||
- from `hostname_identity` to `matrix_domain`
|
||||
- from `hostname_matrix` to `matrix_server_fqn_matrix`
|
||||
- from `hostname_riot` to `matrix_server_fqn_riot`
|
||||
- from `host_specific_matrix_ssl_lets_encrypt_support_email` to `matrix_ssl_lets_encrypt_support_email`
|
||||
|
||||
Doing that, we've simplified things, made names less confusing (hopefully) and moved all variable names under the `matrix_` prefix.
|
||||
|
||||
|
||||
# 2019-02-16
|
||||
|
||||
## Riot v1.0.1 support
|
||||
|
@ -73,4 +73,4 @@ matrix_appservice_irc_configuration_extension_yaml: |
|
||||
lineLimit: 3
|
||||
```
|
||||
|
||||
You then need to start a chat with `@irc_bot:{{ hostname_identity }}`
|
||||
You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
||||
|
@ -12,4 +12,4 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
|
||||
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
|
||||
```
|
||||
|
||||
You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
|
||||
You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
||||
|
@ -10,4 +10,4 @@ Use the following playbook configuration:
|
||||
matrix_mautrix_whatsapp_enabled: true
|
||||
```
|
||||
|
||||
You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
|
||||
You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
||||
|
@ -66,13 +66,13 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
|
||||
To do that, simply define your own custom configuration like this:
|
||||
|
||||
```yaml
|
||||
# Note: we need to include the matrix (`hostname_matrix`) and riot (`hostname_riot`) domains explicitly.
|
||||
# Your base domain is in the `hostname_identity` variable.
|
||||
# Note: we need to include the matrix (`matrix_server_fqn_matrix`) and riot (`matrix_server_fqn_riot`) domains explicitly.
|
||||
# Your base domain is in the `matrix_domain` variable.
|
||||
# Adding any other additional domains (hosted on the same machine) is possible.
|
||||
matrix_ssl_domains_to_obtain_certificates_for:
|
||||
- '{{ hostname_matrix }}'
|
||||
- '{{ hostname_riot }}'
|
||||
- '{{ hostname_identity }}'
|
||||
- '{{ matrix_server_fqn_matrix }}'
|
||||
- '{{ matrix_server_fqn_riot }}'
|
||||
- '{{ matrix_domain }}'
|
||||
```
|
||||
|
||||
After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:
|
||||
|
@ -1,26 +1,21 @@
|
||||
# This is something which is provided to Let's Encrypt
|
||||
# when retrieving the SSL certificates for domains.
|
||||
# The bare domain name which represents your Matrix identity.
|
||||
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
||||
#
|
||||
# In case SSL renewal fails at some point, you'll also get
|
||||
# an email notification there.
|
||||
#
|
||||
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
|
||||
# you won't be required to define this variable
|
||||
# (see `docs/configuring-playbook-ssl-certificates.md`).
|
||||
#
|
||||
# Example value: someone@example.com
|
||||
host_specific_matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
|
||||
|
||||
# This is your bare domain name (`<your-domain>`).
|
||||
#
|
||||
# Note: the server specified here is not touched.
|
||||
#
|
||||
# This playbook only installs to `matrix.<your-domain>`,
|
||||
# but it nevertheless requires to know the bare domain name
|
||||
# (for configuration purposes).
|
||||
# Note: this playbook does not touch the server referenced here.
|
||||
# Installation happens on another server ("matrix.<matrix-domain>").
|
||||
#
|
||||
# Example value: example.com
|
||||
host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE
|
||||
matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
|
||||
|
||||
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
|
||||
#
|
||||
# In case SSL renewal fails at some point, you'll also get an email notification there.
|
||||
#
|
||||
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
|
||||
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
|
||||
#
|
||||
# Example value: someone@example.com
|
||||
matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
|
||||
|
||||
# A shared secret (between Coturn and Synapse) used for authentication.
|
||||
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
||||
|
@ -112,7 +112,7 @@ matrix_mailer_enabled: true
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`).
|
||||
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`).
|
||||
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
|
||||
matrix_mxisd_enabled: true
|
||||
|
||||
@ -129,7 +129,7 @@ matrix_mxisd_synapsesql_type: postgresql
|
||||
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
|
||||
|
||||
matrix_mxisd_dns_overwrite_enabled: true
|
||||
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
|
||||
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
||||
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
|
||||
|
||||
# By default, we send mail through the `matrix-mailer` service.
|
||||
@ -207,9 +207,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
|
||||
|
||||
matrix_ssl_domains_to_obtain_certificates_for: |
|
||||
{{
|
||||
([hostname_matrix])
|
||||
([matrix_server_fqn_matrix])
|
||||
+
|
||||
([hostname_riot] if matrix_riot_web_enabled else [])
|
||||
([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
|
||||
}}
|
||||
|
||||
######################################################################
|
||||
@ -247,7 +247,7 @@ matrix_postgres_db_name: "homeserver"
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
|
||||
# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
|
||||
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
|
||||
matrix_riot_web_enabled: true
|
||||
|
||||
@ -274,7 +274,7 @@ matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
|
||||
######################################################################
|
||||
|
||||
# When mxisd is enabled, we can use it instead of the default public Identity servers.
|
||||
matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
||||
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
|
||||
@ -303,13 +303,13 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
|
||||
matrix_synapse_email_smtp_port: 8025
|
||||
matrix_synapse_email_smtp_require_transport_security: false
|
||||
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
|
||||
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
|
||||
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||
|
||||
matrix_synapse_turn_uris: |
|
||||
{{
|
||||
[
|
||||
'turn:' + hostname_matrix + ':3478?transport=udp',
|
||||
'turn:' + hostname_matrix + ':3478?transport=tcp',
|
||||
'turn:' + matrix_server_fqn_matrix + ':3478?transport=udp',
|
||||
'turn:' + matrix_server_fqn_matrix + ':3478?transport=tcp',
|
||||
]
|
||||
if matrix_coturn_enabled
|
||||
else []
|
||||
|
@ -1,16 +1,19 @@
|
||||
# The bare hostname which represents your identity.
|
||||
# This is something like "example.com".
|
||||
# The bare domain name which represents your Matrix identity.
|
||||
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
||||
#
|
||||
# Note: this playbook does not touch the server referenced here.
|
||||
hostname_identity: "{{ host_specific_hostname_identity|lower }}"
|
||||
# Installation happens on another server ("matrix.<matrix-domain>", see `matrix_server_fqn_matrix`).
|
||||
#
|
||||
# Example value: example.com
|
||||
matrix_domain: ~
|
||||
|
||||
# This is where your data lives and what we set up here.
|
||||
# This and the Riot hostname (see below) are expected to be on the same server.
|
||||
hostname_matrix: "matrix.{{ hostname_identity }}"
|
||||
# This is where your data lives and what we set up.
|
||||
# This and the Riot FQN (see below) are expected to be on the same server.
|
||||
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access the web UI from and what we set up here.
|
||||
# This and the Matrix hostname (see above) are expected to be on the same server.
|
||||
hostname_riot: "riot.{{ hostname_identity }}"
|
||||
|
||||
# This and the Matrix FQN (see above) are expected to be on the same server.
|
||||
matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
|
||||
|
||||
matrix_user_username: "matrix"
|
||||
matrix_user_uid: 991
|
||||
@ -21,7 +24,7 @@ matrix_base_data_path_mode: "750"
|
||||
|
||||
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
||||
|
||||
matrix_homeserver_url: "https://{{ hostname_matrix }}"
|
||||
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
matrix_identity_server_url: ~
|
||||
|
||||
@ -32,8 +35,8 @@ matrix_docker_network: "matrix"
|
||||
#
|
||||
# If you wish to rely on DNS SRV records only, you can disable this.
|
||||
# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
|
||||
# using certificates for the base domain (`hostname_identity`) and not for the
|
||||
# matrix domain (`hostname_matrix`).
|
||||
# using certificates for the base domain (`matrix_domain`) and not for the
|
||||
# matrix domain (`matrix_server_fqn_matrix`).
|
||||
matrix_well_known_matrix_server_enabled: true
|
||||
|
||||
# Variables to Control which parts of our roles run.
|
||||
|
@ -1,3 +1,7 @@
|
||||
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
|
||||
when: run_setup
|
||||
tags:
|
||||
@ -21,13 +25,9 @@
|
||||
- setup-synapse
|
||||
- setup-nginx-proxy
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: run_self_check
|
||||
tags:
|
||||
- self-check
|
||||
- self-check
|
||||
|
@ -15,15 +15,32 @@
|
||||
msg: "{{ matrix_ansible_outdated_fail_msg }}"
|
||||
when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
|
||||
|
||||
# This sanity check is only used to detect uppercase when people override these specific variables.
|
||||
#
|
||||
# If people set `host_specific_hostname_identity` without overriding other variables (the general use-case),
|
||||
# we take care to lower-case it automatically and it won't cause trouble anyway.
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
|
||||
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
|
||||
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
|
||||
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "The `{{ item }}` variable must be defined and have a non-null value"
|
||||
with_items:
|
||||
- matrix_domain
|
||||
- matrix_server_fqn_matrix
|
||||
- matrix_server_fqn_riot
|
||||
when: "item not in vars or vars[item] is none"
|
||||
|
||||
- name: Fail if uppercase domain used
|
||||
fail:
|
||||
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
|
||||
when: "item != item|lower"
|
||||
with_items:
|
||||
- "{{ hostname_identity }}"
|
||||
- "{{ hostname_matrix }}"
|
||||
- "{{ hostname_riot }}"
|
||||
- "{{ matrix_domain }}"
|
||||
- "{{ matrix_server_fqn_matrix }}"
|
||||
- "{{ matrix_server_fqn_riot }}"
|
||||
when: "item != item|lower"
|
||||
|
@ -4,16 +4,16 @@
|
||||
set_fact:
|
||||
dns_srv_record_checks:
|
||||
- service_and_protocol: "_matrix._tcp"
|
||||
domain: "{{ (hostname_identity + '.') }}"
|
||||
expected_target: "{{ (hostname_matrix + '.') }}"
|
||||
domain: "{{ (matrix_domain + '.') }}"
|
||||
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
|
||||
expected_port: 8448
|
||||
|
||||
- block:
|
||||
- set_fact:
|
||||
dns_srv_record_check_mxisd:
|
||||
service_and_protocol: "_matrix-identity._tcp"
|
||||
domain: "{{ (hostname_identity + '.') }}"
|
||||
expected_target: "{{ (hostname_matrix + '.') }}"
|
||||
domain: "{{ (matrix_domain + '.') }}"
|
||||
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
|
||||
expected_port: 443
|
||||
|
||||
- name: Determine domains that we require certificates for (mxisd)
|
||||
@ -25,4 +25,4 @@
|
||||
include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
|
||||
with_items: "{{ dns_srv_record_checks }}"
|
||||
loop_control:
|
||||
loop_var: dns_srv_record_check
|
||||
loop_var: dns_srv_record_check
|
||||
|
@ -1,3 +1,3 @@
|
||||
{
|
||||
"m.server": "{{ hostname_matrix }}:8448"
|
||||
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ if [ "$(id -u)" != "0" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "WARNING! You are about to remove everything the playbook installs for matrix.{{ host_specific_hostname_identity }}: matrix, docker images,..."
|
||||
echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images,..."
|
||||
echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'"
|
||||
read sure
|
||||
|
||||
|
@ -15,7 +15,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
|
||||
matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
|
||||
matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
|
||||
|
||||
matrix_corporal_matrix_homeserver_domain_name: "{{ hostname_identity }}"
|
||||
matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
|
||||
|
||||
# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008").
|
||||
# If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
corporal_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/corporal"
|
||||
corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal"
|
||||
|
||||
- name: Check Matrix Corporal HTTP gateway
|
||||
uri:
|
||||
@ -13,9 +13,9 @@
|
||||
|
||||
- name: Fail if Matrix Corporal HTTP gateway not working
|
||||
fail:
|
||||
msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
|
||||
msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
|
||||
when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content"
|
||||
|
||||
- name: Report working Matrix Corporal HTTP gateway
|
||||
debug:
|
||||
msg: "Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"
|
||||
msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"
|
||||
|
@ -8,7 +8,7 @@
|
||||
},
|
||||
|
||||
"Reconciliation": {
|
||||
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ hostname_identity }}",
|
||||
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}",
|
||||
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
|
||||
},
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
use-auth-secret
|
||||
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
|
||||
realm=turn.{{ hostname_matrix }}
|
||||
realm=turn.{{ matrix_server_fqn_matrix }}
|
||||
min-port={{ matrix_coturn_turn_udp_min_port }}
|
||||
max-port={{ matrix_coturn_turn_udp_max_port }}
|
||||
external-ip={{ matrix_coturn_turn_external_ip_address }}
|
||||
|
@ -9,7 +9,7 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0"
|
||||
matrix_mailer_container_user_uid: 100
|
||||
matrix_mailer_container_user_gid: 101
|
||||
|
||||
matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
|
||||
matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
|
||||
matrix_mailer_relay_use: false
|
||||
matrix_mailer_relay_host_name: "mail.example.com"
|
||||
matrix_mailer_relay_host_port: 587
|
||||
|
@ -15,7 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
||||
--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--env-file={{ matrix_mailer_base_path }}/env-mailer \
|
||||
--hostname={{ hostname_matrix }} \
|
||||
--hostname={{ matrix_server_fqn_matrix }} \
|
||||
{{ matrix_mailer_docker_image }}
|
||||
ExecStop=-/usr/bin/docker kill matrix-mailer
|
||||
ExecStop=-/usr/bin/docker rm matrix-mailer
|
||||
|
@ -29,7 +29,7 @@ matrix_mxisd_synapsesql_type: ""
|
||||
matrix_mxisd_synapsesql_connection: ""
|
||||
|
||||
# Setting up email-sending settings is required for using mxisd.
|
||||
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ hostname_identity }}"
|
||||
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
|
||||
matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
|
||||
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
|
||||
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
|
||||
@ -40,7 +40,7 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
|
||||
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
|
||||
# so that mxisd can rewrite the original URL to one that would reach the homeserver.
|
||||
matrix_mxisd_dns_overwrite_enabled: false
|
||||
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
|
||||
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
||||
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
|
||||
|
||||
# Default mxisd configuration template which covers the generic use case.
|
||||
@ -50,10 +50,10 @@ matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mxisd_configuration_yaml: |
|
||||
matrix:
|
||||
domain: {{ hostname_identity }}
|
||||
domain: {{ matrix_domain }}
|
||||
|
||||
server:
|
||||
name: {{ hostname_matrix }}
|
||||
name: {{ matrix_server_fqn_matrix }}
|
||||
|
||||
key:
|
||||
path: /var/mxisd/sign.key
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
mxisd_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/identity/api/v1"
|
||||
mxisd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1"
|
||||
|
||||
- name: Check mxisd Identity Service
|
||||
uri:
|
||||
@ -12,9 +12,9 @@
|
||||
|
||||
- name: Fail if mxisd Identity Service not working
|
||||
fail:
|
||||
msg: "Failed checking mxisd is up at `{{ hostname_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
|
||||
msg: "Failed checking mxisd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
|
||||
when: "result_mxisd.failed or 'json' not in result_mxisd"
|
||||
|
||||
- name: Report working mxisd Identity Service
|
||||
debug:
|
||||
msg: "mxisd at `{{ hostname_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"
|
||||
msg: "mxisd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"
|
||||
|
@ -22,11 +22,11 @@ matrix_nginx_proxy_container_additional_volumes: []
|
||||
|
||||
# Controls whether proxying the riot domain should be done.
|
||||
matrix_nginx_proxy_proxy_riot_enabled: false
|
||||
matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"
|
||||
matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
|
||||
|
||||
# Controls whether proxying the matrix domain should be done.
|
||||
matrix_nginx_proxy_proxy_matrix_enabled: false
|
||||
matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}"
|
||||
matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
|
||||
@ -92,7 +92,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
|
||||
# obeying the following hierarchy:
|
||||
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
||||
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
||||
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
||||
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
|
||||
#
|
||||
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
|
||||
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
|
||||
@ -106,7 +106,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
|
||||
matrix_ssl_lets_encrypt_staging: false
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
|
||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
|
||||
matrix_ssl_lets_encrypt_support_email: ~
|
||||
|
||||
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
|
||||
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
|
||||
|
@ -1,8 +1,8 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}"
|
||||
well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}"
|
||||
well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
|
||||
well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
|
||||
|
||||
# These well-known files may be served without a `Content-Type: application/json` header,
|
||||
# so we can't rely on the uri module's automatic parsing of JSON.
|
||||
@ -16,7 +16,7 @@
|
||||
|
||||
- name: Fail if .well-known not working on the matrix hostname
|
||||
fail:
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
||||
when: "result_well_known_matrix.failed"
|
||||
|
||||
- name: Parse JSON for well-known payload at the matrix hostname
|
||||
@ -25,12 +25,12 @@
|
||||
|
||||
- name: Fail if .well-known not CORS-aware on the matrix hostname
|
||||
fail:
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
||||
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
|
||||
|
||||
- name: Report working .well-known on the matrix hostname
|
||||
debug:
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
||||
|
||||
- name: Check .well-known on the identity hostname
|
||||
uri:
|
||||
@ -42,7 +42,7 @@
|
||||
|
||||
- name: Fail if .well-known not working on the identity hostname
|
||||
fail:
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
||||
when: "result_well_known_identity.failed"
|
||||
|
||||
- name: Parse JSON for well-known payload at the identity hostname
|
||||
@ -51,15 +51,15 @@
|
||||
|
||||
- name: Fail if .well-known not CORS-aware on the identity hostname
|
||||
fail:
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
||||
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
|
||||
|
||||
# For people who manually copy the well-known file, try to detect if it's outdated
|
||||
- name: Fail if well-known is different on matrix hostname and identity hostname
|
||||
fail:
|
||||
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
||||
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
||||
when: "well_known_matrix_payload != well_known_identity_payload"
|
||||
|
||||
- name: Report working .well-known on the identity hostname
|
||||
debug:
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|
||||
|
@ -16,10 +16,22 @@
|
||||
# Tasks related to setting up Let's Encrypt's management of certificates
|
||||
#
|
||||
|
||||
- name: (Deprecation) Fail if using outdated configuration
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined"
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
with_items:
|
||||
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "Detected an undefined required variable"
|
||||
with_items:
|
||||
- "{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none"
|
||||
|
||||
- name: Allow access to HTTP/HTTPS in firewalld
|
||||
firewalld:
|
||||
@ -111,4 +123,4 @@
|
||||
file:
|
||||
path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
|
||||
state: absent
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
|
@ -13,4 +13,4 @@ docker run \
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
||||
--network {{ matrix_docker_network }} \
|
||||
{{ matrix_postgres_docker_image_to_use }} \
|
||||
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ host_specific_hostname_identity }}'"
|
||||
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
riot_web_url_endpoint_public: "https://{{ hostname_riot }}/config.json"
|
||||
riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"
|
||||
|
||||
- name: Check riot-web
|
||||
uri:
|
||||
@ -12,9 +12,9 @@
|
||||
|
||||
- name: Fail if riot-web not working
|
||||
fail:
|
||||
msg: "Failed checking riot-web is up at `{{ hostname_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
|
||||
msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
|
||||
when: "result_riot_web.failed or 'json' not in result_riot_web"
|
||||
|
||||
- name: Report working riot-web
|
||||
debug:
|
||||
msg: "riot-web at `{{ hostname_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
|
||||
msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
|
||||
|
@ -71,8 +71,8 @@ matrix_synapse_rc_message_burst_count: 10.0
|
||||
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
|
||||
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
|
||||
matrix_synapse_tls_federation_listener_enabled: true
|
||||
matrix_synapse_tls_certificate_path: "/data/{{ hostname_matrix }}.tls.crt"
|
||||
matrix_synapse_tls_private_key_path: "/data/{{ hostname_matrix }}.tls.key"
|
||||
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
|
||||
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
|
||||
|
||||
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
||||
# (things like number of users, number of messages sent, uptime, load, etc.)
|
||||
@ -155,8 +155,8 @@ matrix_synapse_email_enabled: false
|
||||
matrix_synapse_email_smtp_host: ""
|
||||
matrix_synapse_email_smtp_port: 587
|
||||
matrix_synapse_email_smtp_require_transport_security: false
|
||||
matrix_synapse_email_notif_from: "Matrix <matrix@{{ hostname_identity }}>"
|
||||
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
|
||||
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
||||
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||
|
||||
|
||||
# Enable this to activate the REST auth password provider module.
|
||||
@ -229,8 +229,8 @@ matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
||||
|
||||
matrix_appservice_irc_configuration_yaml: |
|
||||
homeserver:
|
||||
url: "https://{{ hostname_matrix }}"
|
||||
domain: "{{ hostname_identity }}"
|
||||
url: "https://{{ matrix_server_fqn_matrix }}"
|
||||
domain: "{{ matrix_domain }}"
|
||||
enablePresence: true
|
||||
|
||||
matrix_appservice_irc_configuration_extension_yaml: |
|
||||
|
@ -9,9 +9,9 @@
|
||||
|
||||
- name: Fail if Matrix Client API not working
|
||||
fail:
|
||||
msg: "Failed checking Matrix Client API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
|
||||
msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
|
||||
when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api"
|
||||
|
||||
- name: Report working Matrix Client API
|
||||
debug:
|
||||
msg: "The Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
|
||||
msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
|
||||
|
@ -10,9 +10,9 @@
|
||||
|
||||
- name: Fail if Matrix Federation API not working
|
||||
fail:
|
||||
msg: "Failed checking Matrix Federation API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
||||
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
||||
when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api"
|
||||
|
||||
- name: Report working Matrix Federation API
|
||||
debug:
|
||||
msg: "The Matrix Federation API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
|
||||
msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
|
||||
|
@ -41,7 +41,7 @@
|
||||
--cap-drop=ALL
|
||||
-v {{ matrix_synapse_config_dir_path }}:/data
|
||||
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||
-e SYNAPSE_SERVER_NAME={{ hostname_matrix }}
|
||||
-e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }}
|
||||
-e SYNAPSE_REPORT_STATS=no
|
||||
{{ matrix_synapse_docker_image }}
|
||||
generate
|
||||
@ -56,7 +56,7 @@
|
||||
- name: Ensure Matrix log config installed
|
||||
template:
|
||||
src: "{{ matrix_synapse_template_synapse_log }}"
|
||||
dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config"
|
||||
dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config"
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure matrix-synapse.service installed
|
||||
|
@ -10,7 +10,7 @@
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: >
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
when: "item.old in vars"
|
||||
|
@ -1,9 +1,9 @@
|
||||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: https://{{ hostname_matrix }}
|
||||
address: https://{{ matrix_server_fqn_matrix }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ hostname_identity }}
|
||||
domain: {{ matrix_domain }}
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
@ -38,7 +38,7 @@ appservice:
|
||||
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||
# implicitly.
|
||||
external: https://{{ hostname_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
|
||||
external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
|
||||
|
||||
# Provisioning API part of the web server for automated portal creation and fetching information.
|
||||
# Used by things like Dimension (https://dimension.t2bot.io/).
|
||||
@ -206,7 +206,7 @@ bridge:
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ hostname_identity }}': full
|
||||
'{{ matrix_domain }}': full
|
||||
|
||||
# Options related to the message relay Telegram bot.
|
||||
relaybot:
|
||||
|
@ -1,9 +1,9 @@
|
||||
# Homeserver details.
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: https://{{ hostname_matrix }}
|
||||
address: https://{{ matrix_server_fqn_matrix }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ hostname_identity }}
|
||||
domain: {{ matrix_domain }}
|
||||
|
||||
# Application service host/registration related details.
|
||||
# Changing these values requires regeneration of the registration.
|
||||
@ -67,7 +67,7 @@ bridge:
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ hostname_identity }}': user
|
||||
'{{ matrix_domain }}': user
|
||||
|
||||
# Logging config.
|
||||
logging:
|
||||
|
@ -5,7 +5,7 @@
|
||||
# This is used by remote servers to connect to this server,
|
||||
# e.g. matrix.org, localhost:8080, etc.
|
||||
# This is also the last part of your UserID.
|
||||
server_name: "{{ hostname_identity }}"
|
||||
server_name: "{{ matrix_domain }}"
|
||||
|
||||
# When running as a daemon, the file to store the pid in
|
||||
pid_file: /homeserver.pid
|
||||
@ -43,7 +43,7 @@ pid_file: /homeserver.pid
|
||||
# enter into the 'custom HS URL' field on their client. If you
|
||||
# use synapse with a reverse proxy, this should be the URL to reach
|
||||
# synapse via the proxy.
|
||||
public_baseurl: https://{{ hostname_matrix }}/
|
||||
public_baseurl: https://{{ matrix_server_fqn_matrix }}/
|
||||
|
||||
# Set the soft limit on the number of file descriptors synapse can use
|
||||
# Zero is used to indicate synapse should set the soft limit to the
|
||||
@ -339,7 +339,7 @@ event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
||||
|
||||
|
||||
# A yaml python logging config file
|
||||
log_config: "/data/{{ hostname_matrix }}.log.config"
|
||||
log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
|
||||
|
||||
|
||||
## Ratelimiting ##
|
||||
@ -660,7 +660,7 @@ form_secret: {{ matrix_synapse_form_secret|to_json }}
|
||||
## Signing Keys ##
|
||||
|
||||
# Path to the signing key to sign messages with
|
||||
signing_key_path: "/data/{{ hostname_matrix }}.signing.key"
|
||||
signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key"
|
||||
|
||||
# The keys that the server used to sign messages with but won't use
|
||||
# to sign new messages. E.g. it has lost its private key
|
||||
|
@ -2,5 +2,5 @@
|
||||
|
||||
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
||||
|
||||
matrix_synapse_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/versions"
|
||||
matrix_synapse_federation_api_url_endpoint_public: "https://{{ hostname_matrix }}:8448/_matrix/federation/v1/version"
|
||||
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
|
||||
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"
|
||||
|
Loading…
Reference in New Issue
Block a user