Rename some variables

This commit is contained in:
Slavi Pantaleev 2019-02-28 11:51:09 +02:00
parent 8cac29a5d5
commit a43bcd81fe
35 changed files with 173 additions and 131 deletions

View File

@ -1,3 +1,18 @@
# 2019-02-19
## Renaming variables
The following playbook variables were renamed:
- from `host_specific_hostname_identity` to `matrix_domain`
- from `hostname_identity` to `matrix_domain`
- from `hostname_matrix` to `matrix_server_fqn_matrix`
- from `hostname_riot` to `matrix_server_fqn_riot`
- from `host_specific_matrix_ssl_lets_encrypt_support_email` to `matrix_ssl_lets_encrypt_support_email`
Doing that, we've simplified things, made names less confusing (hopefully) and moved all variable names under the `matrix_` prefix.
# 2019-02-16 # 2019-02-16
## Riot v1.0.1 support ## Riot v1.0.1 support

View File

@ -73,4 +73,4 @@ matrix_appservice_irc_configuration_extension_yaml: |
lineLimit: 3 lineLimit: 3
``` ```
You then need to start a chat with `@irc_bot:{{ hostname_identity }}` You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

View File

@ -12,4 +12,4 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
``` ```
You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname). You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

View File

@ -10,4 +10,4 @@ Use the following playbook configuration:
matrix_mautrix_whatsapp_enabled: true matrix_mautrix_whatsapp_enabled: true
``` ```
You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname). You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

View File

@ -66,13 +66,13 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
To do that, simply define your own custom configuration like this: To do that, simply define your own custom configuration like this:
```yaml ```yaml
# Note: we need to include the matrix (`hostname_matrix`) and riot (`hostname_riot`) domains explicitly. # Note: we need to include the matrix (`matrix_server_fqn_matrix`) and riot (`matrix_server_fqn_riot`) domains explicitly.
# Your base domain is in the `hostname_identity` variable. # Your base domain is in the `matrix_domain` variable.
# Adding any other additional domains (hosted on the same machine) is possible. # Adding any other additional domains (hosted on the same machine) is possible.
matrix_ssl_domains_to_obtain_certificates_for: matrix_ssl_domains_to_obtain_certificates_for:
- '{{ hostname_matrix }}' - '{{ matrix_server_fqn_matrix }}'
- '{{ hostname_riot }}' - '{{ matrix_server_fqn_riot }}'
- '{{ hostname_identity }}' - '{{ matrix_domain }}'
``` ```
After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should: After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:

View File

@ -1,26 +1,21 @@
# This is something which is provided to Let's Encrypt # The bare domain name which represents your Matrix identity.
# when retrieving the SSL certificates for domains. # Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
# #
# In case SSL renewal fails at some point, you'll also get # Note: this playbook does not touch the server referenced here.
# an email notification there. # Installation happens on another server ("matrix.<matrix-domain>").
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable
# (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
host_specific_matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
# This is your bare domain name (`<your-domain>`).
#
# Note: the server specified here is not touched.
#
# This playbook only installs to `matrix.<your-domain>`,
# but it nevertheless requires to know the bare domain name
# (for configuration purposes).
# #
# Example value: example.com # Example value: example.com
host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
# A shared secret (between Coturn and Synapse) used for authentication. # A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).

View File

@ -112,7 +112,7 @@ matrix_mailer_enabled: true
# #
###################################################################### ######################################################################
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`). # By default, this playbook installs the mxisd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`).
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
matrix_mxisd_enabled: true matrix_mxisd_enabled: true
@ -129,7 +129,7 @@ matrix_mxisd_synapsesql_type: postgresql
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }} matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
matrix_mxisd_dns_overwrite_enabled: true matrix_mxisd_dns_overwrite_enabled: true
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}" matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}" matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
# By default, we send mail through the `matrix-mailer` service. # By default, we send mail through the `matrix-mailer` service.
@ -207,9 +207,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
matrix_ssl_domains_to_obtain_certificates_for: | matrix_ssl_domains_to_obtain_certificates_for: |
{{ {{
([hostname_matrix]) ([matrix_server_fqn_matrix])
+ +
([hostname_riot] if matrix_riot_web_enabled else []) ([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
}} }}
###################################################################### ######################################################################
@ -247,7 +247,7 @@ matrix_postgres_db_name: "homeserver"
# #
###################################################################### ######################################################################
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain. # By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
# If you wish to connect to your Matrix server by other means, you may wish to disable this. # If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_riot_web_enabled: true matrix_riot_web_enabled: true
@ -274,7 +274,7 @@ matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
###################################################################### ######################################################################
# When mxisd is enabled, we can use it instead of the default public Identity servers. # When mxisd is enabled, we can use it instead of the default public Identity servers.
matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}" matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
@ -303,13 +303,13 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
matrix_synapse_email_smtp_port: 8025 matrix_synapse_email_smtp_port: 8025
matrix_synapse_email_smtp_require_transport_security: false matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>" matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}" matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
matrix_synapse_turn_uris: | matrix_synapse_turn_uris: |
{{ {{
[ [
'turn:' + hostname_matrix + ':3478?transport=udp', 'turn:' + matrix_server_fqn_matrix + ':3478?transport=udp',
'turn:' + hostname_matrix + ':3478?transport=tcp', 'turn:' + matrix_server_fqn_matrix + ':3478?transport=tcp',
] ]
if matrix_coturn_enabled if matrix_coturn_enabled
else [] else []

View File

@ -1,16 +1,19 @@
# The bare hostname which represents your identity. # The bare domain name which represents your Matrix identity.
# This is something like "example.com". # Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here. # Note: this playbook does not touch the server referenced here.
hostname_identity: "{{ host_specific_hostname_identity|lower }}" # Installation happens on another server ("matrix.<matrix-domain>", see `matrix_server_fqn_matrix`).
#
# Example value: example.com
matrix_domain: ~
# This is where your data lives and what we set up here. # This is where your data lives and what we set up.
# This and the Riot hostname (see below) are expected to be on the same server. # This and the Riot FQN (see below) are expected to be on the same server.
hostname_matrix: "matrix.{{ hostname_identity }}" matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
# This is where you access the web UI from and what we set up here. # This is where you access the web UI from and what we set up here.
# This and the Matrix hostname (see above) are expected to be on the same server. # This and the Matrix FQN (see above) are expected to be on the same server.
hostname_riot: "riot.{{ hostname_identity }}" matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
matrix_user_username: "matrix" matrix_user_username: "matrix"
matrix_user_uid: 991 matrix_user_uid: 991
@ -21,7 +24,7 @@ matrix_base_data_path_mode: "750"
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
matrix_homeserver_url: "https://{{ hostname_matrix }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
matrix_identity_server_url: ~ matrix_identity_server_url: ~
@ -32,8 +35,8 @@ matrix_docker_network: "matrix"
# #
# If you wish to rely on DNS SRV records only, you can disable this. # If you wish to rely on DNS SRV records only, you can disable this.
# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448) # Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
# using certificates for the base domain (`hostname_identity`) and not for the # using certificates for the base domain (`matrix_domain`) and not for the
# matrix domain (`hostname_matrix`). # matrix domain (`matrix_server_fqn_matrix`).
matrix_well_known_matrix_server_enabled: true matrix_well_known_matrix_server_enabled: true
# Variables to Control which parts of our roles run. # Variables to Control which parts of our roles run.

View File

@ -1,3 +1,7 @@
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" - import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
when: run_setup when: run_setup
tags: tags:
@ -21,10 +25,6 @@
- setup-synapse - setup-synapse
- setup-nginx-proxy - setup-nginx-proxy
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml" - import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false

View File

@ -15,15 +15,32 @@
msg: "{{ matrix_ansible_outdated_fail_msg }}" msg: "{{ matrix_ansible_outdated_fail_msg }}"
when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2" when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
# This sanity check is only used to detect uppercase when people override these specific variables. - name: (Deprecation) Catch and report renamed settings
# fail:
# If people set `host_specific_hostname_identity` without overriding other variables (the general use-case), msg: >-
# we take care to lower-case it automatically and it won't cause trouble anyway. Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
- name: Fail if required variables are undefined
fail:
msg: "The `{{ item }}` variable must be defined and have a non-null value"
with_items:
- matrix_domain
- matrix_server_fqn_matrix
- matrix_server_fqn_riot
when: "item not in vars or vars[item] is none"
- name: Fail if uppercase domain used - name: Fail if uppercase domain used
fail: fail:
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!" msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
when: "item != item|lower"
with_items: with_items:
- "{{ hostname_identity }}" - "{{ matrix_domain }}"
- "{{ hostname_matrix }}" - "{{ matrix_server_fqn_matrix }}"
- "{{ hostname_riot }}" - "{{ matrix_server_fqn_riot }}"
when: "item != item|lower"

View File

@ -4,16 +4,16 @@
set_fact: set_fact:
dns_srv_record_checks: dns_srv_record_checks:
- service_and_protocol: "_matrix._tcp" - service_and_protocol: "_matrix._tcp"
domain: "{{ (hostname_identity + '.') }}" domain: "{{ (matrix_domain + '.') }}"
expected_target: "{{ (hostname_matrix + '.') }}" expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
expected_port: 8448 expected_port: 8448
- block: - block:
- set_fact: - set_fact:
dns_srv_record_check_mxisd: dns_srv_record_check_mxisd:
service_and_protocol: "_matrix-identity._tcp" service_and_protocol: "_matrix-identity._tcp"
domain: "{{ (hostname_identity + '.') }}" domain: "{{ (matrix_domain + '.') }}"
expected_target: "{{ (hostname_matrix + '.') }}" expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
expected_port: 443 expected_port: 443
- name: Determine domains that we require certificates for (mxisd) - name: Determine domains that we require certificates for (mxisd)

View File

@ -1,3 +1,3 @@
{ {
"m.server": "{{ hostname_matrix }}:8448" "m.server": "{{ matrix_server_fqn_matrix }}:8448"
} }

View File

@ -5,7 +5,7 @@ if [ "$(id -u)" != "0" ]; then
exit 1 exit 1
fi fi
echo "WARNING! You are about to remove everything the playbook installs for matrix.{{ host_specific_hostname_identity }}: matrix, docker images,..." echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images,..."
echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'" echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'"
read sure read sure

View File

@ -15,7 +15,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache" matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
matrix_corporal_matrix_homeserver_domain_name: "{{ hostname_identity }}" matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008"). # Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008").
# If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`. # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.

View File

@ -1,7 +1,7 @@
--- ---
- set_fact: - set_fact:
corporal_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/corporal" corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal"
- name: Check Matrix Corporal HTTP gateway - name: Check Matrix Corporal HTTP gateway
uri: uri:
@ -13,9 +13,9 @@
- name: Fail if Matrix Corporal HTTP gateway not working - name: Fail if Matrix Corporal HTTP gateway not working
fail: fail:
msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}" msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content" when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content"
- name: Report working Matrix Corporal HTTP gateway - name: Report working Matrix Corporal HTTP gateway
debug: debug:
msg: "Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)" msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"

View File

@ -8,7 +8,7 @@
}, },
"Reconciliation": { "Reconciliation": {
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ hostname_identity }}", "UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}",
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }} "RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
}, },

View File

@ -1,6 +1,6 @@
use-auth-secret use-auth-secret
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }} static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
realm=turn.{{ hostname_matrix }} realm=turn.{{ matrix_server_fqn_matrix }}
min-port={{ matrix_coturn_turn_udp_min_port }} min-port={{ matrix_coturn_turn_udp_min_port }}
max-port={{ matrix_coturn_turn_udp_max_port }} max-port={{ matrix_coturn_turn_udp_max_port }}
external-ip={{ matrix_coturn_turn_external_ip_address }} external-ip={{ matrix_coturn_turn_external_ip_address }}

View File

@ -9,7 +9,7 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0"
matrix_mailer_container_user_uid: 100 matrix_mailer_container_user_uid: 100
matrix_mailer_container_user_gid: 101 matrix_mailer_container_user_gid: 101
matrix_mailer_sender_address: "matrix@{{ hostname_identity }}" matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
matrix_mailer_relay_use: false matrix_mailer_relay_use: false
matrix_mailer_relay_host_name: "mail.example.com" matrix_mailer_relay_host_name: "mail.example.com"
matrix_mailer_relay_host_port: 587 matrix_mailer_relay_host_port: 587

View File

@ -15,7 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \ --tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
--env-file={{ matrix_mailer_base_path }}/env-mailer \ --env-file={{ matrix_mailer_base_path }}/env-mailer \
--hostname={{ hostname_matrix }} \ --hostname={{ matrix_server_fqn_matrix }} \
{{ matrix_mailer_docker_image }} {{ matrix_mailer_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mailer ExecStop=-/usr/bin/docker kill matrix-mailer
ExecStop=-/usr/bin/docker rm matrix-mailer ExecStop=-/usr/bin/docker rm matrix-mailer

View File

@ -29,7 +29,7 @@ matrix_mxisd_synapsesql_type: ""
matrix_mxisd_synapsesql_connection: "" matrix_mxisd_synapsesql_connection: ""
# Setting up email-sending settings is required for using mxisd. # Setting up email-sending settings is required for using mxisd.
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ hostname_identity }}" matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
matrix_mxisd_threepid_medium_email_connectors_smtp_host: "" matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587 matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1 matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
@ -40,7 +40,7 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd, # Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
# so that mxisd can rewrite the original URL to one that would reach the homeserver. # so that mxisd can rewrite the original URL to one that would reach the homeserver.
matrix_mxisd_dns_overwrite_enabled: false matrix_mxisd_dns_overwrite_enabled: false
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}" matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# Default mxisd configuration template which covers the generic use case. # Default mxisd configuration template which covers the generic use case.
@ -50,10 +50,10 @@ matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# or completely replace this variable with your own template. # or completely replace this variable with your own template.
matrix_mxisd_configuration_yaml: | matrix_mxisd_configuration_yaml: |
matrix: matrix:
domain: {{ hostname_identity }} domain: {{ matrix_domain }}
server: server:
name: {{ hostname_matrix }} name: {{ matrix_server_fqn_matrix }}
key: key:
path: /var/mxisd/sign.key path: /var/mxisd/sign.key

View File

@ -1,7 +1,7 @@
--- ---
- set_fact: - set_fact:
mxisd_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/identity/api/v1" mxisd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1"
- name: Check mxisd Identity Service - name: Check mxisd Identity Service
uri: uri:
@ -12,9 +12,9 @@
- name: Fail if mxisd Identity Service not working - name: Fail if mxisd Identity Service not working
fail: fail:
msg: "Failed checking mxisd is up at `{{ hostname_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}" msg: "Failed checking mxisd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
when: "result_mxisd.failed or 'json' not in result_mxisd" when: "result_mxisd.failed or 'json' not in result_mxisd"
- name: Report working mxisd Identity Service - name: Report working mxisd Identity Service
debug: debug:
msg: "mxisd at `{{ hostname_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)" msg: "mxisd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"

View File

@ -22,11 +22,11 @@ matrix_nginx_proxy_container_additional_volumes: []
# Controls whether proxying the riot domain should be done. # Controls whether proxying the riot domain should be done.
matrix_nginx_proxy_proxy_riot_enabled: false matrix_nginx_proxy_proxy_riot_enabled: false
matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}" matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
# Controls whether proxying the matrix domain should be done. # Controls whether proxying the matrix domain should be done.
matrix_nginx_proxy_proxy_matrix_enabled: false matrix_nginx_proxy_proxy_matrix_enabled: false
matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}" matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
@ -92,7 +92,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
# obeying the following hierarchy: # obeying the following hierarchy:
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem # - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem # - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`). # where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
# #
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen. # The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`) # It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
@ -106,7 +106,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
matrix_ssl_lets_encrypt_staging: false matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0" matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}" matrix_ssl_lets_encrypt_support_email: ~
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"

View File

@ -1,8 +1,8 @@
--- ---
- set_fact: - set_fact:
well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}" well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}" well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
# These well-known files may be served without a `Content-Type: application/json` header, # These well-known files may be served without a `Content-Type: application/json` header,
# so we can't rely on the uri module's automatic parsing of JSON. # so we can't rely on the uri module's automatic parsing of JSON.
@ -16,7 +16,7 @@
- name: Fail if .well-known not working on the matrix hostname - name: Fail if .well-known not working on the matrix hostname
fail: fail:
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}" msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
when: "result_well_known_matrix.failed" when: "result_well_known_matrix.failed"
- name: Parse JSON for well-known payload at the matrix hostname - name: Parse JSON for well-known payload at the matrix hostname
@ -25,12 +25,12 @@
- name: Fail if .well-known not CORS-aware on the matrix hostname - name: Fail if .well-known not CORS-aware on the matrix hostname
fail: fail:
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set." msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix" when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
- name: Report working .well-known on the matrix hostname - name: Report working .well-known on the matrix hostname
debug: debug:
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)" msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
- name: Check .well-known on the identity hostname - name: Check .well-known on the identity hostname
uri: uri:
@ -42,7 +42,7 @@
- name: Fail if .well-known not working on the identity hostname - name: Fail if .well-known not working on the identity hostname
fail: fail:
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}" msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
when: "result_well_known_identity.failed" when: "result_well_known_identity.failed"
- name: Parse JSON for well-known payload at the identity hostname - name: Parse JSON for well-known payload at the identity hostname
@ -51,15 +51,15 @@
- name: Fail if .well-known not CORS-aware on the identity hostname - name: Fail if .well-known not CORS-aware on the identity hostname
fail: fail:
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md" msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity" when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
# For people who manually copy the well-known file, try to detect if it's outdated # For people who manually copy the well-known file, try to detect if it's outdated
- name: Fail if well-known is different on matrix hostname and identity hostname - name: Fail if well-known is different on matrix hostname and identity hostname
fail: fail:
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?" msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
when: "well_known_matrix_payload != well_known_identity_payload" when: "well_known_matrix_payload != well_known_identity_payload"
- name: Report working .well-known on the identity hostname - name: Report working .well-known on the identity hostname
debug: debug:
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)" msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"

View File

@ -16,10 +16,22 @@
# Tasks related to setting up Let's Encrypt's management of certificates # Tasks related to setting up Let's Encrypt's management of certificates
# #
- name: (Deprecation) Fail if using outdated configuration - name: (Deprecation) Catch and report renamed settings
fail: fail:
msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!" msg: >-
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined" Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
with_items:
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"
- name: Fail if required variables are undefined
fail:
msg: "Detected an undefined required variable"
with_items:
- "{{ matrix_ssl_lets_encrypt_support_email }}"
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none"
- name: Allow access to HTTP/HTTPS in firewalld - name: Allow access to HTTP/HTTPS in firewalld
firewalld: firewalld:

View File

@ -13,4 +13,4 @@ docker run \
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
--network {{ matrix_docker_network }} \ --network {{ matrix_docker_network }} \
{{ matrix_postgres_docker_image_to_use }} \ {{ matrix_postgres_docker_image_to_use }} \
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ host_specific_hostname_identity }}'" psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"

View File

@ -1,7 +1,7 @@
--- ---
- set_fact: - set_fact:
riot_web_url_endpoint_public: "https://{{ hostname_riot }}/config.json" riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"
- name: Check riot-web - name: Check riot-web
uri: uri:
@ -12,9 +12,9 @@
- name: Fail if riot-web not working - name: Fail if riot-web not working
fail: fail:
msg: "Failed checking riot-web is up at `{{ hostname_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}" msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
when: "result_riot_web.failed or 'json' not in result_riot_web" when: "result_riot_web.failed or 'json' not in result_riot_web"
- name: Report working riot-web - name: Report working riot-web
debug: debug:
msg: "riot-web at `{{ hostname_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)" msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"

View File

@ -71,8 +71,8 @@ matrix_synapse_rc_message_burst_count: 10.0
# If you're serving Synapse behind an HTTPS-capable reverse-proxy, # If you're serving Synapse behind an HTTPS-capable reverse-proxy,
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`). # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
matrix_synapse_tls_federation_listener_enabled: true matrix_synapse_tls_federation_listener_enabled: true
matrix_synapse_tls_certificate_path: "/data/{{ hostname_matrix }}.tls.crt" matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
matrix_synapse_tls_private_key_path: "/data/{{ hostname_matrix }}.tls.key" matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org # Enable this to allow Synapse to report utilization statistics about your server to matrix.org
# (things like number of users, number of messages sent, uptime, load, etc.) # (things like number of users, number of messages sent, uptime, load, etc.)
@ -155,8 +155,8 @@ matrix_synapse_email_enabled: false
matrix_synapse_email_smtp_host: "" matrix_synapse_email_smtp_host: ""
matrix_synapse_email_smtp_port: 587 matrix_synapse_email_smtp_port: 587
matrix_synapse_email_smtp_require_transport_security: false matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <matrix@{{ hostname_identity }}>" matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}" matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
# Enable this to activate the REST auth password provider module. # Enable this to activate the REST auth password provider module.
@ -229,8 +229,8 @@ matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
matrix_appservice_irc_configuration_yaml: | matrix_appservice_irc_configuration_yaml: |
homeserver: homeserver:
url: "https://{{ hostname_matrix }}" url: "https://{{ matrix_server_fqn_matrix }}"
domain: "{{ hostname_identity }}" domain: "{{ matrix_domain }}"
enablePresence: true enablePresence: true
matrix_appservice_irc_configuration_extension_yaml: | matrix_appservice_irc_configuration_extension_yaml: |

View File

@ -9,9 +9,9 @@
- name: Fail if Matrix Client API not working - name: Fail if Matrix Client API not working
fail: fail:
msg: "Failed checking Matrix Client API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api" when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api"
- name: Report working Matrix Client API - name: Report working Matrix Client API
debug: debug:
msg: "The Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"

View File

@ -10,9 +10,9 @@
- name: Fail if Matrix Federation API not working - name: Fail if Matrix Federation API not working
fail: fail:
msg: "Failed checking Matrix Federation API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api" when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api"
- name: Report working Matrix Federation API - name: Report working Matrix Federation API
debug: debug:
msg: "The Matrix Federation API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"

View File

@ -41,7 +41,7 @@
--cap-drop=ALL --cap-drop=ALL
-v {{ matrix_synapse_config_dir_path }}:/data -v {{ matrix_synapse_config_dir_path }}:/data
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
-e SYNAPSE_SERVER_NAME={{ hostname_matrix }} -e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }}
-e SYNAPSE_REPORT_STATS=no -e SYNAPSE_REPORT_STATS=no
{{ matrix_synapse_docker_image }} {{ matrix_synapse_docker_image }}
generate generate
@ -56,7 +56,7 @@
- name: Ensure Matrix log config installed - name: Ensure Matrix log config installed
template: template:
src: "{{ matrix_synapse_template_synapse_log }}" src: "{{ matrix_synapse_template_synapse_log }}"
dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config" dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config"
mode: 0644 mode: 0644
- name: Ensure matrix-synapse.service installed - name: Ensure matrix-synapse.service installed

View File

@ -10,7 +10,7 @@
- name: (Deprecation) Catch and report renamed settings - name: (Deprecation) Catch and report renamed settings
fail: fail:
msg: > msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars" when: "item.old in vars"

View File

@ -1,9 +1,9 @@
# Homeserver details # Homeserver details
homeserver: homeserver:
# The address that this appservice can use to connect to the homeserver. # The address that this appservice can use to connect to the homeserver.
address: https://{{ hostname_matrix }} address: https://{{ matrix_server_fqn_matrix }}
# The domain of the homeserver (for MXIDs, etc). # The domain of the homeserver (for MXIDs, etc).
domain: {{ hostname_identity }} domain: {{ matrix_domain }}
# Whether or not to verify the SSL certificate of the homeserver. # Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https:// # Only applies if address starts with https://
verify_ssl: true verify_ssl: true
@ -38,7 +38,7 @@ appservice:
prefix: {{ matrix_mautrix_telegram_public_endpoint }} prefix: {{ matrix_mautrix_telegram_public_endpoint }}
# The base URL where the public-facing endpoints are available. The prefix is not added # The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly. # implicitly.
external: https://{{ hostname_matrix }}{{ matrix_mautrix_telegram_public_endpoint }} external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
# Provisioning API part of the web server for automated portal creation and fetching information. # Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/). # Used by things like Dimension (https://dimension.t2bot.io/).
@ -206,7 +206,7 @@ bridge:
# domain - All users on that homeserver # domain - All users on that homeserver
# mxid - Specific user # mxid - Specific user
permissions: permissions:
'{{ hostname_identity }}': full '{{ matrix_domain }}': full
# Options related to the message relay Telegram bot. # Options related to the message relay Telegram bot.
relaybot: relaybot:

View File

@ -1,9 +1,9 @@
# Homeserver details. # Homeserver details.
homeserver: homeserver:
# The address that this appservice can use to connect to the homeserver. # The address that this appservice can use to connect to the homeserver.
address: https://{{ hostname_matrix }} address: https://{{ matrix_server_fqn_matrix }}
# The domain of the homeserver (for MXIDs, etc). # The domain of the homeserver (for MXIDs, etc).
domain: {{ hostname_identity }} domain: {{ matrix_domain }}
# Application service host/registration related details. # Application service host/registration related details.
# Changing these values requires regeneration of the registration. # Changing these values requires regeneration of the registration.
@ -67,7 +67,7 @@ bridge:
# domain - All users on that homeserver # domain - All users on that homeserver
# mxid - Specific user # mxid - Specific user
permissions: permissions:
'{{ hostname_identity }}': user '{{ matrix_domain }}': user
# Logging config. # Logging config.
logging: logging:

View File

@ -5,7 +5,7 @@
# This is used by remote servers to connect to this server, # This is used by remote servers to connect to this server,
# e.g. matrix.org, localhost:8080, etc. # e.g. matrix.org, localhost:8080, etc.
# This is also the last part of your UserID. # This is also the last part of your UserID.
server_name: "{{ hostname_identity }}" server_name: "{{ matrix_domain }}"
# When running as a daemon, the file to store the pid in # When running as a daemon, the file to store the pid in
pid_file: /homeserver.pid pid_file: /homeserver.pid
@ -43,7 +43,7 @@ pid_file: /homeserver.pid
# enter into the 'custom HS URL' field on their client. If you # enter into the 'custom HS URL' field on their client. If you
# use synapse with a reverse proxy, this should be the URL to reach # use synapse with a reverse proxy, this should be the URL to reach
# synapse via the proxy. # synapse via the proxy.
public_baseurl: https://{{ hostname_matrix }}/ public_baseurl: https://{{ matrix_server_fqn_matrix }}/
# Set the soft limit on the number of file descriptors synapse can use # Set the soft limit on the number of file descriptors synapse can use
# Zero is used to indicate synapse should set the soft limit to the # Zero is used to indicate synapse should set the soft limit to the
@ -339,7 +339,7 @@ event_cache_size: "{{ matrix_synapse_event_cache_size }}"
# A yaml python logging config file # A yaml python logging config file
log_config: "/data/{{ hostname_matrix }}.log.config" log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
## Ratelimiting ## ## Ratelimiting ##
@ -660,7 +660,7 @@ form_secret: {{ matrix_synapse_form_secret|to_json }}
## Signing Keys ## ## Signing Keys ##
# Path to the signing key to sign messages with # Path to the signing key to sign messages with
signing_key_path: "/data/{{ hostname_matrix }}.signing.key" signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key"
# The keys that the server used to sign messages with but won't use # The keys that the server used to sign messages with but won't use
# to sign new messages. E.g. it has lost its private key # to sign new messages. E.g. it has lost its private key

View File

@ -2,5 +2,5 @@
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
matrix_synapse_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/versions" matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
matrix_synapse_federation_api_url_endpoint_public: "https://{{ hostname_matrix }}:8448/_matrix/federation/v1/version" matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"