mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-24 18:08:28 +01:00
Rename some variables
This commit is contained in:
parent
8cac29a5d5
commit
a43bcd81fe
15
CHANGELOG.md
15
CHANGELOG.md
@ -1,3 +1,18 @@
|
|||||||
|
# 2019-02-19
|
||||||
|
|
||||||
|
## Renaming variables
|
||||||
|
|
||||||
|
The following playbook variables were renamed:
|
||||||
|
|
||||||
|
- from `host_specific_hostname_identity` to `matrix_domain`
|
||||||
|
- from `hostname_identity` to `matrix_domain`
|
||||||
|
- from `hostname_matrix` to `matrix_server_fqn_matrix`
|
||||||
|
- from `hostname_riot` to `matrix_server_fqn_riot`
|
||||||
|
- from `host_specific_matrix_ssl_lets_encrypt_support_email` to `matrix_ssl_lets_encrypt_support_email`
|
||||||
|
|
||||||
|
Doing that, we've simplified things, made names less confusing (hopefully) and moved all variable names under the `matrix_` prefix.
|
||||||
|
|
||||||
|
|
||||||
# 2019-02-16
|
# 2019-02-16
|
||||||
|
|
||||||
## Riot v1.0.1 support
|
## Riot v1.0.1 support
|
||||||
|
@ -73,4 +73,4 @@ matrix_appservice_irc_configuration_extension_yaml: |
|
|||||||
lineLimit: 3
|
lineLimit: 3
|
||||||
```
|
```
|
||||||
|
|
||||||
You then need to start a chat with `@irc_bot:{{ hostname_identity }}`
|
You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
||||||
|
@ -12,4 +12,4 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
|
|||||||
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
|
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
|
||||||
```
|
```
|
||||||
|
|
||||||
You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
|
You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
||||||
|
@ -10,4 +10,4 @@ Use the following playbook configuration:
|
|||||||
matrix_mautrix_whatsapp_enabled: true
|
matrix_mautrix_whatsapp_enabled: true
|
||||||
```
|
```
|
||||||
|
|
||||||
You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
|
You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
||||||
|
@ -66,13 +66,13 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
|
|||||||
To do that, simply define your own custom configuration like this:
|
To do that, simply define your own custom configuration like this:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Note: we need to include the matrix (`hostname_matrix`) and riot (`hostname_riot`) domains explicitly.
|
# Note: we need to include the matrix (`matrix_server_fqn_matrix`) and riot (`matrix_server_fqn_riot`) domains explicitly.
|
||||||
# Your base domain is in the `hostname_identity` variable.
|
# Your base domain is in the `matrix_domain` variable.
|
||||||
# Adding any other additional domains (hosted on the same machine) is possible.
|
# Adding any other additional domains (hosted on the same machine) is possible.
|
||||||
matrix_ssl_domains_to_obtain_certificates_for:
|
matrix_ssl_domains_to_obtain_certificates_for:
|
||||||
- '{{ hostname_matrix }}'
|
- '{{ matrix_server_fqn_matrix }}'
|
||||||
- '{{ hostname_riot }}'
|
- '{{ matrix_server_fqn_riot }}'
|
||||||
- '{{ hostname_identity }}'
|
- '{{ matrix_domain }}'
|
||||||
```
|
```
|
||||||
|
|
||||||
After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:
|
After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:
|
||||||
|
@ -1,26 +1,21 @@
|
|||||||
# This is something which is provided to Let's Encrypt
|
# The bare domain name which represents your Matrix identity.
|
||||||
# when retrieving the SSL certificates for domains.
|
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
||||||
#
|
#
|
||||||
# In case SSL renewal fails at some point, you'll also get
|
# Note: this playbook does not touch the server referenced here.
|
||||||
# an email notification there.
|
# Installation happens on another server ("matrix.<matrix-domain>").
|
||||||
#
|
|
||||||
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
|
|
||||||
# you won't be required to define this variable
|
|
||||||
# (see `docs/configuring-playbook-ssl-certificates.md`).
|
|
||||||
#
|
|
||||||
# Example value: someone@example.com
|
|
||||||
host_specific_matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
|
|
||||||
|
|
||||||
# This is your bare domain name (`<your-domain>`).
|
|
||||||
#
|
|
||||||
# Note: the server specified here is not touched.
|
|
||||||
#
|
|
||||||
# This playbook only installs to `matrix.<your-domain>`,
|
|
||||||
# but it nevertheless requires to know the bare domain name
|
|
||||||
# (for configuration purposes).
|
|
||||||
#
|
#
|
||||||
# Example value: example.com
|
# Example value: example.com
|
||||||
host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE
|
matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
|
||||||
|
|
||||||
|
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
|
||||||
|
#
|
||||||
|
# In case SSL renewal fails at some point, you'll also get an email notification there.
|
||||||
|
#
|
||||||
|
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
|
||||||
|
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
|
||||||
|
#
|
||||||
|
# Example value: someone@example.com
|
||||||
|
matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
|
||||||
|
|
||||||
# A shared secret (between Coturn and Synapse) used for authentication.
|
# A shared secret (between Coturn and Synapse) used for authentication.
|
||||||
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
||||||
|
@ -112,7 +112,7 @@ matrix_mailer_enabled: true
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`).
|
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`).
|
||||||
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
|
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
|
||||||
matrix_mxisd_enabled: true
|
matrix_mxisd_enabled: true
|
||||||
|
|
||||||
@ -129,7 +129,7 @@ matrix_mxisd_synapsesql_type: postgresql
|
|||||||
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
|
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
|
||||||
|
|
||||||
matrix_mxisd_dns_overwrite_enabled: true
|
matrix_mxisd_dns_overwrite_enabled: true
|
||||||
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
|
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
||||||
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
|
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
|
||||||
|
|
||||||
# By default, we send mail through the `matrix-mailer` service.
|
# By default, we send mail through the `matrix-mailer` service.
|
||||||
@ -207,9 +207,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
|
|||||||
|
|
||||||
matrix_ssl_domains_to_obtain_certificates_for: |
|
matrix_ssl_domains_to_obtain_certificates_for: |
|
||||||
{{
|
{{
|
||||||
([hostname_matrix])
|
([matrix_server_fqn_matrix])
|
||||||
+
|
+
|
||||||
([hostname_riot] if matrix_riot_web_enabled else [])
|
([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
@ -247,7 +247,7 @@ matrix_postgres_db_name: "homeserver"
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
|
# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
|
||||||
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
|
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
|
||||||
matrix_riot_web_enabled: true
|
matrix_riot_web_enabled: true
|
||||||
|
|
||||||
@ -274,7 +274,7 @@ matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
|
|||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
# When mxisd is enabled, we can use it instead of the default public Identity servers.
|
# When mxisd is enabled, we can use it instead of the default public Identity servers.
|
||||||
matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
|
||||||
@ -303,13 +303,13 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
|
|||||||
matrix_synapse_email_smtp_port: 8025
|
matrix_synapse_email_smtp_port: 8025
|
||||||
matrix_synapse_email_smtp_require_transport_security: false
|
matrix_synapse_email_smtp_require_transport_security: false
|
||||||
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
|
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
|
||||||
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
|
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||||
|
|
||||||
matrix_synapse_turn_uris: |
|
matrix_synapse_turn_uris: |
|
||||||
{{
|
{{
|
||||||
[
|
[
|
||||||
'turn:' + hostname_matrix + ':3478?transport=udp',
|
'turn:' + matrix_server_fqn_matrix + ':3478?transport=udp',
|
||||||
'turn:' + hostname_matrix + ':3478?transport=tcp',
|
'turn:' + matrix_server_fqn_matrix + ':3478?transport=tcp',
|
||||||
]
|
]
|
||||||
if matrix_coturn_enabled
|
if matrix_coturn_enabled
|
||||||
else []
|
else []
|
||||||
|
@ -1,16 +1,19 @@
|
|||||||
# The bare hostname which represents your identity.
|
# The bare domain name which represents your Matrix identity.
|
||||||
# This is something like "example.com".
|
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
||||||
|
#
|
||||||
# Note: this playbook does not touch the server referenced here.
|
# Note: this playbook does not touch the server referenced here.
|
||||||
hostname_identity: "{{ host_specific_hostname_identity|lower }}"
|
# Installation happens on another server ("matrix.<matrix-domain>", see `matrix_server_fqn_matrix`).
|
||||||
|
#
|
||||||
|
# Example value: example.com
|
||||||
|
matrix_domain: ~
|
||||||
|
|
||||||
# This is where your data lives and what we set up here.
|
# This is where your data lives and what we set up.
|
||||||
# This and the Riot hostname (see below) are expected to be on the same server.
|
# This and the Riot FQN (see below) are expected to be on the same server.
|
||||||
hostname_matrix: "matrix.{{ hostname_identity }}"
|
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
|
||||||
|
|
||||||
# This is where you access the web UI from and what we set up here.
|
# This is where you access the web UI from and what we set up here.
|
||||||
# This and the Matrix hostname (see above) are expected to be on the same server.
|
# This and the Matrix FQN (see above) are expected to be on the same server.
|
||||||
hostname_riot: "riot.{{ hostname_identity }}"
|
matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
|
||||||
|
|
||||||
|
|
||||||
matrix_user_username: "matrix"
|
matrix_user_username: "matrix"
|
||||||
matrix_user_uid: 991
|
matrix_user_uid: 991
|
||||||
@ -21,7 +24,7 @@ matrix_base_data_path_mode: "750"
|
|||||||
|
|
||||||
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
||||||
|
|
||||||
matrix_homeserver_url: "https://{{ hostname_matrix }}"
|
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
matrix_identity_server_url: ~
|
matrix_identity_server_url: ~
|
||||||
|
|
||||||
@ -32,8 +35,8 @@ matrix_docker_network: "matrix"
|
|||||||
#
|
#
|
||||||
# If you wish to rely on DNS SRV records only, you can disable this.
|
# If you wish to rely on DNS SRV records only, you can disable this.
|
||||||
# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
|
# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
|
||||||
# using certificates for the base domain (`hostname_identity`) and not for the
|
# using certificates for the base domain (`matrix_domain`) and not for the
|
||||||
# matrix domain (`hostname_matrix`).
|
# matrix domain (`matrix_server_fqn_matrix`).
|
||||||
matrix_well_known_matrix_server_enabled: true
|
matrix_well_known_matrix_server_enabled: true
|
||||||
|
|
||||||
# Variables to Control which parts of our roles run.
|
# Variables to Control which parts of our roles run.
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
|
- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
|
||||||
when: run_setup
|
when: run_setup
|
||||||
tags:
|
tags:
|
||||||
@ -21,13 +25,9 @@
|
|||||||
- setup-synapse
|
- setup-synapse
|
||||||
- setup-nginx-proxy
|
- setup-nginx-proxy
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
|
- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
become: false
|
become: false
|
||||||
when: run_self_check
|
when: run_self_check
|
||||||
tags:
|
tags:
|
||||||
- self-check
|
- self-check
|
||||||
|
@ -15,15 +15,32 @@
|
|||||||
msg: "{{ matrix_ansible_outdated_fail_msg }}"
|
msg: "{{ matrix_ansible_outdated_fail_msg }}"
|
||||||
when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
|
when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
|
||||||
|
|
||||||
# This sanity check is only used to detect uppercase when people override these specific variables.
|
- name: (Deprecation) Catch and report renamed settings
|
||||||
#
|
fail:
|
||||||
# If people set `host_specific_hostname_identity` without overriding other variables (the general use-case),
|
msg: >-
|
||||||
# we take care to lower-case it automatically and it won't cause trouble anyway.
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
when: "item.old in vars"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
|
||||||
|
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
|
||||||
|
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
|
||||||
|
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
|
||||||
|
|
||||||
|
- name: Fail if required variables are undefined
|
||||||
|
fail:
|
||||||
|
msg: "The `{{ item }}` variable must be defined and have a non-null value"
|
||||||
|
with_items:
|
||||||
|
- matrix_domain
|
||||||
|
- matrix_server_fqn_matrix
|
||||||
|
- matrix_server_fqn_riot
|
||||||
|
when: "item not in vars or vars[item] is none"
|
||||||
|
|
||||||
- name: Fail if uppercase domain used
|
- name: Fail if uppercase domain used
|
||||||
fail:
|
fail:
|
||||||
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
|
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
|
||||||
when: "item != item|lower"
|
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ hostname_identity }}"
|
- "{{ matrix_domain }}"
|
||||||
- "{{ hostname_matrix }}"
|
- "{{ matrix_server_fqn_matrix }}"
|
||||||
- "{{ hostname_riot }}"
|
- "{{ matrix_server_fqn_riot }}"
|
||||||
|
when: "item != item|lower"
|
||||||
|
@ -4,16 +4,16 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
dns_srv_record_checks:
|
dns_srv_record_checks:
|
||||||
- service_and_protocol: "_matrix._tcp"
|
- service_and_protocol: "_matrix._tcp"
|
||||||
domain: "{{ (hostname_identity + '.') }}"
|
domain: "{{ (matrix_domain + '.') }}"
|
||||||
expected_target: "{{ (hostname_matrix + '.') }}"
|
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
|
||||||
expected_port: 8448
|
expected_port: 8448
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- set_fact:
|
- set_fact:
|
||||||
dns_srv_record_check_mxisd:
|
dns_srv_record_check_mxisd:
|
||||||
service_and_protocol: "_matrix-identity._tcp"
|
service_and_protocol: "_matrix-identity._tcp"
|
||||||
domain: "{{ (hostname_identity + '.') }}"
|
domain: "{{ (matrix_domain + '.') }}"
|
||||||
expected_target: "{{ (hostname_matrix + '.') }}"
|
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
|
||||||
expected_port: 443
|
expected_port: 443
|
||||||
|
|
||||||
- name: Determine domains that we require certificates for (mxisd)
|
- name: Determine domains that we require certificates for (mxisd)
|
||||||
@ -25,4 +25,4 @@
|
|||||||
include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
|
include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
|
||||||
with_items: "{{ dns_srv_record_checks }}"
|
with_items: "{{ dns_srv_record_checks }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: dns_srv_record_check
|
loop_var: dns_srv_record_check
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
{
|
{
|
||||||
"m.server": "{{ hostname_matrix }}:8448"
|
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,7 @@ if [ "$(id -u)" != "0" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "WARNING! You are about to remove everything the playbook installs for matrix.{{ host_specific_hostname_identity }}: matrix, docker images,..."
|
echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images,..."
|
||||||
echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'"
|
echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'"
|
||||||
read sure
|
read sure
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
|
|||||||
matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
|
matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
|
||||||
matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
|
matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
|
||||||
|
|
||||||
matrix_corporal_matrix_homeserver_domain_name: "{{ hostname_identity }}"
|
matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
|
||||||
|
|
||||||
# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008").
|
# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008").
|
||||||
# If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.
|
# If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
corporal_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/corporal"
|
corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal"
|
||||||
|
|
||||||
- name: Check Matrix Corporal HTTP gateway
|
- name: Check Matrix Corporal HTTP gateway
|
||||||
uri:
|
uri:
|
||||||
@ -13,9 +13,9 @@
|
|||||||
|
|
||||||
- name: Fail if Matrix Corporal HTTP gateway not working
|
- name: Fail if Matrix Corporal HTTP gateway not working
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
|
msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
|
||||||
when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content"
|
when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content"
|
||||||
|
|
||||||
- name: Report working Matrix Corporal HTTP gateway
|
- name: Report working Matrix Corporal HTTP gateway
|
||||||
debug:
|
debug:
|
||||||
msg: "Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"
|
msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
},
|
},
|
||||||
|
|
||||||
"Reconciliation": {
|
"Reconciliation": {
|
||||||
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ hostname_identity }}",
|
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}",
|
||||||
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
|
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
use-auth-secret
|
use-auth-secret
|
||||||
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
|
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
|
||||||
realm=turn.{{ hostname_matrix }}
|
realm=turn.{{ matrix_server_fqn_matrix }}
|
||||||
min-port={{ matrix_coturn_turn_udp_min_port }}
|
min-port={{ matrix_coturn_turn_udp_min_port }}
|
||||||
max-port={{ matrix_coturn_turn_udp_max_port }}
|
max-port={{ matrix_coturn_turn_udp_max_port }}
|
||||||
external-ip={{ matrix_coturn_turn_external_ip_address }}
|
external-ip={{ matrix_coturn_turn_external_ip_address }}
|
||||||
|
@ -9,7 +9,7 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0"
|
|||||||
matrix_mailer_container_user_uid: 100
|
matrix_mailer_container_user_uid: 100
|
||||||
matrix_mailer_container_user_gid: 101
|
matrix_mailer_container_user_gid: 101
|
||||||
|
|
||||||
matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
|
matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
|
||||||
matrix_mailer_relay_use: false
|
matrix_mailer_relay_use: false
|
||||||
matrix_mailer_relay_host_name: "mail.example.com"
|
matrix_mailer_relay_host_name: "mail.example.com"
|
||||||
matrix_mailer_relay_host_port: 587
|
matrix_mailer_relay_host_port: 587
|
||||||
|
@ -15,7 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
|||||||
--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
|
--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_mailer_base_path }}/env-mailer \
|
--env-file={{ matrix_mailer_base_path }}/env-mailer \
|
||||||
--hostname={{ hostname_matrix }} \
|
--hostname={{ matrix_server_fqn_matrix }} \
|
||||||
{{ matrix_mailer_docker_image }}
|
{{ matrix_mailer_docker_image }}
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mailer
|
ExecStop=-/usr/bin/docker kill matrix-mailer
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mailer
|
ExecStop=-/usr/bin/docker rm matrix-mailer
|
||||||
|
@ -29,7 +29,7 @@ matrix_mxisd_synapsesql_type: ""
|
|||||||
matrix_mxisd_synapsesql_connection: ""
|
matrix_mxisd_synapsesql_connection: ""
|
||||||
|
|
||||||
# Setting up email-sending settings is required for using mxisd.
|
# Setting up email-sending settings is required for using mxisd.
|
||||||
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ hostname_identity }}"
|
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
|
||||||
matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
|
matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
|
||||||
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
|
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
|
||||||
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
|
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
|
||||||
@ -40,7 +40,7 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
|
|||||||
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
|
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
|
||||||
# so that mxisd can rewrite the original URL to one that would reach the homeserver.
|
# so that mxisd can rewrite the original URL to one that would reach the homeserver.
|
||||||
matrix_mxisd_dns_overwrite_enabled: false
|
matrix_mxisd_dns_overwrite_enabled: false
|
||||||
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
|
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
||||||
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
|
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
|
||||||
|
|
||||||
# Default mxisd configuration template which covers the generic use case.
|
# Default mxisd configuration template which covers the generic use case.
|
||||||
@ -50,10 +50,10 @@ matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
|
|||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mxisd_configuration_yaml: |
|
matrix_mxisd_configuration_yaml: |
|
||||||
matrix:
|
matrix:
|
||||||
domain: {{ hostname_identity }}
|
domain: {{ matrix_domain }}
|
||||||
|
|
||||||
server:
|
server:
|
||||||
name: {{ hostname_matrix }}
|
name: {{ matrix_server_fqn_matrix }}
|
||||||
|
|
||||||
key:
|
key:
|
||||||
path: /var/mxisd/sign.key
|
path: /var/mxisd/sign.key
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
mxisd_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/identity/api/v1"
|
mxisd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1"
|
||||||
|
|
||||||
- name: Check mxisd Identity Service
|
- name: Check mxisd Identity Service
|
||||||
uri:
|
uri:
|
||||||
@ -12,9 +12,9 @@
|
|||||||
|
|
||||||
- name: Fail if mxisd Identity Service not working
|
- name: Fail if mxisd Identity Service not working
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking mxisd is up at `{{ hostname_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
|
msg: "Failed checking mxisd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
|
||||||
when: "result_mxisd.failed or 'json' not in result_mxisd"
|
when: "result_mxisd.failed or 'json' not in result_mxisd"
|
||||||
|
|
||||||
- name: Report working mxisd Identity Service
|
- name: Report working mxisd Identity Service
|
||||||
debug:
|
debug:
|
||||||
msg: "mxisd at `{{ hostname_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"
|
msg: "mxisd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"
|
||||||
|
@ -22,11 +22,11 @@ matrix_nginx_proxy_container_additional_volumes: []
|
|||||||
|
|
||||||
# Controls whether proxying the riot domain should be done.
|
# Controls whether proxying the riot domain should be done.
|
||||||
matrix_nginx_proxy_proxy_riot_enabled: false
|
matrix_nginx_proxy_proxy_riot_enabled: false
|
||||||
matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"
|
matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
|
||||||
|
|
||||||
# Controls whether proxying the matrix domain should be done.
|
# Controls whether proxying the matrix domain should be done.
|
||||||
matrix_nginx_proxy_proxy_matrix_enabled: false
|
matrix_nginx_proxy_proxy_matrix_enabled: false
|
||||||
matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}"
|
matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
|
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
|
||||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
|
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
|
||||||
@ -92,7 +92,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
|
|||||||
# obeying the following hierarchy:
|
# obeying the following hierarchy:
|
||||||
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
||||||
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
||||||
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
|
||||||
#
|
#
|
||||||
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
|
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
|
||||||
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
|
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
|
||||||
@ -106,7 +106,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
|
|||||||
matrix_ssl_lets_encrypt_staging: false
|
matrix_ssl_lets_encrypt_staging: false
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
|
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
|
||||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||||
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
|
matrix_ssl_lets_encrypt_support_email: ~
|
||||||
|
|
||||||
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
|
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
|
||||||
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
|
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}"
|
well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
|
||||||
well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}"
|
well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
|
||||||
|
|
||||||
# These well-known files may be served without a `Content-Type: application/json` header,
|
# These well-known files may be served without a `Content-Type: application/json` header,
|
||||||
# so we can't rely on the uri module's automatic parsing of JSON.
|
# so we can't rely on the uri module's automatic parsing of JSON.
|
||||||
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
- name: Fail if .well-known not working on the matrix hostname
|
- name: Fail if .well-known not working on the matrix hostname
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
||||||
when: "result_well_known_matrix.failed"
|
when: "result_well_known_matrix.failed"
|
||||||
|
|
||||||
- name: Parse JSON for well-known payload at the matrix hostname
|
- name: Parse JSON for well-known payload at the matrix hostname
|
||||||
@ -25,12 +25,12 @@
|
|||||||
|
|
||||||
- name: Fail if .well-known not CORS-aware on the matrix hostname
|
- name: Fail if .well-known not CORS-aware on the matrix hostname
|
||||||
fail:
|
fail:
|
||||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
||||||
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
|
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
|
||||||
|
|
||||||
- name: Report working .well-known on the matrix hostname
|
- name: Report working .well-known on the matrix hostname
|
||||||
debug:
|
debug:
|
||||||
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
||||||
|
|
||||||
- name: Check .well-known on the identity hostname
|
- name: Check .well-known on the identity hostname
|
||||||
uri:
|
uri:
|
||||||
@ -42,7 +42,7 @@
|
|||||||
|
|
||||||
- name: Fail if .well-known not working on the identity hostname
|
- name: Fail if .well-known not working on the identity hostname
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
||||||
when: "result_well_known_identity.failed"
|
when: "result_well_known_identity.failed"
|
||||||
|
|
||||||
- name: Parse JSON for well-known payload at the identity hostname
|
- name: Parse JSON for well-known payload at the identity hostname
|
||||||
@ -51,15 +51,15 @@
|
|||||||
|
|
||||||
- name: Fail if .well-known not CORS-aware on the identity hostname
|
- name: Fail if .well-known not CORS-aware on the identity hostname
|
||||||
fail:
|
fail:
|
||||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
||||||
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
|
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
|
||||||
|
|
||||||
# For people who manually copy the well-known file, try to detect if it's outdated
|
# For people who manually copy the well-known file, try to detect if it's outdated
|
||||||
- name: Fail if well-known is different on matrix hostname and identity hostname
|
- name: Fail if well-known is different on matrix hostname and identity hostname
|
||||||
fail:
|
fail:
|
||||||
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
||||||
when: "well_known_matrix_payload != well_known_identity_payload"
|
when: "well_known_matrix_payload != well_known_identity_payload"
|
||||||
|
|
||||||
- name: Report working .well-known on the identity hostname
|
- name: Report working .well-known on the identity hostname
|
||||||
debug:
|
debug:
|
||||||
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|
||||||
|
@ -16,10 +16,22 @@
|
|||||||
# Tasks related to setting up Let's Encrypt's management of certificates
|
# Tasks related to setting up Let's Encrypt's management of certificates
|
||||||
#
|
#
|
||||||
|
|
||||||
- name: (Deprecation) Fail if using outdated configuration
|
- name: (Deprecation) Catch and report renamed settings
|
||||||
fail:
|
fail:
|
||||||
msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!"
|
msg: >-
|
||||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined"
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
with_items:
|
||||||
|
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||||
|
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||||
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"
|
||||||
|
|
||||||
|
- name: Fail if required variables are undefined
|
||||||
|
fail:
|
||||||
|
msg: "Detected an undefined required variable"
|
||||||
|
with_items:
|
||||||
|
- "{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||||
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none"
|
||||||
|
|
||||||
- name: Allow access to HTTP/HTTPS in firewalld
|
- name: Allow access to HTTP/HTTPS in firewalld
|
||||||
firewalld:
|
firewalld:
|
||||||
@ -111,4 +123,4 @@
|
|||||||
file:
|
file:
|
||||||
path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
|
path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
|
||||||
state: absent
|
state: absent
|
||||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||||
|
@ -13,4 +13,4 @@ docker run \
|
|||||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
||||||
--network {{ matrix_docker_network }} \
|
--network {{ matrix_docker_network }} \
|
||||||
{{ matrix_postgres_docker_image_to_use }} \
|
{{ matrix_postgres_docker_image_to_use }} \
|
||||||
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ host_specific_hostname_identity }}'"
|
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
riot_web_url_endpoint_public: "https://{{ hostname_riot }}/config.json"
|
riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"
|
||||||
|
|
||||||
- name: Check riot-web
|
- name: Check riot-web
|
||||||
uri:
|
uri:
|
||||||
@ -12,9 +12,9 @@
|
|||||||
|
|
||||||
- name: Fail if riot-web not working
|
- name: Fail if riot-web not working
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking riot-web is up at `{{ hostname_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
|
msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
|
||||||
when: "result_riot_web.failed or 'json' not in result_riot_web"
|
when: "result_riot_web.failed or 'json' not in result_riot_web"
|
||||||
|
|
||||||
- name: Report working riot-web
|
- name: Report working riot-web
|
||||||
debug:
|
debug:
|
||||||
msg: "riot-web at `{{ hostname_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
|
msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
|
||||||
|
@ -71,8 +71,8 @@ matrix_synapse_rc_message_burst_count: 10.0
|
|||||||
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
|
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
|
||||||
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
|
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
|
||||||
matrix_synapse_tls_federation_listener_enabled: true
|
matrix_synapse_tls_federation_listener_enabled: true
|
||||||
matrix_synapse_tls_certificate_path: "/data/{{ hostname_matrix }}.tls.crt"
|
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
|
||||||
matrix_synapse_tls_private_key_path: "/data/{{ hostname_matrix }}.tls.key"
|
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
|
||||||
|
|
||||||
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
||||||
# (things like number of users, number of messages sent, uptime, load, etc.)
|
# (things like number of users, number of messages sent, uptime, load, etc.)
|
||||||
@ -155,8 +155,8 @@ matrix_synapse_email_enabled: false
|
|||||||
matrix_synapse_email_smtp_host: ""
|
matrix_synapse_email_smtp_host: ""
|
||||||
matrix_synapse_email_smtp_port: 587
|
matrix_synapse_email_smtp_port: 587
|
||||||
matrix_synapse_email_smtp_require_transport_security: false
|
matrix_synapse_email_smtp_require_transport_security: false
|
||||||
matrix_synapse_email_notif_from: "Matrix <matrix@{{ hostname_identity }}>"
|
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
||||||
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
|
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||||
|
|
||||||
|
|
||||||
# Enable this to activate the REST auth password provider module.
|
# Enable this to activate the REST auth password provider module.
|
||||||
@ -229,8 +229,8 @@ matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
|||||||
|
|
||||||
matrix_appservice_irc_configuration_yaml: |
|
matrix_appservice_irc_configuration_yaml: |
|
||||||
homeserver:
|
homeserver:
|
||||||
url: "https://{{ hostname_matrix }}"
|
url: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
domain: "{{ hostname_identity }}"
|
domain: "{{ matrix_domain }}"
|
||||||
enablePresence: true
|
enablePresence: true
|
||||||
|
|
||||||
matrix_appservice_irc_configuration_extension_yaml: |
|
matrix_appservice_irc_configuration_extension_yaml: |
|
||||||
|
@ -9,9 +9,9 @@
|
|||||||
|
|
||||||
- name: Fail if Matrix Client API not working
|
- name: Fail if Matrix Client API not working
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking Matrix Client API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
|
msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
|
||||||
when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api"
|
when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api"
|
||||||
|
|
||||||
- name: Report working Matrix Client API
|
- name: Report working Matrix Client API
|
||||||
debug:
|
debug:
|
||||||
msg: "The Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
|
msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
|
||||||
|
@ -10,9 +10,9 @@
|
|||||||
|
|
||||||
- name: Fail if Matrix Federation API not working
|
- name: Fail if Matrix Federation API not working
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking Matrix Federation API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
||||||
when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api"
|
when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api"
|
||||||
|
|
||||||
- name: Report working Matrix Federation API
|
- name: Report working Matrix Federation API
|
||||||
debug:
|
debug:
|
||||||
msg: "The Matrix Federation API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
|
msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
|
||||||
|
@ -41,7 +41,7 @@
|
|||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
-v {{ matrix_synapse_config_dir_path }}:/data
|
-v {{ matrix_synapse_config_dir_path }}:/data
|
||||||
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||||
-e SYNAPSE_SERVER_NAME={{ hostname_matrix }}
|
-e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }}
|
||||||
-e SYNAPSE_REPORT_STATS=no
|
-e SYNAPSE_REPORT_STATS=no
|
||||||
{{ matrix_synapse_docker_image }}
|
{{ matrix_synapse_docker_image }}
|
||||||
generate
|
generate
|
||||||
@ -56,7 +56,7 @@
|
|||||||
- name: Ensure Matrix log config installed
|
- name: Ensure Matrix log config installed
|
||||||
template:
|
template:
|
||||||
src: "{{ matrix_synapse_template_synapse_log }}"
|
src: "{{ matrix_synapse_template_synapse_log }}"
|
||||||
dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config"
|
dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Ensure matrix-synapse.service installed
|
- name: Ensure matrix-synapse.service installed
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
|
|
||||||
- name: (Deprecation) Catch and report renamed settings
|
- name: (Deprecation) Catch and report renamed settings
|
||||||
fail:
|
fail:
|
||||||
msg: >
|
msg: >-
|
||||||
Your configuration contains a variable, which now has a different name.
|
Your configuration contains a variable, which now has a different name.
|
||||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
when: "item.old in vars"
|
when: "item.old in vars"
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
# Homeserver details
|
# Homeserver details
|
||||||
homeserver:
|
homeserver:
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
address: https://{{ hostname_matrix }}
|
address: https://{{ matrix_server_fqn_matrix }}
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
domain: {{ hostname_identity }}
|
domain: {{ matrix_domain }}
|
||||||
# Whether or not to verify the SSL certificate of the homeserver.
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
# Only applies if address starts with https://
|
# Only applies if address starts with https://
|
||||||
verify_ssl: true
|
verify_ssl: true
|
||||||
@ -38,7 +38,7 @@ appservice:
|
|||||||
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
||||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||||
# implicitly.
|
# implicitly.
|
||||||
external: https://{{ hostname_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
|
external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
|
||||||
|
|
||||||
# Provisioning API part of the web server for automated portal creation and fetching information.
|
# Provisioning API part of the web server for automated portal creation and fetching information.
|
||||||
# Used by things like Dimension (https://dimension.t2bot.io/).
|
# Used by things like Dimension (https://dimension.t2bot.io/).
|
||||||
@ -206,7 +206,7 @@ bridge:
|
|||||||
# domain - All users on that homeserver
|
# domain - All users on that homeserver
|
||||||
# mxid - Specific user
|
# mxid - Specific user
|
||||||
permissions:
|
permissions:
|
||||||
'{{ hostname_identity }}': full
|
'{{ matrix_domain }}': full
|
||||||
|
|
||||||
# Options related to the message relay Telegram bot.
|
# Options related to the message relay Telegram bot.
|
||||||
relaybot:
|
relaybot:
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
# Homeserver details.
|
# Homeserver details.
|
||||||
homeserver:
|
homeserver:
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
address: https://{{ hostname_matrix }}
|
address: https://{{ matrix_server_fqn_matrix }}
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
domain: {{ hostname_identity }}
|
domain: {{ matrix_domain }}
|
||||||
|
|
||||||
# Application service host/registration related details.
|
# Application service host/registration related details.
|
||||||
# Changing these values requires regeneration of the registration.
|
# Changing these values requires regeneration of the registration.
|
||||||
@ -67,7 +67,7 @@ bridge:
|
|||||||
# domain - All users on that homeserver
|
# domain - All users on that homeserver
|
||||||
# mxid - Specific user
|
# mxid - Specific user
|
||||||
permissions:
|
permissions:
|
||||||
'{{ hostname_identity }}': user
|
'{{ matrix_domain }}': user
|
||||||
|
|
||||||
# Logging config.
|
# Logging config.
|
||||||
logging:
|
logging:
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# This is used by remote servers to connect to this server,
|
# This is used by remote servers to connect to this server,
|
||||||
# e.g. matrix.org, localhost:8080, etc.
|
# e.g. matrix.org, localhost:8080, etc.
|
||||||
# This is also the last part of your UserID.
|
# This is also the last part of your UserID.
|
||||||
server_name: "{{ hostname_identity }}"
|
server_name: "{{ matrix_domain }}"
|
||||||
|
|
||||||
# When running as a daemon, the file to store the pid in
|
# When running as a daemon, the file to store the pid in
|
||||||
pid_file: /homeserver.pid
|
pid_file: /homeserver.pid
|
||||||
@ -43,7 +43,7 @@ pid_file: /homeserver.pid
|
|||||||
# enter into the 'custom HS URL' field on their client. If you
|
# enter into the 'custom HS URL' field on their client. If you
|
||||||
# use synapse with a reverse proxy, this should be the URL to reach
|
# use synapse with a reverse proxy, this should be the URL to reach
|
||||||
# synapse via the proxy.
|
# synapse via the proxy.
|
||||||
public_baseurl: https://{{ hostname_matrix }}/
|
public_baseurl: https://{{ matrix_server_fqn_matrix }}/
|
||||||
|
|
||||||
# Set the soft limit on the number of file descriptors synapse can use
|
# Set the soft limit on the number of file descriptors synapse can use
|
||||||
# Zero is used to indicate synapse should set the soft limit to the
|
# Zero is used to indicate synapse should set the soft limit to the
|
||||||
@ -339,7 +339,7 @@ event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
|||||||
|
|
||||||
|
|
||||||
# A yaml python logging config file
|
# A yaml python logging config file
|
||||||
log_config: "/data/{{ hostname_matrix }}.log.config"
|
log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
|
||||||
|
|
||||||
|
|
||||||
## Ratelimiting ##
|
## Ratelimiting ##
|
||||||
@ -660,7 +660,7 @@ form_secret: {{ matrix_synapse_form_secret|to_json }}
|
|||||||
## Signing Keys ##
|
## Signing Keys ##
|
||||||
|
|
||||||
# Path to the signing key to sign messages with
|
# Path to the signing key to sign messages with
|
||||||
signing_key_path: "/data/{{ hostname_matrix }}.signing.key"
|
signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key"
|
||||||
|
|
||||||
# The keys that the server used to sign messages with but won't use
|
# The keys that the server used to sign messages with but won't use
|
||||||
# to sign new messages. E.g. it has lost its private key
|
# to sign new messages. E.g. it has lost its private key
|
||||||
|
@ -2,5 +2,5 @@
|
|||||||
|
|
||||||
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
||||||
|
|
||||||
matrix_synapse_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/versions"
|
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
|
||||||
matrix_synapse_federation_api_url_endpoint_public: "https://{{ hostname_matrix }}:8448/_matrix/federation/v1/version"
|
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"
|
||||||
|
Loading…
Reference in New Issue
Block a user