Lowercase host_specific_hostname_identity to prevent troubles

If uppercase is used, certain tools (like certbot) would cause trouble.
They would retrieve a certificate for the lowercased domain name,
but we'd try to use it from an uppercase-named directory, which will
fail.

Besides certbot, we may experience other trouble too.
(it hasn't been investigated how far the breakage goes).

To fix it all, we lowercase `host_specific_hostname_identity` by default,
which takes care of the general use-case (people only setting that
and relying on us to build the other domain names - `hostname_matrix`
and `hostname_riot`).

For others, who decide to override these other variables directly
(and who may work around us and introduce uppercase there directly),
we also have the sanity-check tool warn if uppercase is detected
in any of the final domains.
This commit is contained in:
Slavi Pantaleev 2018-12-23 19:20:53 +02:00
parent fe9b9773c0
commit b9b5674b8a
2 changed files with 15 additions and 2 deletions

View File

@ -1,7 +1,7 @@
# The bare hostname which represents your identity. # The bare hostname which represents your identity.
# This is something like "example.com". # This is something like "example.com".
# Note: this playbook does not touch the server referenced here. # Note: this playbook does not touch the server referenced here.
hostname_identity: "{{ host_specific_hostname_identity }}" hostname_identity: "{{ host_specific_hostname_identity|lower }}"
# This is where your data lives and what we set up here. # This is where your data lives and what we set up here.
# This and the Riot hostname (see below) are expected to be on the same server. # This and the Riot hostname (see below) are expected to be on the same server.

View File

@ -9,3 +9,16 @@
fail: fail:
msg: "You need to set a secret in the matrix_coturn_turn_static_auth_secret variable" msg: "You need to set a secret in the matrix_coturn_turn_static_auth_secret variable"
when: "matrix_coturn_turn_static_auth_secret == ''" when: "matrix_coturn_turn_static_auth_secret == ''"
# This sanity check is only used to detect uppercase when people override these specific variables.
#
# If people set `host_specific_hostname_identity` without overriding other variables (the general use-case),
# we take care to lower-case it automatically and it won't cause trouble anyway.
- name: Fail if uppercase domain used
fail:
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
when: "item != item|lower"
with_items:
- "{{ hostname_identity }}"
- "{{ hostname_matrix }}"
- "{{ hostname_riot }}"