Rename some variables

development
Slavi Pantaleev 6 years ago
parent 8cac29a5d5
commit a43bcd81fe

@ -1,3 +1,18 @@
# 2019-02-19
## Renaming variables
The following playbook variables were renamed:
- from `host_specific_hostname_identity` to `matrix_domain`
- from `hostname_identity` to `matrix_domain`
- from `hostname_matrix` to `matrix_server_fqn_matrix`
- from `hostname_riot` to `matrix_server_fqn_riot`
- from `host_specific_matrix_ssl_lets_encrypt_support_email` to `matrix_ssl_lets_encrypt_support_email`
Doing that, we've simplified things, made names less confusing (hopefully) and moved all variable names under the `matrix_` prefix.
# 2019-02-16
## Riot v1.0.1 support

@ -73,4 +73,4 @@ matrix_appservice_irc_configuration_extension_yaml: |
lineLimit: 3
```
You then need to start a chat with `@irc_bot:{{ hostname_identity }}`
You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

@ -12,4 +12,4 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
```
You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

@ -10,4 +10,4 @@ Use the following playbook configuration:
matrix_mautrix_whatsapp_enabled: true
```
You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

@ -66,13 +66,13 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
To do that, simply define your own custom configuration like this:
```yaml
# Note: we need to include the matrix (`hostname_matrix`) and riot (`hostname_riot`) domains explicitly.
# Your base domain is in the `hostname_identity` variable.
# Note: we need to include the matrix (`matrix_server_fqn_matrix`) and riot (`matrix_server_fqn_riot`) domains explicitly.
# Your base domain is in the `matrix_domain` variable.
# Adding any other additional domains (hosted on the same machine) is possible.
matrix_ssl_domains_to_obtain_certificates_for:
- '{{ hostname_matrix }}'
- '{{ hostname_riot }}'
- '{{ hostname_identity }}'
- '{{ matrix_server_fqn_matrix }}'
- '{{ matrix_server_fqn_riot }}'
- '{{ matrix_domain }}'
```
After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:

@ -1,26 +1,21 @@
# This is something which is provided to Let's Encrypt
# when retrieving the SSL certificates for domains.
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# In case SSL renewal fails at some point, you'll also get
# an email notification there.
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable
# (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
host_specific_matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
# Example value: example.com
matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# This is your bare domain name (`<your-domain>`).
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# Note: the server specified here is not touched.
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# This playbook only installs to `matrix.<your-domain>`,
# but it nevertheless requires to know the bare domain name
# (for configuration purposes).
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: example.com
host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).

@ -112,7 +112,7 @@ matrix_mailer_enabled: true
#
######################################################################
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`).
# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`).
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
matrix_mxisd_enabled: true
@ -129,7 +129,7 @@ matrix_mxisd_synapsesql_type: postgresql
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
matrix_mxisd_dns_overwrite_enabled: true
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
# By default, we send mail through the `matrix-mailer` service.
@ -207,9 +207,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
matrix_ssl_domains_to_obtain_certificates_for: |
{{
([hostname_matrix])
([matrix_server_fqn_matrix])
+
([hostname_riot] if matrix_riot_web_enabled else [])
([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
}}
######################################################################
@ -247,7 +247,7 @@ matrix_postgres_db_name: "homeserver"
#
######################################################################
# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_riot_web_enabled: true
@ -274,7 +274,7 @@ matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
######################################################################
# When mxisd is enabled, we can use it instead of the default public Identity servers.
matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
@ -303,13 +303,13 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
matrix_synapse_email_smtp_port: 8025
matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
matrix_synapse_turn_uris: |
{{
[
'turn:' + hostname_matrix + ':3478?transport=udp',
'turn:' + hostname_matrix + ':3478?transport=tcp',
'turn:' + matrix_server_fqn_matrix + ':3478?transport=udp',
'turn:' + matrix_server_fqn_matrix + ':3478?transport=tcp',
]
if matrix_coturn_enabled
else []

@ -1,16 +1,19 @@
# The bare hostname which represents your identity.
# This is something like "example.com".
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here.
hostname_identity: "{{ host_specific_hostname_identity|lower }}"
# Installation happens on another server ("matrix.<matrix-domain>", see `matrix_server_fqn_matrix`).
#
# Example value: example.com
matrix_domain: ~
# This is where your data lives and what we set up here.
# This and the Riot hostname (see below) are expected to be on the same server.
hostname_matrix: "matrix.{{ hostname_identity }}"
# This is where your data lives and what we set up.
# This and the Riot FQN (see below) are expected to be on the same server.
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
# This is where you access the web UI from and what we set up here.
# This and the Matrix hostname (see above) are expected to be on the same server.
hostname_riot: "riot.{{ hostname_identity }}"
# This and the Matrix FQN (see above) are expected to be on the same server.
matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
matrix_user_username: "matrix"
matrix_user_uid: 991
@ -21,7 +24,7 @@ matrix_base_data_path_mode: "750"
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
matrix_homeserver_url: "https://{{ hostname_matrix }}"
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
matrix_identity_server_url: ~
@ -32,8 +35,8 @@ matrix_docker_network: "matrix"
#
# If you wish to rely on DNS SRV records only, you can disable this.
# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
# using certificates for the base domain (`hostname_identity`) and not for the
# matrix domain (`hostname_matrix`).
# using certificates for the base domain (`matrix_domain`) and not for the
# matrix domain (`matrix_server_fqn_matrix`).
matrix_well_known_matrix_server_enabled: true
# Variables to Control which parts of our roles run.

@ -1,3 +1,7 @@
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
when: run_setup
tags:
@ -21,10 +25,6 @@
- setup-synapse
- setup-nginx-proxy
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
delegate_to: 127.0.0.1
become: false

@ -15,15 +15,32 @@
msg: "{{ matrix_ansible_outdated_fail_msg }}"
when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
# This sanity check is only used to detect uppercase when people override these specific variables.
#
# If people set `host_specific_hostname_identity` without overriding other variables (the general use-case),
# we take care to lower-case it automatically and it won't cause trouble anyway.
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
- name: Fail if required variables are undefined
fail:
msg: "The `{{ item }}` variable must be defined and have a non-null value"
with_items:
- matrix_domain
- matrix_server_fqn_matrix
- matrix_server_fqn_riot
when: "item not in vars or vars[item] is none"
- name: Fail if uppercase domain used
fail:
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
when: "item != item|lower"
with_items:
- "{{ hostname_identity }}"
- "{{ hostname_matrix }}"
- "{{ hostname_riot }}"
- "{{ matrix_domain }}"
- "{{ matrix_server_fqn_matrix }}"
- "{{ matrix_server_fqn_riot }}"
when: "item != item|lower"

@ -4,16 +4,16 @@
set_fact:
dns_srv_record_checks:
- service_and_protocol: "_matrix._tcp"
domain: "{{ (hostname_identity + '.') }}"
expected_target: "{{ (hostname_matrix + '.') }}"
domain: "{{ (matrix_domain + '.') }}"
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
expected_port: 8448
- block:
- set_fact:
dns_srv_record_check_mxisd:
service_and_protocol: "_matrix-identity._tcp"
domain: "{{ (hostname_identity + '.') }}"
expected_target: "{{ (hostname_matrix + '.') }}"
domain: "{{ (matrix_domain + '.') }}"
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
expected_port: 443
- name: Determine domains that we require certificates for (mxisd)

@ -1,3 +1,3 @@
{
"m.server": "{{ hostname_matrix }}:8448"
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
}

@ -5,7 +5,7 @@ if [ "$(id -u)" != "0" ]; then
exit 1
fi
echo "WARNING! You are about to remove everything the playbook installs for matrix.{{ host_specific_hostname_identity }}: matrix, docker images,..."
echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images,..."
echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'"
read sure

@ -15,7 +15,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
matrix_corporal_matrix_homeserver_domain_name: "{{ hostname_identity }}"
matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008").
# If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.

@ -1,7 +1,7 @@
---
- set_fact:
corporal_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/corporal"
corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal"
- name: Check Matrix Corporal HTTP gateway
uri:
@ -13,9 +13,9 @@
- name: Fail if Matrix Corporal HTTP gateway not working
fail:
msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content"
- name: Report working Matrix Corporal HTTP gateway
debug:
msg: "Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"
msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"

@ -8,7 +8,7 @@
},
"Reconciliation": {
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ hostname_identity }}",
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}",
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
},

@ -1,6 +1,6 @@
use-auth-secret
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
realm=turn.{{ hostname_matrix }}
realm=turn.{{ matrix_server_fqn_matrix }}
min-port={{ matrix_coturn_turn_udp_min_port }}
max-port={{ matrix_coturn_turn_udp_max_port }}
external-ip={{ matrix_coturn_turn_external_ip_address }}

@ -9,7 +9,7 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0"
matrix_mailer_container_user_uid: 100
matrix_mailer_container_user_gid: 101
matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
matrix_mailer_relay_use: false
matrix_mailer_relay_host_name: "mail.example.com"
matrix_mailer_relay_host_port: 587

@ -15,7 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_mailer_base_path }}/env-mailer \
--hostname={{ hostname_matrix }} \
--hostname={{ matrix_server_fqn_matrix }} \
{{ matrix_mailer_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mailer
ExecStop=-/usr/bin/docker rm matrix-mailer

@ -29,7 +29,7 @@ matrix_mxisd_synapsesql_type: ""
matrix_mxisd_synapsesql_connection: ""
# Setting up email-sending settings is required for using mxisd.
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ hostname_identity }}"
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
@ -40,7 +40,7 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
# so that mxisd can rewrite the original URL to one that would reach the homeserver.
matrix_mxisd_dns_overwrite_enabled: false
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# Default mxisd configuration template which covers the generic use case.
@ -50,10 +50,10 @@ matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
# or completely replace this variable with your own template.
matrix_mxisd_configuration_yaml: |
matrix:
domain: {{ hostname_identity }}
domain: {{ matrix_domain }}
server:
name: {{ hostname_matrix }}
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/mxisd/sign.key

@ -1,7 +1,7 @@
---
- set_fact:
mxisd_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/identity/api/v1"
mxisd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1"
- name: Check mxisd Identity Service
uri:
@ -12,9 +12,9 @@
- name: Fail if mxisd Identity Service not working
fail:
msg: "Failed checking mxisd is up at `{{ hostname_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
msg: "Failed checking mxisd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
when: "result_mxisd.failed or 'json' not in result_mxisd"
- name: Report working mxisd Identity Service
debug:
msg: "mxisd at `{{ hostname_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"
msg: "mxisd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"

@ -22,11 +22,11 @@ matrix_nginx_proxy_container_additional_volumes: []
# Controls whether proxying the riot domain should be done.
matrix_nginx_proxy_proxy_riot_enabled: false
matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"
matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
# Controls whether proxying the matrix domain should be done.
matrix_nginx_proxy_proxy_matrix_enabled: false
matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}"
matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
@ -92,7 +92,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
# obeying the following hierarchy:
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
#
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
@ -106,7 +106,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
matrix_ssl_lets_encrypt_support_email: ~
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"

@ -1,8 +1,8 @@
---
- set_fact:
well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}"
well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}"
well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
# These well-known files may be served without a `Content-Type: application/json` header,
# so we can't rely on the uri module's automatic parsing of JSON.
@ -16,7 +16,7 @@
- name: Fail if .well-known not working on the matrix hostname
fail:
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
when: "result_well_known_matrix.failed"
- name: Parse JSON for well-known payload at the matrix hostname
@ -25,12 +25,12 @@
- name: Fail if .well-known not CORS-aware on the matrix hostname
fail:
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
- name: Report working .well-known on the matrix hostname
debug:
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
- name: Check .well-known on the identity hostname
uri:
@ -42,7 +42,7 @@
- name: Fail if .well-known not working on the identity hostname
fail:
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
when: "result_well_known_identity.failed"
- name: Parse JSON for well-known payload at the identity hostname
@ -51,15 +51,15 @@
- name: Fail if .well-known not CORS-aware on the identity hostname
fail:
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
# For people who manually copy the well-known file, try to detect if it's outdated
- name: Fail if well-known is different on matrix hostname and identity hostname
fail:
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
when: "well_known_matrix_payload != well_known_identity_payload"
- name: Report working .well-known on the identity hostname
debug:
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"

@ -16,10 +16,22 @@
# Tasks related to setting up Let's Encrypt's management of certificates
#
- name: (Deprecation) Fail if using outdated configuration
- name: (Deprecation) Catch and report renamed settings
fail:
msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!"
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined"
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
with_items:
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"
- name: Fail if required variables are undefined
fail:
msg: "Detected an undefined required variable"
with_items:
- "{{ matrix_ssl_lets_encrypt_support_email }}"
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none"
- name: Allow access to HTTP/HTTPS in firewalld
firewalld:

@ -13,4 +13,4 @@ docker run \
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
--network {{ matrix_docker_network }} \
{{ matrix_postgres_docker_image_to_use }} \
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ host_specific_hostname_identity }}'"
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"

@ -1,7 +1,7 @@
---
- set_fact:
riot_web_url_endpoint_public: "https://{{ hostname_riot }}/config.json"
riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"
- name: Check riot-web
uri:
@ -12,9 +12,9 @@
- name: Fail if riot-web not working
fail:
msg: "Failed checking riot-web is up at `{{ hostname_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
when: "result_riot_web.failed or 'json' not in result_riot_web"
- name: Report working riot-web
debug:
msg: "riot-web at `{{ hostname_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"

@ -71,8 +71,8 @@ matrix_synapse_rc_message_burst_count: 10.0
# If you're serving Synapse behind an HTTPS-capable reverse-proxy,
# you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
matrix_synapse_tls_federation_listener_enabled: true
matrix_synapse_tls_certificate_path: "/data/{{ hostname_matrix }}.tls.crt"
matrix_synapse_tls_private_key_path: "/data/{{ hostname_matrix }}.tls.key"
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
# (things like number of users, number of messages sent, uptime, load, etc.)
@ -155,8 +155,8 @@ matrix_synapse_email_enabled: false
matrix_synapse_email_smtp_host: ""
matrix_synapse_email_smtp_port: 587
matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <matrix@{{ hostname_identity }}>"
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
# Enable this to activate the REST auth password provider module.
@ -229,8 +229,8 @@ matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
matrix_appservice_irc_configuration_yaml: |
homeserver:
url: "https://{{ hostname_matrix }}"
domain: "{{ hostname_identity }}"
url: "https://{{ matrix_server_fqn_matrix }}"
domain: "{{ matrix_domain }}"
enablePresence: true
matrix_appservice_irc_configuration_extension_yaml: |

@ -9,9 +9,9 @@
- name: Fail if Matrix Client API not working
fail:
msg: "Failed checking Matrix Client API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api"
- name: Report working Matrix Client API
debug:
msg: "The Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"

@ -10,9 +10,9 @@
- name: Fail if Matrix Federation API not working
fail:
msg: "Failed checking Matrix Federation API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api"
- name: Report working Matrix Federation API
debug:
msg: "The Matrix Federation API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"

@ -41,7 +41,7 @@
--cap-drop=ALL
-v {{ matrix_synapse_config_dir_path }}:/data
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
-e SYNAPSE_SERVER_NAME={{ hostname_matrix }}
-e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }}
-e SYNAPSE_REPORT_STATS=no
{{ matrix_synapse_docker_image }}
generate
@ -56,7 +56,7 @@
- name: Ensure Matrix log config installed
template:
src: "{{ matrix_synapse_template_synapse_log }}"
dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config"
dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config"
mode: 0644
- name: Ensure matrix-synapse.service installed

@ -10,7 +10,7 @@
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"

@ -1,9 +1,9 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://{{ hostname_matrix }}
address: https://{{ matrix_server_fqn_matrix }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ hostname_identity }}
domain: {{ matrix_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -38,7 +38,7 @@ appservice:
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://{{ hostname_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/).
@ -206,7 +206,7 @@ bridge:
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ hostname_identity }}': full
'{{ matrix_domain }}': full
# Options related to the message relay Telegram bot.
relaybot:

@ -1,9 +1,9 @@
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://{{ hostname_matrix }}
address: https://{{ matrix_server_fqn_matrix }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ hostname_identity }}
domain: {{ matrix_domain }}
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
@ -67,7 +67,7 @@ bridge:
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ hostname_identity }}': user
'{{ matrix_domain }}': user
# Logging config.
logging:

@ -5,7 +5,7 @@
# This is used by remote servers to connect to this server,
# e.g. matrix.org, localhost:8080, etc.
# This is also the last part of your UserID.
server_name: "{{ hostname_identity }}"
server_name: "{{ matrix_domain }}"
# When running as a daemon, the file to store the pid in
pid_file: /homeserver.pid
@ -43,7 +43,7 @@ pid_file: /homeserver.pid
# enter into the 'custom HS URL' field on their client. If you
# use synapse with a reverse proxy, this should be the URL to reach
# synapse via the proxy.
public_baseurl: https://{{ hostname_matrix }}/
public_baseurl: https://{{ matrix_server_fqn_matrix }}/
# Set the soft limit on the number of file descriptors synapse can use
# Zero is used to indicate synapse should set the soft limit to the
@ -339,7 +339,7 @@ event_cache_size: "{{ matrix_synapse_event_cache_size }}"
# A yaml python logging config file
log_config: "/data/{{ hostname_matrix }}.log.config"
log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
## Ratelimiting ##
@ -660,7 +660,7 @@ form_secret: {{ matrix_synapse_form_secret|to_json }}
## Signing Keys ##
# Path to the signing key to sign messages with
signing_key_path: "/data/{{ hostname_matrix }}.signing.key"
signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key"
# The keys that the server used to sign messages with but won't use
# to sign new messages. E.g. it has lost its private key

@ -2,5 +2,5 @@
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
matrix_synapse_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/versions"
matrix_synapse_federation_api_url_endpoint_public: "https://{{ hostname_matrix }}:8448/_matrix/federation/v1/version"
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"

Loading…
Cancel
Save