titanz
/
matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Riot is now Element

Browse Source 
Fixes #586 (Github Issue)
development
Slavi Pantaleev 4 years ago
parent de0efe96e7
commit c6ab1c6a90
54 changed files with 780 additions and 610 deletions
Show Stats Download Patch File Download Diff File

11
CHANGELOG.md
Unescape View File

@ -1,3 +1,14 @@
# 2020-07-17
## (Compatibility Break) Riot is now Element
As per the official announcement, [Riot has been rebraned to Element](https://element.io/blog/welcome-to-element/).
The playbook follows suit. Existing installations have a few options for how to handle this.
See our [Migrating to Element](docs/configuring-playbook-riot-web.md#migrating-to-element) documentation page for more details.
# 2020-07-03
## Steam bridging support via mx-puppet-steam

2
README.md
Unescape View File

@ -16,7 +16,7 @@ Using this playbook, you can get the following services configured on your serve
- (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls
- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Riot web UI
- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Element web UI
- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default

8
docs/configuring-dns.md
Unescape View File

@ -21,7 +21,7 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR
| Type | Host | Priority | Weight | Port | Target |
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
| A | `matrix` | - | - | - | `matrix-server-IP` |
| CNAME | `riot` | - | - | - | `matrix.<your-domain>` |
| CNAME | `element` | - | - | - | `matrix.<your-domain>` |
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
@ -32,10 +32,10 @@ DNS records marked with `(*)` above are optional. They refer to services that wi
## Subdomains setup
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `riot.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
The `riot.<your-domain>` subdomain is necessary, because this playbook installs the Riot web client for you.
If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `riot.<your-domain>` DNS record.
The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/riot-web) web client for you.
If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.
The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.

41
docs/configuring-playbook-client-element.md
Unescape View File

@ -0,0 +1,41 @@
# Configuring Element (optional)
By default, this playbook installs the [Element](https://github.com/vector-im/riot-web) Matrix client web application.
If that's okay, you can skip this document.
## Disabling Element
If you'd like for the playbook to not install (or to uninstall the previously installed Element), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_client_element_enabled: false
```
## Configuring Element settings
The playbook provides some customization variables you could use to change Element's settings.
Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template.
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
Alternatively, **if there is no pre-defined variable** for an Element setting you wish to change:
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used.
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
## Themes
To change the look of Element, you can define your own themes manually by using the `matrix_client_element__settingDefaults_custom_themes` setting.
Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`).
If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it.
Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.

6
docs/configuring-playbook-dimension.md
Unescape View File

@ -21,7 +21,7 @@ matrix_dimension_enabled: true
## Define admin users
These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Riot and clicking the settings icon.
These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon.
Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
@ -39,7 +39,7 @@ Follow our [Registering users](registering-users.md) guide to learn how to regis
You are required to specify an access token (belonging to this new user) for Dimension to work.
To get an access token for the Dimension user, follow these steps:
1. In a private browsing session (incognito window), open Riot.
1. In a private browsing session (incognito window), open Element.
2. Log in with the `dimension` user and its password.
1. Set the display name and avatar, if required.
2. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
@ -70,7 +70,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
By default Dimension will use [jitsi.riot.im](https://jitsi.riot.im/) as the `conferenceDomain` of [Jitsi](https://jitsi.org/) audio/video conference widgets. For users running [a self-hosted Jitsi instance](./configuring-playbook-jitsi.md), you will likely want the widget to use your own Jitsi instance. Currently there is no way to configure this via the playbook, see [this issue](https://github.com/turt2live/matrix-dimension/issues/345) for details.
In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In riot-web, go to *Manage Integrations* &rightarrow; *Settings* &rightarrow; *Widgets* &rightarrow; *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In Element, go to *Manage Integrations* &rightarrow; *Settings* &rightarrow; *Widgets* &rightarrow; *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
## Additional features

6
docs/configuring-playbook-jitsi.md
Unescape View File

@ -1,6 +1,6 @@
# Jitsi
The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).
The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Element](configuring-playbook-client-element.md).
Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
@ -144,13 +144,13 @@ Run this command for each user you would like to create, replacing `<USERNAME>`
You can use the self-hosted Jitsi server in multiple ways:
- **by adding a widget to a room via riot-web** (the one configured by the playbook at `https://riot.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
- **by adding a widget to a room via Element** (the one configured by the playbook at `https://element.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
- **by adding a widget to a room via the Dimension Integration Manager**. You'll have to point the widget to your own Jitsi server manually. See our [Dimension](./configuring-playbook-dimension.md) documentation page for more details. Naturally, Dimension would need to be installed first (the playbook doesn't install it by default).
- **directly (without any Matrix integration)**. Just go to `https://jitsi.DOMAIN`
**Note**: Riot apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
**Note**: Element apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
## Troubleshooting

6
docs/configuring-playbook-own-webserver.md
Unescape View File

@ -113,7 +113,7 @@ With this, nginx would still be in use, but it would not bother with anything SS
All services would be served locally on `127.0.0.1:81` and `127.0.0.1:8449` (as per the example configuration above).
You can then set up another reverse-proxy server on ports 80/443/8448 for all of the expected domains and make traffic go to these local ports.
The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `riot.DOMAIN` and `dimension.DOMAIN` are optional).
The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `element.DOMAIN` and `dimension.DOMAIN` are optional).
### Sample configuration for running behind Traefik 2.0
@ -144,7 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
- '--label "traefik.enable=true"'
# The Nginx proxy container will receive traffic from these subdomains
- '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"'
- '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`)"'
# (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
- '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
@ -172,7 +172,7 @@ matrix_synapse_container_extra_arguments:
- '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
```
This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `riot.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
Note that this configuration on its own does **not** redirect traffic on port 80 (plain HTTP) to port 443 for HTTPS, which may cause some issues, since the built-in Nginx proxy usually does this. If you are not already doing this in Traefik, it can be added to Traefik in a [file provider](https://docs.traefik.io/v2.0/providers/file/) as follows:

39
docs/configuring-playbook-riot-web.md
Unescape View File

@ -1,40 +1,37 @@
# Configuring Riot-web (optional)
By default, this playbook installs the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
If that's okay, you can skip this document.
By default, this playbook **used to install** the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
Riot has since been [renamed to Element](https://element.io/blog/welcome-to-element/).
## Disabling riot-web
- to learn more about Element and its configuration, see our dedicated [Configuring Element](configuring-playbook-client-element.md) documentation page
- to learn how to migrate from Riot to Element, see [Migrating to Element](#migrating-to-element) below
If you'd like for the playbook to not install (or to uninstall the previously installed riot-web), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_riot_web_enabled: false
```
## Configuring riot-web settings
## Migrating to Element
The playbook provides some customization variables you could use to change riot-web's settings.
### Migrating your custom settings
Their defaults are defined in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml) and they ultimately end up in the generated `/matrix/riot-web/config.json` file (on the server). This file is generated from the [`roles/matrix-riot-web/templates/config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2) template.
If you have custom `matrix_riot_web_` variables in your `inventory/host_vars/matrix.DOMAIN/vars.yml` file, you'll need to rename them (`matrix_riot_web_` -> `matrix_client_element_`).
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
Alternatively, **if there is no pre-defined variable** for a riot-web setting you wish to change:
### Domain migration
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of riot-web's various settings that rarely get used.
We used to set up Riot at the `riot.DOMAIN` domain. The playbook now sets up Element at `element.DOMAIN` by default.
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2)) by making use of the `matrix_riot_web_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
There are a few options for handling this:
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_riot_web_configuration_default` (or `matrix_riot_web_configuration`). You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
- (**avoiding changes** - using the old `riot.DOMAIN` domain and avoiding DNS changes) -- to keep using `riot.DOMAIN` instead of `element.DOMAIN`, override the domain at which the playbook serves Element: `matrix_server_fqn_element: "riot.{{ matrix_domain }}"`
- (**embracing changes** - using only `element.DOMAIN`) - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)). You can drop the `riot.DOMAIN` in this case. If so, you may also wish to remove old SSL certificates (`rm -rf /matrix/ssl/live/riot.DOMAIN`), so that `certbot` would stop trying to renew them.
## Themes
- (**embracing changes and transitioning smoothly** - using both `element.DOMAIN` and `riot.DOMAIN`) - to serve Element at the new domain (`element.DOMAIN`) and to also have `riot.DOMAIN` redirect there - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)) and enable Riot to Element redirection (`matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`).
To change the look of riot-web, you can define your own themes manually by using the `matrix_riot_web_settingDefaults_custom_themes` setting.
Or better yet, you can automatically pull it all themes provided by the [aaronraimist/riot-web-themes](https://github.com/aaronraimist/riot-web-themes) project by simply flipping a flag (`matrix_riot_web_themes_enabled: true`).
### Re-running the playbook
If you make your own theme, we encourage you to submit it to the **aaronraimist/riot-web-themes** project, so that the whole community could easily enjoy it.
As always, after making the necessary DNS and configuration adjustments, re-run the playbook to apply the changes:
Note that for a custom theme to work well, all riot-web/riot-desktop instances that you use must have the same theme installed.
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```

11
docs/configuring-playbook-ssl-certificates.md
Unescape View File

@ -1,6 +1,6 @@
# Adjusting SSL certificate retrieval (optional, advanced)
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `riot.<your-domain>`)
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
@ -42,7 +42,7 @@ With such a configuration, the playbook would expect you to drop the SSL certifi
- `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
- `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `element.<your-domain>`).
## Not bothering with SSL certificates
@ -62,7 +62,8 @@ The playbook tries to be smart about the certificates it will obtain for you.
By default, it obtains certificates for:
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
- possibly for `riot.<your-domain>`, unless you have disabled the Riot component using `matrix_riot_web_enabled: false`
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
@ -70,12 +71,12 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
To do that, simply define your own custom configuration like this:
```yaml
# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Riot, Dimension).
# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Element, Dimension).
# In this example, we retrieve an extra certificate - one for the base domain (in the `matrix_domain` variable).
# Adding any other additional domains (hosted on the same machine) is possible.
matrix_ssl_domains_to_obtain_certificates_for:
- '{{ matrix_server_fqn_matrix }}'
- '{{ matrix_server_fqn_riot }}'
- '{{ matrix_server_fqn_element }}'
- '{{ matrix_server_fqn_dimension }}'
- '{{ matrix_domain }}'
```

2
docs/configuring-playbook.md
Unescape View File

@ -38,7 +38,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Configuring Synapse](configuring-playbook-synapse.md) (optional)
- [Configuring Riot-web](configuring-playbook-riot-web.md) (optional)
- [Configuring Element](configuring-playbook-client-element.md) (optional)
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)

4
docs/configuring-well-known.md
Unescape View File

@ -6,7 +6,7 @@ There are 2 types of well-known service discovery that Matrix makes use of:
- (important) **Federation Server discovery** (`/.well-known/matrix/server`) -- assists other servers in the Matrix network with finding your server. Without a proper configuration, your server will effectively not be part of the Matrix network. Learn more in [Introduction to Federation Server Discovery](#introduction-to-federation-server-discovery)
- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Riot), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Element), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
## Introduction to Federation Server Discovery
@ -59,7 +59,7 @@ All you need to do is:
- copy `/.well-known/matrix/server` and `/.well-known/matrix/client` from the Matrix server (e.g. `matrix.example.com`) to your base domain's server (`example.com`). You can find these files in the `/matrix/static-files/.well-known/matrix` directory on the Matrix server. They are also accessible on URLs like this: `https://matrix.example.com/.well-known/matrix/server` (same for `client`).
- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Riot) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Element) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
This is relatively easy to do and possibly your only choice if you can only host static files from the base domain's server.
It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.

3
docs/maintenance-synapse.md
Unescape View File

@ -13,6 +13,7 @@ Table of contents:
- [Vacuuming Postgres](#vacuuming-postgres)
- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api)
- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state)
- [Browse and manipulate the database](#browse-and-manipulate-the-database)
- [Browse and manipulate the database](#browse-and-manipulate-the-database), for when you really need to take matters into your own hands
@ -56,7 +57,7 @@ If [purging unused and unreachable data](#purging-unused-data-with-synapse-janit
Synapse provides a [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) that you can use to purge on a per-room basis.
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like riot-web).
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
Alternatively, you can log in and obtain a new access token like this:
```

4
docs/registering-users.md
Unescape View File

@ -16,7 +16,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
-----
@ -25,7 +25,7 @@ If you've just installed Matrix, **to finalize the installation process**, it's
-----
## Adding/Removing Administrator privileges to an existing user.
## Adding/Removing Administrator privileges to an existing user.
The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.

2
docs/self-building.md
Unescape View File

@ -11,7 +11,7 @@ To make use of self-building, you don't need to do anything besides change your
Note that **not all components support self-building yet**.
List of roles where self-building the Docker image is currently possible:
- `matrix-synapse`
- `matrix-riot-web`
- `matrix-client-element`
- `matrix-coturn`
- `matrix-ma1sd`
- `matrix-mailer`

6
docs/updating-users-passwords.md
Unescape View File

@ -10,7 +10,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
## Option 2 (if you are using an external Postgres server):
@ -34,9 +34,9 @@ where `<password-hash>` is the hash returned by the docker command above.
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
### Example:
To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:

18
examples/apache/matrix-riot-web.conf → examples/apache/matrix-client-element.conf
Unescape View File

@ -1,8 +1,8 @@
# This is a sample file demonstrating how to set up reverse-proxy for riot.DOMAIN.
# If you're not using Riot (`matrix_riot_web_enabled: false`), you won't need this.
# This is a sample file demonstrating how to set up reverse-proxy for element.DOMAIN.
# If you're not using Element (`matrix_client_element_enabled: false`), you won't need this.
<VirtualHost *:80>
ServerName riot.DOMAIN
ServerName element.DOMAIN
ProxyVia On
@ -13,17 +13,17 @@
ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
</Location>
Redirect permanent / https://riot.DOMAIN/
Redirect permanent / https://element.DOMAIN/
</VirtualHost>
<VirtualHost *:443>
ServerName riot.DOMAIN
ServerName element.DOMAIN
SSLEngine On
# If you manage SSL certificates by yourself, these paths will differ.
SSLCertificateFile /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem
SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
SSLCertificateFile /matrix/ssl/config/live/element.DOMAIN/fullchain.pem
SSLCertificateKeyFile /matrix/ssl/config/live/element.DOMAIN/privkey.pem
SSLProxyEngine on
SSLProxyProtocol +TLSv1.2 +TLSv1.3
@ -36,6 +36,6 @@
ProxyPass / http://127.0.0.1:8765/
ProxyPassReverse / http://127.0.0.1:8765/
ErrorLog ${APACHE_LOG_DIR}/riot.DOMAIN-error.log
CustomLog ${APACHE_LOG_DIR}/riot.DOMAIN-access.log combined
ErrorLog ${APACHE_LOG_DIR}/element.DOMAIN-error.log
CustomLog ${APACHE_LOG_DIR}/element.DOMAIN-access.log combined
</VirtualHost>

8
examples/caddy/matrix-client-element
Unescape View File

@ -0,0 +1,8 @@
https://element.DOMAIN {
# These might differ if you are supplying your own certificates
tls /matrix/ssl/config/live/element.DOMAIN/fullchain.pem /matrix/ssl/config/live/element.DOMAIN/privkey.pem
proxy / http://127.0.0.1:8765 {
transparent
}
}

8
examples/caddy/matrix-riot-web
Unescape View File

@ -1,8 +0,0 @@
https://riot.DOMAIN {
# These might differ if you are supplying your own certificates
tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
proxy / http://127.0.0.1:8765 {
transparent
}
}

14
examples/haproxy/haproxy.cfg
Unescape View File

@ -39,7 +39,7 @@ frontend https-frontend
# HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use
# cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem
bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem
#bind *:443 ssl crt /etc/haproxy/certs/riot.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
#bind *:443 ssl crt /etc/haproxy/certs/element.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
reqadd X-Forwarded-Proto:\ https
option httplog
option http-server-close
@ -60,10 +60,10 @@ frontend https-frontend
acl synapse_admin path -i -m beg /_synapse/admin
# Send to :8008
use_backend matrix-main if matrix_path or synapse_admin
# riot.example.com
acl riot_domain hdr_dom(host) -i riot.example.com
# element.example.com
acl element_domain hdr_dom(host) -i element.example.com
# Send to 8765
use_backend riot if riot_domain
use_backend element if element_domain
# If nothing else match, just send to default matrix backend
use_backend matrix-main if matrix_domain
#default_backend matrix-main
@ -86,12 +86,12 @@ backend synapse
backend nginx-static
capture request header origin len 128
http-response add-header Access-Control-Allow-Origin *
http-response add-header Access-Control-Allow-Origin *
rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found }
server nginx 127.0.0.1:40888 check
backend riot
server riot 127.0.0.1:8765 check
backend element
server element 127.0.0.1:8765 check

48
group_vars/matrix_servers
Unescape View File

@ -755,7 +755,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:4
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
matrix_nginx_proxy_proxy_matrix_enabled: true
matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}"
matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
@ -792,14 +792,16 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
+
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
+
(['matrix-riot-web.service'] if matrix_riot_web_enabled else [])
(['matrix-client-element.service'] if matrix_client_element_enabled else [])
}}
matrix_ssl_domains_to_obtain_certificates_for: |
{{
([matrix_server_fqn_matrix])
+
([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
([matrix_server_fqn_element] if matrix_client_element_enabled else [])
+
([matrix_nginx_proxy_proxy_riot_compat_redirect_hostname] if matrix_nginx_proxy_proxy_riot_compat_redirect_enabled else [])
+
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
+
@ -847,48 +849,48 @@ matrix_postgres_db_name: "homeserver"
######################################################################
#
# matrix-riot-web
# matrix-client-element
#
######################################################################
# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
# By default, this playbook installs the Element web UI on the `matrix_server_fqn_element` domain.
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_riot_web_enabled: true
matrix_client_element_enabled: true
matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
# Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the riot-web HTTP port to the local host.
matrix_riot_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
# the Element HTTP port to the local host.
matrix_client_element_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
matrix_riot_web_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
# Use Dimension if enabled, otherwise fall back to Scalar
matrix_riot_web_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_riot_web_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_riot_web_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_riot_web_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
matrix_client_element_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
matrix_riot_web_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
matrix_riot_web_registration_enabled: "{{ matrix_synapse_enable_registration }}"
matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
matrix_riot_web_enable_presence_by_hs_url: |
matrix_client_element_enable_presence_by_hs_url: |
{{
none
if matrix_synapse_use_presence
else {matrix_riot_web_default_hs_url: false}
else {matrix_client_element_default_hs_url: false}
}}
matrix_riot_web_welcome_user_id: ~
matrix_client_element_welcome_user_id: ~
matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
######################################################################
#
# /matrix-riot-web
# /matrix-client-element
#
######################################################################

12
roles/matrix-base/defaults/main.yml
Unescape View File

@ -8,12 +8,12 @@
matrix_domain: ~
# This is where your data lives and what we set up.
# This and the Riot FQN (see below) are expected to be on the same server.
# This and the Element FQN (see below) are expected to be on the same server.
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
# This is where you access the web UI from and what we set up here.
# This is where you access the Element web UI from (if enabled via matrix_client_element_enabled; enabled by default).
# This and the Matrix FQN (see above) are expected to be on the same server.
matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
matrix_server_fqn_element: "element.{{ matrix_domain }}"
# This is where you access the Dimension.
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
@ -58,12 +58,12 @@ matrix_integration_manager_rest_url: ~
matrix_integration_manager_ui_url: ~
# The domain name where a Jitsi server is self-hosted.
# If set, `/.well-known/matrix/client` will suggest Riot clients to use that Jitsi server.
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
matrix_riot_jitsi_preferredDomain: ''
# Controls whether Riot should use End-to-End Encryption by default.
# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE.
# Controls whether Element should use End-to-End Encryption by default.
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
matrix_riot_e2ee_default: true

7
roles/matrix-base/tasks/sanity_check.yml
Unescape View File

@ -25,7 +25,8 @@
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
- {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
- name: Fail if required variables are undefined
fail:
@ -33,7 +34,7 @@
with_items:
- matrix_domain
- matrix_server_fqn_matrix
- matrix_server_fqn_riot
- matrix_server_fqn_element
when: "item not in vars or vars[item] is none"
- name: Fail if uppercase domain used
@ -42,7 +43,7 @@
with_items:
- "{{ matrix_domain }}"
- "{{ matrix_server_fqn_matrix }}"
- "{{ matrix_server_fqn_riot }}"
- "{{ matrix_server_fqn_element }}"
when: "item != item|lower"
- name: Fail if using python2 on Archlinux

2
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Unescape View File

@ -145,7 +145,7 @@ bridge:
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Use inline images instead of a separate message for the caption.
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
# N.B. Inline images are not supported on all clients (e.g. Element iOS).
inline_images: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10

122
roles/matrix-client-element/defaults/main.yml
Unescape View File

@ -0,0 +1,122 @@
matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_docker_image: "vectorim/riot-web:v1.7.1"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
matrix_client_element_docker_src_files_path: "{{ matrix_client_element_data_path }}/docker-src"
# Controls whether the matrix-client-element container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
matrix_client_element_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_client_element_container_extra_arguments: []
# List of systemd services that matrix-client-element.service depends on
matrix_client_element_systemd_required_services_list: ['docker.service']
# Element config.json customizations
matrix_client_element_default_server_name: "{{ matrix_domain }}"
matrix_client_element_default_hs_url: ""
matrix_client_element_default_is_url: ~
matrix_client_element_disable_custom_urls: true
matrix_client_element_disable_guests: true
matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"
matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
matrix_client_element_permalinkPrefix: "https://matrix.to"
# Element public room directory server(s)
matrix_client_element_roomdir_servers: ['matrix.org']
matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
# Branding of Element
matrix_client_element_brand: "Element"
# URL to Logo on welcome page
matrix_client_element_welcome_logo: "welcome/images/logo.svg"
# URL of link on welcome image
matrix_client_element_welcome_logo_link: "https://element.io"
matrix_client_element_welcome_headline: "_t('Welcome to Element')"
matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
# Links, shown in footer of welcome page:
# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
matrix_client_element_branding_authFooterLinks: ~
# URL to image, shown during Login
matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}"
# URL to Wallpaper, shown in background of welcome page
matrix_client_element_branding_welcomeBackgroundUrl: ~
# By default, there's no Element homepage (when logged in). If you wish to have one,
# point this to a `home.html` template file on your local filesystem.
matrix_client_element_embedded_pages_home_path: ~
matrix_client_element_jitsi_preferredDomain: ''
# Controls whether the self-check feature should validate SSL certificates.
matrix_client_element_self_check_validate_certificates: true
# don't show the registration button on welcome page
matrix_client_element_registration_enabled: false
# Controls whether presence will be enabled
matrix_client_element_enable_presence_by_hs_url: ~
# Controls whether custom Element themes will be installed.
# When enabled, all themes found in the `matrix_client_element_themes_repository_url` repository
# will be installed and enabled automatically.
matrix_client_element_themes_enabled: false
matrix_client_element_themes_repository_url: https://github.com/aaronraimist/element-themes
# Controls the default theme
matrix_client_element_default_theme: 'light'
# Controls the `settingsDefault.custom_themes` setting of the Element configuration.
# You can use this setting to define custom themes.
#
# Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically.
# If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well.
#
# Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.
matrix_client_element_settingDefaults_custom_themes: []
# Default Element configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_client_element_configuration_extension_json`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_client_element_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
# Your custom JSON configuration for Element should go to `matrix_client_element_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_client_element_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_client_element_configuration_default`.
#
# Example configuration extension follows:
#
# matrix_client_element_configuration_extension_json: |
# {
# "disable_3pid_login": true,
# "disable_login_language_selector": true
# }
matrix_client_element_configuration_extension_json: '{}'
matrix_client_element_configuration_extension: "{{ matrix_client_element_configuration_extension_json|from_json if matrix_client_element_configuration_extension_json|from_json is mapping else {} }}"
# Holds the final Element configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`.
matrix_client_element_configuration: "{{ matrix_client_element_configuration_default|combine(matrix_client_element_configuration_extension, recursive=True) }}"

8
roles/matrix-riot-web/tasks/init.yml → roles/matrix-client-element/tasks/init.yml
Unescape View File

@ -1,10 +1,10 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}"
when: matrix_riot_web_enabled|bool
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element'] }}"
when: matrix_client_element_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Riot Web image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_riot_web_container_image_self_build"
msg: "To self build the Element image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build"

34
roles/matrix-client-element/tasks/main.yml
Unescape View File

@ -0,0 +1,34 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_client_element_enabled|bool"
tags:
- setup-all
- setup-client-element
- import_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
when: run_setup|bool
tags:
- setup-all
- setup-client-element
- import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml"
when: run_setup|bool
tags:
- setup-all
- setup-client-element
- import_tasks: "{{ role_path }}/tasks/setup.yml"
when: run_setup|bool
tags:
- setup-all
- setup-client-element
- import_tasks: "{{ role_path }}/tasks/self_check.yml"
delegate_to: 127.0.0.1
become: false
when: "run_self_check|bool and matrix_client_element_enabled|bool"
tags:
- self-check

36
roles/matrix-client-element/tasks/migrate_riot_web.yml
Unescape View File

@ -0,0 +1,36 @@
---
- name: Check existence of matrix-riot-web.service
stat:
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
register: matrix_client_riot_web_service_stat
when: "matrix_client_element_enabled|bool"
- name: Ensure matrix-riot-web is stopped
service:
name: matrix-riot-web
state: stopped
daemon_reload: yes
register: stopping_result
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
- name: Ensure matrix-riot-web.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
state: absent
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-riot-web.service removal
service:
daemon_reload: yes
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
- name: Check existence of /matrix/riot-web
stat:
path: "/matrix/riot-web"
register: matrix_client_riot_web_dir_stat
when: "matrix_client_element_enabled|bool"
- name: Relocate /matrix/riot-web to /matrix/client-element
command: "mv /matrix/riot-web /matrix/client-element"
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_dir_stat.stat.exists"

48
roles/matrix-client-element/tasks/prepare_themes.yml
Unescape View File

@ -0,0 +1,48 @@
---
#
# Tasks related to setting up Element themes
#
- block:
- name: Ensure Element themes repository is pulled
git:
repo: "{{ matrix_client_element_themes_repository_url }}"
dest: "{{ role_path }}/files/scratchpad/themes"
- name: Find all Element theme files
find:
paths: "{{ role_path }}/files/scratchpad/themes"
patterns: "*.json"
recurse: true
register: matrix_client_element_theme_file_list
- name: Read Element theme
slurp:
path: "{{ item.path }}"
register: "matrix_client_element_theme_file_contents"
with_items: "{{ matrix_client_element_theme_file_list.files }}"
- name: Load Element theme
set_fact:
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
run_once: true
delegate_to: 127.0.0.1
become: false
when: matrix_client_element_themes_enabled|bool
#
# Tasks related to getting rid of Element themes (if it was previously enabled)
#
- name: Ensure Element themes repository is removed
file:
path: "{{ role_path }}/files/scratchpad/themes"
state: absent
run_once: true
delegate_to: 127.0.0.1
become: false
when: "not matrix_client_element_themes_enabled|bool"

22
roles/matrix-client-element/tasks/self_check.yml
Unescape View File

@ -0,0 +1,22 @@
---
- set_fact:
matrix_client_element_url_endpoint_public: "https://{{ matrix_server_fqn_element }}/config.json"
- name: Check Element
uri:
url: "{{ matrix_client_element_url_endpoint_public }}"
follow_redirects: none
validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}"
register: matrix_client_element_self_check_result
check_mode: no
ignore_errors: true
- name: Fail if Element not working
fail:
msg: "Failed checking Element is up at `{{ matrix_server_fqn_element }}` (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`). Is Element running? Is port 443 open in your firewall? Full error: {{ matrix_client_element_self_check_result }}"
when: "matrix_client_element_self_check_result.failed or 'json' not in matrix_client_element_self_check_result"
- name: Report working Element
debug:
msg: "Element at `{{ matrix_server_fqn_element }}` is working (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`)"

127
roles/matrix-client-element/tasks/setup.yml
Unescape View File

@ -0,0 +1,127 @@
---
#
# Tasks related to setting up Element
#
- name: Ensure Element paths exists
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_client_element_data_path }}", when: true }
- { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" }
when: matrix_client_element_enabled|bool and item.when
- name: Ensure Element Docker image is pulled
docker_image:
name: "{{ matrix_client_element_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}"
when: matrix_client_element_enabled|bool and not matrix_client_element_container_image_self_build
- name: Ensure Element repository is present on self-build
git:
repo: https://github.com/vector-im/riot-web.git
dest: "{{ matrix_client_element_docker_src_files_path }}"
version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
force: "yes"
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
- name: Ensure Element Docker image is built
docker_image:
name: "{{ matrix_client_element_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_client_element_docker_src_files_path }}"
pull: yes
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
- name: Ensure Element configuration installed
copy:
content: "{{ matrix_client_element_configuration|to_nice_json }}"
dest: "{{ matrix_client_element_data_path }}/config.json"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_client_element_enabled|bool
- name: Ensure Element config files installed
template:
src: "{{ item.src }}"
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
- {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_client_element_enabled|bool and item.src is not none"
- name: Ensure Element config files removed
file:
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
state: absent
with_items:
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_client_element_enabled|bool and item.src is none"
- name: Ensure matrix-client-element.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-client-element.service"
mode: 0644
register: matrix_client_element_systemd_service_result
when: matrix_client_element_enabled|bool
- name: Ensure systemd reloaded after matrix-client-element.service installation
service:
daemon_reload: yes
when: "matrix_client_element_enabled and matrix_client_element_systemd_service_result.changed"
#
# Tasks related to getting rid of Element (if it was previously enabled)
#
- name: Check existence of matrix-client-element.service
stat:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
register: matrix_client_element_service_stat
when: "not matrix_client_element_enabled|bool"
- name: Ensure matrix-client-element is stopped
service:
name: matrix-client-element
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
- name: Ensure matrix-client-element.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
state: absent
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-client-element.service removal
service:
daemon_reload: yes
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
- name: Ensure Element paths doesn't exist
file:
path: "{{ matrix_client_element_data_path }}"
state: absent
when: "not matrix_client_element_enabled|bool"
- name: Ensure Element Docker image doesn't exist
docker_image:
name: "{{ matrix_client_element_docker_image }}"
state: absent
when: "not matrix_client_element_enabled|bool"

20
roles/matrix-client-element/tasks/validate_config.yml
Unescape View File

@ -0,0 +1,20 @@
---
- name: Fail if required Element settings not defined
fail:
msg: >
You need to define a required configuration setting (`{{ item }}`) for using Element.
when: "vars[item] == ''"
with_items:
- "matrix_client_element_default_hs_url"
- name: (Deprecation) Catch and report riot-web variables
fail:
msg: >-
Riot has been renamed to Element (https://element.io/blog/welcome-to-element/).
The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names.
Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`).
Also note that DNS configuration changes may be necessary.
when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
with_items:
- {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'}

45
roles/matrix-client-element/templates/config.json.j2
Unescape View File

@ -0,0 +1,45 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": {{ matrix_client_element_default_hs_url|string|to_json }},
"server_name": {{ matrix_client_element_default_server_name|string|to_json }}
},
"m.identity_server": {
"base_url": {{ matrix_client_element_default_is_url|string|to_json }}
}
},
"settingDefaults": {
"custom_themes": {{ matrix_client_element_settingDefaults_custom_themes|to_json }}
},
"default_theme": {{ matrix_client_element_default_theme|string|to_json }},
"permalinkPrefix": {{ matrix_client_element_permalinkPrefix|string|to_json }},
"disable_custom_urls": {{ matrix_client_element_disable_custom_urls|to_json }},
"disable_guests": {{ matrix_client_element_disable_guests|to_json }},
"brand": {{ matrix_client_element_brand|to_json }},
"integrations_ui_url": {{ matrix_client_element_integrations_ui_url|string|to_json }},
"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"enableLabs": true,
"roomDirectory": {
"servers": {{ matrix_client_element_roomdir_servers|to_json }}
},
"welcomeUserId": {{ matrix_client_element_welcome_user_id|to_json }},
{% if matrix_client_element_enable_presence_by_hs_url is not none %}
"enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url|to_json }},
{% endif %}
"embeddedPages": {
"homeUrl": {{ matrix_client_element_embedded_pages_home_url|string|to_json }}
},
{% if matrix_client_element_jitsi_preferredDomain %}
"jitsi": {
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
},
{% endif %}
"branding": {
"authFooterLinks": {{ matrix_client_element_branding_authFooterLinks|to_json }},
"authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl|to_json }},
"welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl|to_json }}
}
}

0
roles/matrix-riot-web/templates/nginx.conf.j2 → roles/matrix-client-element/templates/nginx.conf.j2
Unescape View File

43
roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2
Unescape View File

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Element server
{% for service in matrix_client_element_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-client-element
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-client-element
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
{% if matrix_client_element_container_http_host_bind_port %}
-p {{ matrix_client_element_container_http_host_bind_port }}:8080 \
{% endif %}
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
-v {{ matrix_client_element_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v {{ matrix_client_element_data_path }}/config.json:/app/config.json:ro \
-v {{ matrix_client_element_data_path }}/config.json:/app/config.{{ matrix_server_fqn_element }}.json:ro \
{% if matrix_client_element_embedded_pages_home_path is not none %}
-v {{ matrix_client_element_data_path }}/home.html:/app/home.html:ro \
{% endif %}
-v {{ matrix_client_element_data_path }}/welcome.html:/app/welcome.html:ro \
{% for arg in matrix_client_element_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_client_element_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-client-element
ExecStop=-{{ matrix_host_command_docker }} rm matrix-client-element
Restart=always
RestartSec=30
SyslogIdentifier=matrix-client-element
[Install]
WantedBy=multi-user.target

12
roles/matrix-riot-web/templates/welcome.html.j2 → roles/matrix-client-element/templates/welcome.html.j2
Unescape View File

@ -153,23 +153,23 @@ h1::after {
</style>
<div class="mx_Parent">
<a href="{{ matrix_riot_web_welcome_logo_link }}" target="_blank" rel="noopener">
<img src="{{ matrix_riot_web_welcome_logo }}" alt="" class="mx_Logo"/>
<a href="{{ matrix_client_element_welcome_logo_link }}" target="_blank" rel="noopener">
<img src="{{ matrix_client_element_welcome_logo }}" alt="" class="mx_Logo"/>
</a>
<h1 class="mx_Header_title">{{ matrix_riot_web_welcome_headline }}</h1>
<h4 class="mx_Header_subtitle">{{ matrix_riot_web_welcome_text }}</h4>
<h1 class="mx_Header_title">{{ matrix_client_element_welcome_headline }}</h1>
<h4 class="mx_Header_subtitle">{{ matrix_client_element_welcome_text }}</h4>
<div class="mx_ButtonGroup">
<div class="mx_ButtonRow">
<a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
<div class="mx_ButtonLabel">_t("Sign In")</div>
</a>
{% if matrix_riot_web_registration_enabled %}
{% if matrix_client_element_registration_enabled %}
<a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
<div class="mx_ButtonLabel">_t("Create Account")</div>
</a>
{% endif %}
</div>
{% if matrix_riot_web_disable_guests != true %}
{% if matrix_client_element_disable_guests != true %}
<!-- The comments below are meant to be used by Ansible as a quick way
to strip out the marked content when desired.
See https://github.com/vector-im/riot-web/issues/8622.

3
roles/matrix-client-element/vars/main.yml
Unescape View File

@ -0,0 +1,3 @@
---
matrix_client_element_embedded_pages_home_url: "{{ ('' if matrix_client_element_embedded_pages_home_path is none else 'home.html') }}"

2
roles/matrix-dimension/templates/config.yaml.j2
Unescape View File

@ -31,7 +31,7 @@ homeserver:
accessToken: "{{ matrix_dimension_access_token }}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
# To access the admin interface, open Dimension in Element and click the settings icon.
admins: {{ matrix_dimension_admins|to_json }}
# IPs and CIDR ranges listed here will be blocked from being widgets.

23
roles/matrix-nginx-proxy/defaults/main.yml
Unescape View File

@ -94,8 +94,12 @@ matrix_nginx_proxy_base_domain_homepage_template: |-
# Controls whether proxying the riot domain should be done.
matrix_nginx_proxy_proxy_riot_enabled: false
matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: false
matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain }}"
# Controls whether proxying the Element domain should be done.
matrix_nginx_proxy_proxy_element_enabled: false
matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
# Controls whether proxying the matrix domain should be done.
matrix_nginx_proxy_proxy_matrix_enabled: false
@ -162,23 +166,26 @@ matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the matrix synapse's server configuration.
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the matrix riot's server configuration.
# A list of strings containing additional configuration blocks to add to Riot's server configuration.
matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
# A list of strings containing additional configuration blocks to add to Element's server configuration.
matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to Dimension's server configuration.
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the jitsi's server configuration.
# A list of strings containing additional configuration blocks to add to Jitsi's server configuration.
matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
# A list of strings containing additional configuration blocks to add to the base domain server configuration.
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
# Specifies when to reload the matrix-nginx-proxy service so that
# a new SSL certificate could go into effect.
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
# Specifies which SSL protocols to use when serving Riot and Synapse
# Specifies which SSL protocols to use when serving all the various vhosts
matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"
# Controls whether the self-check feature should validate SSL certificates.
@ -204,7 +211,7 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
# obeying the following hierarchy:
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_element`).
#
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)

11
roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
Unescape View File

@ -52,12 +52,19 @@
mode: 0644
when: matrix_nginx_proxy_proxy_matrix_enabled|bool
- name: Ensure Matrix nginx-proxy configuration for Element domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf"
mode: 0644
when: matrix_nginx_proxy_proxy_element_enabled|bool
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
mode: 0644
when: matrix_nginx_proxy_proxy_riot_enabled|bool
when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
template:
@ -162,7 +169,7 @@
file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
state: absent
when: "not matrix_nginx_proxy_proxy_riot_enabled|bool"
when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool"
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
file:

3
roles/matrix-nginx-proxy/tasks/validate_config.yml
Unescape View File

@ -9,6 +9,9 @@
with_items:
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}
# People who configured this to disable Riot, would now wish to be disabling Element.
# We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default.
- {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
- name: Fail on unknown matrix_ssl_retrieval_method
fail:

73
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
Unescape View File

@ -0,0 +1,73 @@
#jinja2: lstrip_blocks: "True"
{% macro render_vhost_directives() %}
gzip on;
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
{% for configuration_block in matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks %}
{{- configuration_block }}
{% endfor %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-client-element:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:8765;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endmacro %}
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_element_hostname }};
server_tokens off;
root /dev/null;
{% if matrix_nginx_proxy_https_enabled %}
location /.well-known/acme-challenge {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-certbot:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
{% endif %}
}
location / {
return 301 https://$http_host$request_uri;
}
{% else %}
{{ render_vhost_directives() }}
{% endif %}
}
{% if matrix_nginx_proxy_https_enabled %}
server {
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
server_name {{ matrix_nginx_proxy_proxy_element_hostname }};
server_tokens off;
root /dev/null;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/privkey.pem;
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
{{ render_vhost_directives() }}
}
{% endif %}

23
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2
Unescape View File

@ -1,32 +1,19 @@
#jinja2: lstrip_blocks: "True"
{% macro render_vhost_directives() %}
gzip on;
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
{{- configuration_block }}
{% endfor %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-riot-web:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:8765;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
return 301 https://{{ matrix_nginx_proxy_proxy_element_hostname }}$request_uri;
}
{% endmacro %}
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
server_tokens off;
root /dev/null;
@ -57,13 +44,13 @@ server {
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
server_tokens off;
root /dev/null;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_hostname }}/privkey.pem;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/privkey.pem;
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

2
roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2
Unescape View File

@ -1,6 +1,6 @@
#jinja2: lstrip_blocks: "True"
# The default is aligned to the CPU's cache size,
# which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
# which can sometimes be too low to handle our 2 vhosts (Synapse and Element).
#
# Thus, we ensure a larger bucket size value is used.
server_names_hash_bucket_size 64;

122
roles/matrix-riot-web/defaults/main.yml
Unescape View File

@ -1,122 +0,0 @@
matrix_riot_web_enabled: true
matrix_riot_web_container_image_self_build: false
matrix_riot_web_docker_image: "vectorim/riot-web:v1.7.1"
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
matrix_riot_web_docker_src_files_path: "{{ matrix_riot_web_data_path }}/docker-src"
# Controls whether the matrix-riot-web container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
matrix_riot_web_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_riot_web_container_extra_arguments: []
# List of systemd services that matrix-riot-web.service depends on
matrix_riot_web_systemd_required_services_list: ['docker.service']
# Riot config.json customizations
matrix_riot_web_default_server_name: "{{ matrix_domain }}"
matrix_riot_web_default_hs_url: ""
matrix_riot_web_default_is_url: ~
matrix_riot_web_disable_custom_urls: true
matrix_riot_web_disable_guests: true
matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api"
matrix_riot_web_integrations_widgets_urls: ["https://scalar.vector.im/api"]
matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
matrix_riot_web_permalinkPrefix: "https://matrix.to"
# Riot public room directory server(s)
matrix_riot_web_roomdir_servers: ['matrix.org']
matrix_riot_web_welcome_user_id: "@riot-bot:matrix.org"
# Branding of riot web
matrix_riot_web_brand: "Riot"
# URL to Logo on welcome page
matrix_riot_web_welcome_logo: "welcome/images/logo.svg"
# URL of link on welcome image
matrix_riot_web_welcome_logo_link: "https://element.io"
matrix_riot_web_welcome_headline: "_t('Welcome to Element')"
matrix_riot_web_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
# Links, shown in footer of welcome page:
# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
matrix_riot_web_branding_authFooterLinks: ~
# URL to image, shown during Login
matrix_riot_web_branding_authHeaderLogoUrl: "{{ matrix_riot_web_welcome_logo }}"
# URL to Wallpaper, shown in background of welcome page
matrix_riot_web_branding_welcomeBackgroundUrl: ~
# By default, there's no Riot homepage (when logged in). If you wish to have one,
# point this to a `home.html` template file on your local filesystem.
matrix_riot_web_embedded_pages_home_path: ~
matrix_riot_web_jitsi_preferredDomain: ''
# Controls whether the self-check feature should validate SSL certificates.
matrix_riot_web_self_check_validate_certificates: true
# don't show the registration button on welcome page
matrix_riot_web_registration_enabled: false
# Controls whether Riot shows the presence features
matrix_riot_web_enable_presence_by_hs_url: ~
# Controls whether custom riot-web themes will be installed.
# When enabled, all themes found in the `matrix_riot_web_themes_repository_url` repository
# will be installed and enabled automatically.
matrix_riot_web_themes_enabled: false
matrix_riot_web_themes_repository_url: https://github.com/aaronraimist/riot-web-themes
# Controls the default riot-web theme
matrix_riot_web_default_theme: 'light'
# Controls the `settingsDefault.custom_themes` setting of the riot-web configuration.
# You can use this setting to define custom themes.
#
# Also, look at `matrix_riot_web_themes_enabled` for a way to pull in a bunch of custom themes automatically.
# If you define your own themes here and set `matrix_riot_web_themes_enabled: true`, your themes will be preserved as well.
#
# Note that for a custom theme to work well, all riot-web/riot-desktop instances that you use must have the same theme installed.
matrix_riot_web_settingDefaults_custom_themes: []
# Default riot-web configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_riot_web_configuration_extension_json`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_riot_web_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
# Your custom JSON configuration for riot-web should go to `matrix_riot_web_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_riot_web_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_riot_web_configuration_default`.
#
# Example configuration extension follows:
#
# matrix_riot_web_configuration_extension_json: |
# {
# "disable_3pid_login": true,
# "disable_login_language_selector": true
# }
matrix_riot_web_configuration_extension_json: '{}'
matrix_riot_web_configuration_extension: "{{ matrix_riot_web_configuration_extension_json|from_json if matrix_riot_web_configuration_extension_json|from_json is mapping else {} }}"
# Holds the final riot-web configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_riot_web_configuration_default`.
matrix_riot_web_configuration: "{{ matrix_riot_web_configuration_default|combine(matrix_riot_web_configuration_extension, recursive=True) }}"

28
roles/matrix-riot-web/tasks/main.yml
Unescape View File

@ -1,28 +0,0 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_riot_web_enabled|bool"
tags:
- setup-all
- setup-riot-web
- import_tasks: "{{ role_path }}/tasks/prepare_riot_web_themes.yml"
when: run_setup|bool
tags:
- setup-all
- setup-riot-web
- import_tasks: "{{ role_path }}/tasks/setup_riot_web.yml"
when: run_setup|bool
tags:
- setup-all
- setup-riot-web
- import_tasks: "{{ role_path }}/tasks/self_check_riot_web.yml"
delegate_to: 127.0.0.1
become: false
when: "run_self_check|bool and matrix_riot_web_enabled|bool"
tags:
- self-check

48
roles/matrix-riot-web/tasks/prepare_riot_web_themes.yml
Unescape View File

@ -1,48 +0,0 @@
---
#
# Tasks related to setting up riot-web themes
#
- block:
- name: Ensure riot-web themes repository is pulled
git:
repo: "{{ matrix_riot_web_themes_repository_url }}"
dest: "{{ role_path }}/files/scratchpad/riot-web-themes"
- name: Find all riot-web theme files
find:
paths: "{{ role_path }}/files/scratchpad/riot-web-themes"
patterns: "*.json"
recurse: true
register: matrix_riot_web_theme_file_list
- name: Read riot-web theme
slurp:
path: "{{ item.path }}"
register: "matrix_riot_web_theme_file_contents"
with_items: "{{ matrix_riot_web_theme_file_list.files }}"
- name: Load riot-web theme
set_fact:
matrix_riot_web_settingDefaults_custom_themes: "{{ matrix_riot_web_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"
with_items: "{{ matrix_riot_web_theme_file_contents.results }}"
run_once: true
delegate_to: 127.0.0.1
become: false
when: matrix_riot_web_themes_enabled|bool
# #
# # Tasks related to getting rid of riot-web themes (if it was previously enabled)
# #
- name: Ensure riot-web themes repository is removed
file:
path: "{{ role_path }}/files/scratchpad/riot-web-themes"
state: absent
run_once: true
delegate_to: 127.0.0.1
become: false
when: "not matrix_riot_web_themes_enabled|bool"

22
roles/matrix-riot-web/tasks/self_check_riot_web.yml
Unescape View File

@ -1,22 +0,0 @@
---
- set_fact:
riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"
- name: Check riot-web
uri:
url: "{{ riot_web_url_endpoint_public }}"
follow_redirects: none
validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
register: result_riot_web
check_mode: no
ignore_errors: true
- name: Fail if riot-web not working
fail:
msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
when: "result_riot_web.failed or 'json' not in result_riot_web"
- name: Report working riot-web
debug:
msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"

127
roles/matrix-riot-web/tasks/setup_riot_web.yml
Unescape View File

@ -1,127 +0,0 @@
---
#
# Tasks related to setting up riot-web
#
- name: Ensure Matrix riot-web path exists
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_riot_web_data_path }}", when: true }
- { path: "{{ matrix_riot_web_docker_src_files_path }}", when: "{{ matrix_riot_web_container_image_self_build }}" }
when: matrix_riot_web_enabled|bool and item.when
- name: Ensure riot-web Docker image is pulled
docker_image:
name: "{{ matrix_riot_web_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_riot_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_riot_web_docker_image_force_pull }}"
when: matrix_riot_web_enabled|bool and not matrix_riot_web_container_image_self_build
- name: Ensure Riot Web repository is present on self-build
git:
repo: https://github.com/vector-im/riot-web.git
dest: "{{ matrix_riot_web_docker_src_files_path }}"
version: "{{ matrix_riot_web_docker_image.split(':')[1] }}"
force: "yes"
when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
- name: Ensure Riot Web Docker image is built
docker_image:
name: "{{ matrix_riot_web_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_riot_web_docker_src_files_path }}"
pull: yes
when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
- name: Ensure Matrix riot-web configuration installed
copy:
content: "{{ matrix_riot_web_configuration|to_nice_json }}"
dest: "{{ matrix_riot_web_data_path }}/config.json"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_riot_web_enabled|bool
- name: Ensure Matrix riot-web config files installed
template:
src: "{{ item.src }}"
dest: "{{ matrix_riot_web_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
- {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
- {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_riot_web_enabled|bool and item.src is not none"
- name: Ensure Matrix riot-web config files removed
file:
path: "{{ matrix_riot_web_data_path }}/{{ item.name }}"
state: absent
with_items:
- {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_riot_web_enabled|bool and item.src is none"
- name: Ensure matrix-riot-web.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-riot-web.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-riot-web.service"
mode: 0644
register: matrix_riot_web_systemd_service_result
when: matrix_riot_web_enabled|bool
- name: Ensure systemd reloaded after matrix-riot-web.service installation
service:
daemon_reload: yes
when: "matrix_riot_web_enabled and matrix_riot_web_systemd_service_result.changed"
#
# Tasks related to getting rid of riot-web (if it was previously enabled)
#
- name: Check existence of matrix-riot-web service
stat:
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
register: matrix_riot_web_service_stat
when: "not matrix_riot_web_enabled|bool"
- name: Ensure matrix-riot-web is stopped
service:
name: matrix-riot-web
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
- name: Ensure matrix-riot-web.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
state: absent
when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-riot-web.service removal
service:
daemon_reload: yes
when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
- name: Ensure Matrix riot-web paths doesn't exist
file:
path: "{{ matrix_riot_web_data_path }}"
state: absent
when: "not matrix_riot_web_enabled|bool"
- name: Ensure riot-web Docker image doesn't exist
docker_image:
name: "{{ matrix_riot_web_docker_image }}"
state: absent
when: "not matrix_riot_web_enabled|bool"

23
roles/matrix-riot-web/tasks/validate_config.yml
Unescape View File

@ -1,23 +0,0 @@
---
- name: Fail if required riot-web settings not defined
fail:
msg: >
You need to define a required configuration setting (`{{ item }}`) for using riot-web.
when: "vars[item] == ''"
with_items:
- "matrix_riot_web_default_hs_url"
- name: (Deprecation) Catch and report renamed riot-web variables
fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_riot_web_homepage_template', 'new': 'matrix_riot_web_embedded_pages_home_path'}
- {'old': 'matrix_riot_web_homepage_template_general', 'new': '<removed>'}
- {'old': 'matrix_riot_web_homepage_template_technical', 'new': '<removed>'}
- {'old': 'matrix_riot_web_homepage_template_building', 'new': '<removed>'}
- {'old': 'matrix_riot_web_homepage_template_contributing', 'new': '<removed>'}
- {'old': 'matrix_riot_web_container_expose_port', 'new': '<superseded by matrix_riot_web_container_http_host_bind_port>'}

45
roles/matrix-riot-web/templates/config.json.j2
Unescape View File

@ -1,45 +0,0 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": {{ matrix_riot_web_default_hs_url|string|to_json }},
"server_name": {{ matrix_riot_web_default_server_name|string|to_json }}
},
"m.identity_server": {
"base_url": {{ matrix_riot_web_default_is_url|string|to_json }}
}
},
"settingDefaults": {
"custom_themes": {{ matrix_riot_web_settingDefaults_custom_themes|to_json }}
},
"default_theme": {{ matrix_riot_web_default_theme|string|to_json }},
"permalinkPrefix": {{ matrix_riot_web_permalinkPrefix|string|to_json }},
"disable_custom_urls": {{ matrix_riot_web_disable_custom_urls|to_json }},
"disable_guests": {{ matrix_riot_web_disable_guests|to_json }},
"brand": {{ matrix_riot_web_brand|to_json }},
"integrations_ui_url": {{ matrix_riot_web_integrations_ui_url|string|to_json }},
"integrations_rest_url": {{ matrix_riot_web_integrations_rest_url|string|to_json }},
"integrations_widgets_urls": {{ matrix_riot_web_integrations_widgets_urls|to_json }},
"integrations_jitsi_widget_url": {{ matrix_riot_web_integrations_jitsi_widget_url|string|to_json }},
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"enableLabs": true,
"roomDirectory": {
"servers": {{ matrix_riot_web_roomdir_servers|to_json }}
},
"welcomeUserId": {{ matrix_riot_web_welcome_user_id|to_json }},
{% if matrix_riot_web_enable_presence_by_hs_url is not none %}
"enable_presence_by_hs_url": {{ matrix_riot_web_enable_presence_by_hs_url|to_json }},
{% endif %}
"embeddedPages": {
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
},
{% if matrix_riot_web_jitsi_preferredDomain %}
"jitsi": {
"preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}
},
{% endif %}
"branding": {
"authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }},
"authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }},
"welcomeBackgroundUrl": {{ matrix_riot_web_branding_welcomeBackgroundUrl|to_json }}
}
}

43
roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2
Unescape View File

@ -1,43 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix riot-web server
{% for service in matrix_riot_web_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
{% if matrix_riot_web_container_http_host_bind_port %}
-p {{ matrix_riot_web_container_http_host_bind_port }}:8080 \
{% endif %}
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
{% if matrix_riot_web_embedded_pages_home_path is not none %}
-v {{ matrix_riot_web_data_path }}/home.html:/app/home.html:ro \
{% endif %}
-v {{ matrix_riot_web_data_path }}/welcome.html:/app/welcome.html:ro \
{% for arg in matrix_riot_web_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_riot_web_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
Restart=always
RestartSec=30
SyslogIdentifier=matrix-riot-web
[Install]
WantedBy=multi-user.target

3
roles/matrix-riot-web/vars/main.yml
Unescape View File

@ -1,3 +0,0 @@
---
matrix_riot_web_embedded_pages_home_url: "{{ ('' if matrix_riot_web_embedded_pages_home_path is none else 'home.html') }}"

2
roles/matrix-synapse/defaults/main.yml
Unescape View File

@ -289,7 +289,7 @@ matrix_synapse_email_smtp_host: ""
matrix_synapse_email_smtp_port: 587
matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_riot }}"
matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"
# Enable this to activate the REST auth password provider module.

2
setup.yml
Unescape View File

@ -24,7 +24,7 @@
- matrix-bridge-mx-puppet-instagram
- matrix-bridge-sms
- matrix-synapse
- matrix-riot-web
- matrix-client-element
- matrix-jitsi
- matrix-ma1sd
- matrix-dimension

Write Preview
Loading…
Cancel
Save