From 065b70203ded30412d3d03ff5ad3e885f55ab78b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Jan 2024 13:05:59 +0200 Subject: [PATCH] [WIP] Initial work on matrix-static-files role --- docs/howto-server-delegation.md | 16 +- group_vars/matrix_servers | 42 +++ roles/custom/matrix-base/defaults/main.yml | 8 - .../matrix-base/tasks/setup_well_known.yml | 38 --- .../custom/matrix-nginx-proxy/tasks/main.yml | 5 - .../matrix-static-files/defaults/main.yml | 304 ++++++++++++++++++ .../matrix-static-files/tasks/install.yml | 87 +++++ .../custom/matrix-static-files/tasks/main.yml | 25 ++ .../tasks/self_check_well_known.yml | 2 + .../tasks/self_check_well_known_file.yml | 0 .../matrix-static-files/tasks/uninstall.yml | 25 ++ .../tasks/validate_config.yml | 11 + .../templates/config.toml.j2 | 7 + .../matrix-static-files/templates/env.j2 | 8 + .../matrix-static-files/templates/labels.j2 | 42 +++ .../public/.well-known/matrix/client.j2 | 50 +++ .../public/.well-known/matrix/server.j2 | 3 + .../public/.well-known/matrix/support.j2 | 6 + .../systemd/matrix-static-files.service.j2 | 49 +++ .../tasks/validate_config.yml | 3 + setup.yml | 1 + 21 files changed, 675 insertions(+), 57 deletions(-) create mode 100644 roles/custom/matrix-static-files/defaults/main.yml create mode 100644 roles/custom/matrix-static-files/tasks/install.yml create mode 100644 roles/custom/matrix-static-files/tasks/main.yml rename roles/custom/{matrix-nginx-proxy => matrix-static-files}/tasks/self_check_well_known.yml (95%) rename roles/custom/{matrix-nginx-proxy => matrix-static-files}/tasks/self_check_well_known_file.yml (100%) create mode 100644 roles/custom/matrix-static-files/tasks/uninstall.yml create mode 100644 roles/custom/matrix-static-files/tasks/validate_config.yml create mode 100644 roles/custom/matrix-static-files/templates/config.toml.j2 create mode 100644 roles/custom/matrix-static-files/templates/env.j2 create mode 100644 roles/custom/matrix-static-files/templates/labels.j2 create mode 100644 roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 create mode 100644 roles/custom/matrix-static-files/templates/public/.well-known/matrix/server.j2 create mode 100644 roles/custom/matrix-static-files/templates/public/.well-known/matrix/support.j2 create mode 100755 roles/custom/matrix-static-files/templates/systemd/matrix-static-files.service.j2 diff --git a/docs/howto-server-delegation.md b/docs/howto-server-delegation.md index e9a6b23d8..d1861254f 100644 --- a/docs/howto-server-delegation.md +++ b/docs/howto-server-delegation.md @@ -43,7 +43,7 @@ This prevents you from suffering the [Downsides of well-known-based Server Deleg To use DNS SRV record validation, you need to: -- ensure that `/.well-known/matrix/server` is **not served** from the base domain, as that would interfere with DNS SRV record Server Delegation. To make the playbook **not** generate and serve the file, use the following configuration: `matrix_well_known_matrix_server_enabled: false`. +- ensure that `/.well-known/matrix/server` is **not served** from the base domain, as that would interfere with DNS SRV record Server Delegation. To make the playbook **not** generate and serve the file, use the following configuration: `matrix_static_files_file_matrix_server_enabled: false`. - ensure that you have a `_matrix._tcp` DNS SRV record for your base domain (``) with a value of `10 0 8448 matrix.` @@ -67,11 +67,15 @@ Regardless of which method for obtaining certificates you've used, once you've m Based on your setup, you have different ways to go about it: -- [Serving the Federation API with your certificates and matrix-nginx-proxy](#serving-the-federation-api-with-your-certificates-and-matrix-nginx-proxy) - -- [Serving the Federation API with your certificates and another webserver](#serving-the-federation-api-with-your-certificates-and-another-webserver) - -- [Serving the Federation API with your certificates and Synapse handling Federation](#serving-the-federation-api-with-your-certificates-and-synapse-handling-federation) +- [Server Delegation](#server-delegation) + - [Server Delegation via a well-known file](#server-delegation-via-a-well-known-file) + - [Downsides of well-known-based Server Delegation](#downsides-of-well-known-based-server-delegation) + - [Server Delegation via a DNS SRV record (advanced)](#server-delegation-via-a-dns-srv-record-advanced) + - [Obtaining certificates](#obtaining-certificates) + - [Serving the Federation API with your certificates](#serving-the-federation-api-with-your-certificates) + - [Serving the Federation API with your certificates and matrix-nginx-proxy](#serving-the-federation-api-with-your-certificates-and-matrix-nginx-proxy) + - [Serving the Federation API with your certificates and another webserver](#serving-the-federation-api-with-your-certificates-and-another-webserver) + - [Serving the Federation API with your certificates and Synapse handling Federation](#serving-the-federation-api-with-your-certificates-and-synapse-handling-federation) ### Serving the Federation API with your certificates and matrix-nginx-proxy diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ba6f83042..f5039cec3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -399,6 +399,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else []) + + ([{'name': (matrix_static_files_ident + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-static-files']}] if matrix_static_files_enabled else []) + + ([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else []) + ([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else []) @@ -4580,6 +4582,46 @@ matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homese ###################################################################### +######################################################################## +# # +# matrix-static-files # +# # +######################################################################## + +matrix_static_files_enabled: true + +matrix_static_files_container_network: "{{ devture_traefik_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else matrix_well_known_ident }}" + +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}" + +matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" +matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_static_files_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_static_files_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_client_element_jitsi_preferred_domain }}" + +matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}" + +matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}" +matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "https://{{ matrix_server_fqn_element }}/map_style.json" + +matrix_static_files_file_matrix_client_property_io_element_e2ee_default: "{{ matrix_well_known_matrix_client_io_element_e2ee_default }}" +matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required: "{{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required }}" +matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods: "{{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods }}" + +matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" + +matrix_static_files_file_matrix_support_property_m_contacts: "{{ matrix_homeserver_admin_contacts }}" +matrix_static_files_file_matrix_support_property_m_support_page: "{{ matrix_homeserver_support_url }}" + +######################################################################## +# # +# /matrix-static-files # +# # +######################################################################## + + ######################################################################## # # # com.devture.ansible.role.container_socket_proxy # diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index d1967ba51..bf0a1c3ea 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -312,14 +312,6 @@ matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_sup # The Docker network that all services would be put into matrix_docker_network: "matrix" -# Controls whether a `/.well-known/matrix/server` file is generated and used at all. -# -# If you wish to rely on DNS SRV records only, you can disable this. -# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448) -# using certificates for the base domain (`matrix_domain`) and not for the -# matrix domain (`matrix_server_fqn_matrix`). -matrix_well_known_matrix_server_enabled: true - # Controls whether a `/.well-known/matrix/support` file is generated and used at all. # # This is not enabled by default, until the MSC gets accepted: https://github.com/matrix-org/matrix-spec-proposals/pull/1929 diff --git a/roles/custom/matrix-base/tasks/setup_well_known.yml b/roles/custom/matrix-base/tasks/setup_well_known.yml index d51e93d3f..6ceddd8cf 100644 --- a/roles/custom/matrix-base/tasks/setup_well_known.yml +++ b/roles/custom/matrix-base/tasks/setup_well_known.yml @@ -12,41 +12,3 @@ group: "{{ matrix_user_groupname }}" with_items: - "{{ matrix_static_files_base_path }}/.well-known/matrix" - -- name: Ensure Matrix /.well-known/matrix/client file configured - ansible.builtin.copy: - content: "{{ matrix_well_known_matrix_client_configuration | to_nice_json }}" - dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure Matrix /.well-known/matrix/server file configured - ansible.builtin.copy: - content: "{{ matrix_well_known_matrix_server_configuration | to_nice_json }}" - dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_well_known_matrix_server_enabled | bool - -- name: Ensure Matrix /.well-known/matrix/server file deleted - ansible.builtin.file: - path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" - state: absent - when: "not matrix_well_known_matrix_server_enabled | bool" - -- name: Ensure Matrix /.well-known/matrix/support file configured - ansible.builtin.copy: - content: "{{ matrix_well_known_matrix_support_configuration | to_nice_json }}" - dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/support" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_well_known_matrix_support_enabled | bool - -- name: Ensure Matrix /.well-known/matrix/support file deleted - ansible.builtin.file: - path: "{{ matrix_static_files_base_path }}/.well-known/matrix/support" - state: absent - when: "not matrix_well_known_matrix_support_enabled | bool" diff --git a/roles/custom/matrix-nginx-proxy/tasks/main.yml b/roles/custom/matrix-nginx-proxy/tasks/main.yml index 7a702fb37..c2b93aae1 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/main.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/main.yml @@ -29,11 +29,6 @@ - install-all - install-nginx-proxy -- tags: - - self-check - block: - - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" - - name: Mark matrix-nginx-proxy role as executed tags: - always diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml new file mode 100644 index 000000000..4faca23df --- /dev/null +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -0,0 +1,304 @@ +--- + +# matrix-static-files is a role which generates and serves `/.well-known/matrix` files for the purposes of Matrix Delegation. +# It also exposes some variables which allow this role to be used for serving additional files. + +matrix_static_files_enabled: true + +matrix_static_files_ident: matrix-static-files + +# renovate: datasource=docker depName=joseluisq/static-web-server +matrix_static_files_version: 2.24.2 + +matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_ident == 'matrix-static-files' else matrix_static_files_ident }}" +matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" +matrix_static_files_public_path: "{{ matrix_static_files_base_path }}/public" +matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path }}/.well-known" +matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix" + +# List of systemd services that matrix-static-files.service depends on +matrix_static_files_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-static-files.service wants +matrix_static_files_systemd_wanted_services_list: "{{ matrix_static_files_systemd_wanted_services_list_auto + matrix_static_files_systemd_wanted_services_list_custom }}" +matrix_static_files_systemd_wanted_services_list_auto: [] +matrix_static_files_systemd_wanted_services_list_custom: [] + +matrix_static_files_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_static_files_container_image_tag }}" +matrix_static_files_container_image_tag: "{{ 'latest' if matrix_static_files_version == 'latest' else (matrix_static_files_version + '-alpine') }}" +matrix_static_files_container_image_force_pull: "{{ matrix_static_files_container_image.endswith(':latest') }}" + +matrix_static_files_container_network: "{{ matrix_static_files_ident }}" + +# A list of additional container networks that matrix-static-files would be connected to. +# The playbook does not create these networks, so make sure they already exist. +matrix_static_files_container_additional_networks: [] + +# Controls whether the matrix-static-files container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8080"), or empty string to not expose. +matrix_static_files_container_http_host_bind_port: '' + +# matrix_static_files_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. +# See `../templates/labels.j2` for details. +# +# To inject your own other container labels, see `matrix_static_files_container_labels_additional_labels`. +matrix_static_files_container_labels_traefik_enabled: true +matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_static_files_container_network }}" +matrix_static_files_container_labels_traefik_entrypoints: web-secure +matrix_static_files_container_labels_traefik_tls_certResolver: default + +# Controls whether labels will be added that expose the well-known public endpoint +matrix_static_files_container_labels_well_known_matrix_endpoint_enabled: true +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: '' +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix: /.well-known/matrix +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_rule: "Host(`{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname }}`) && PathPrefix(`{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix }}`)" +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_priority: 0 +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_entrypoints: "{{ matrix_static_files_container_labels_traefik_entrypoints }}" +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls: "{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_entrypoints != 'web' }}" +matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls_certResolver: "{{ matrix_static_files_container_labels_traefik_tls_certResolver }}" # noqa var-naming + +# matrix_static_files_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_static_files_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_static_files_container_labels_additional_labels: '' + +# Controls the SERVER_PORT environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +matrix_static_files_environment_variable_server_port: 8080 + +# Controls the SERVER_LOG_LEVEL environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +# Valid values: error, warn, info, debug or trace +matrix_static_files_environment_variable_server_log_level: error + +# Controls the SERVER_LOG_REMOTE_ADDRESS environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +matrix_static_files_environment_variable_server_log_remote_address: false + +# Controls the SERVER_CONFIG_FILE environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +matrix_static_files_environment_variable_server_config_file: /config/config.toml + +# Additional environment variables. +matrix_static_files_environment_variables_additional_variables: '' + +# Controls the caching time (max-age property of the `Cache-Control` HTTP header) for all `/.well-known/matrix/*` files. +# We use a somewhat long expires value is to prevent outages in case this is unreachable due to network failure +# or due to the base domain's server completely dying. +matrix_static_files_files_cache_time_hours: 4 + + +######################################################################## +# # +# Related to /.well-known/matrix/client # +# # +######################################################################## + +# Controls the m.homeserver/base_url property in the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_m_homeserver_base_url: "{{ matrix_homeserver_url }}" + +# Controls the m.identity_server/base_url property in the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_m_identity_server_base_url: "{{ matrix_identity_server_url }}" + +# Controls the m.integrations/managers/0/api_url property in the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_m_integrations_managers_api_url: "{{ matrix_integration_manager_rest_url }}" + +# Controls the m.integrations/managers/0/ui_url property in the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_m_integrations_managers_ui_url: "{{ matrix_integration_manager_ui_url }}" + +# Controls the io.element.jitsi/preferredDomain property in the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "" + +# Controls the org.matrix.msc3575.proxy/url (sliding sync) property in the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "" + +# Controls whether the m.tile_server configuration is added to the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: false + +# Controls the m.tile_server/map_style_url property in the /.well-known/matrix/client file +matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "" + +# Controls whether element related entries (io.element.e2ee) should be added to the client well-known. +# By default if any of the following change from their default this would be set to true: +# `matrix_static_files_file_matrix_client_property_io_element_e2ee_default` +# `matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required` +# `matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods` +matrix_static_files_file_matrix_client_property_io_element_e2ee_entries_enabled: "{{ not matrix_static_files_file_matrix_client_property_io_element_e2ee_default or matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required or matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods | length > 0 }}" + +# Controls the io.element.e2ee/default property in the /.well-known/matrix/client file, +# which instructs Element whether it should use End-to-End Encryption by default. +# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. +# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md +matrix_static_files_file_matrix_client_property_io_element_e2ee_default: true + +# Controls the io.element.e2ee/secure_backup_required property in the /.well-known/matrix/client file, +# which instructs Element whether it should require a secure backup set up before Element can be used. +# Setting this to true will update `/.well-known/matrix/client` and tell Element require a secure backup. +# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md +matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required: false + +# Controls the io.element.e2ee/secure_backup_setup_methods property in the /.well-known/matrix/client file, +# which instructs Element which backup methods from ["key", "passphrase"] should be used. +# When an empty list is provided, Element defaults to using both. +# Setting this to other than empty will update `/.well-known/matrix/client` and tell Element which method to use. +# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md +matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods: [] + +# Default /.well-known/matrix/client configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_client_configuration_extension_json`) +# or completely replace this variable with your own template. +matrix_static_files_file_matrix_client_configuration_json: "{{ lookup('template', 'templates/public/.well-known/matrix/client.j2') }}" + +# Your custom JSON configuration for /.well-known/matrix/client should go to `matrix_static_files_file_matrix_client_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_client_configuration_extension_json`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_static_files_file_matrix_client_configuration_json`. +# +# Example configuration extension follows: +# +# matrix_static_files_file_matrix_client_configuration_extension_json: | +# { +# "m.another": "value", +# "m.yet_another": 3 +# } +matrix_static_files_file_matrix_client_configuration_extension_json: '{}' + +matrix_static_files_file_matrix_client_configuration_extension: "{{ matrix_static_files_file_matrix_client_configuration_extension_json | from_json if matrix_static_files_file_matrix_client_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final /.well-known/matrix/client configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_matrix_client_configuration_json` or `matrix_static_files_file_matrix_client_configuration_extension_json`. +matrix_static_files_file_matrix_client_configuration: "{{ matrix_static_files_file_matrix_client_configuration_json | combine(matrix_static_files_file_matrix_client_configuration_extension, recursive=True) }}" + +######################################################################## +# # +# /Related to /.well-known/matrix/client # +# # +######################################################################## + + +######################################################################## +# # +# Related to /.well-known/matrix/server # +# # +######################################################################## + +# Controls whether a `/.well-known/matrix/server` file is generated and used at all. +# +# If you wish to rely on DNS SRV records only, you can disable this. +# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448) +# using certificates for the base domain (`matrix_domain`) and not for the +# matrix domain (`matrix_server_fqn_matrix`). +matrix_static_files_file_matrix_server_enabled: true + +# Controls the m.server property in the /.well-known/matrix/server file +matrix_static_files_file_matrix_server_property_m_server: '' + +# Default /.well-known/matrix/server configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_server_configuration_extension_json`) +# or completely replace this variable with your own template. +matrix_static_files_file_matrix_server_configuration_json: "{{ lookup('template', 'templates/public/.well-known/matrix/server.j2') }}" + +# Your custom JSON configuration for /.well-known/matrix/server should go to `matrix_static_files_file_matrix_server_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_server_configuration_extension_json`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_static_files_file_matrix_server_configuration_json`. +# +# Example configuration extension follows: +# +# matrix_static_files_file_matrix_server_configuration_extension_json: | +# { +# "m.another": "value", +# "m.yet_another": 3 +# } +matrix_static_files_file_matrix_server_configuration_extension_json: '{}' + +matrix_static_files_file_matrix_server_configuration_extension: "{{ matrix_static_files_file_matrix_server_configuration_extension_json | from_json if matrix_static_files_file_matrix_server_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final /.well-known/matrix/server configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_matrix_server_configuration_json` or `matrix_static_files_file_matrix_server_configuration_extension_json`. +matrix_static_files_file_matrix_server_configuration: "{{ matrix_static_files_file_matrix_server_configuration_json | combine(matrix_static_files_file_matrix_server_configuration_extension, recursive=True) }}" + +######################################################################## +# # +# /Related to /.well-known/matrix/server # +# # +######################################################################## + + +######################################################################## +# # +# Related to /.well-known/matrix/support # +# # +######################################################################## + +# Controls whether a `/.well-known/matrix/support` file is generated and used at all. +# +# This is not enabled by default, until the MSC gets accepted: https://github.com/matrix-org/matrix-spec-proposals/pull/1929 +# +# See `matrix_static_files_file_matrix_support_property_m_contacts`, `matrix_static_files_file_matrix_support_property_m_support_page`, etc. +matrix_static_files_file_matrix_support_enabled: "{{ matrix_static_files_matrix_support_enabled }}" + +# Controls the m.contacts property in the /.well-known/matrix/support file +matrix_static_files_file_matrix_support_property_m_contacts: [] + +# Controls the m.support_page property in the /.well-known/matrix/support file +matrix_static_files_file_matrix_support_property_m_support_page: [] + +# Default /.well-known/matrix/support configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_support_configuration_extension_json`) +# or completely replace this variable with your own template. +matrix_static_files_file_matrix_support_configuration_json: "{{ lookup('template', 'templates/public/.well-known/matrix/support.j2') }}" + +# Your custom JSON configuration for /.well-known/matrix/support should go to `matrix_static_files_file_matrix_support_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_support_configuration_extension_json`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_static_files_file_matrix_support_configuration_json`. +# +# Example configuration extension follows: +# +# matrix_static_files_file_matrix_support_configuration_extension_json: | +# { +# "m.another": "value", +# "m.yet_another": 3 +# } +matrix_static_files_file_matrix_support_configuration_extension_json: '{}' + +matrix_static_files_file_matrix_support_configuration_extension: "{{ matrix_static_files_file_matrix_support_configuration_extension_json | from_json if matrix_static_files_file_matrix_support_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final /.well-known/matrix/support configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_matrix_support_configuration_json` or `matrix_static_files_file_matrix_support_configuration_extension_json`. +matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_file_matrix_support_configuration_json | combine(matrix_static_files_file_matrix_support_configuration_extension, recursive=True) }}" + +######################################################################## +# # +# /Related to /.well-known/matrix/support # +# # +######################################################################## + + +# TODO - review this one +# Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected. +# If this has an empty value, they're just passed to the homeserver, which serves a static page. +# If you'd like to make `https://matrix.DOMAIN` redirect to `https://element.DOMAIN` (or something of that sort), specify the domain name here. +# Example value: `element.DOMAIN` (or `{{ matrix_server_fqn_element }}`). +matrix_static_files_client_redirect_root_uri_to_domain: "" diff --git a/roles/custom/matrix-static-files/tasks/install.yml b/roles/custom/matrix-static-files/tasks/install.yml new file mode 100644 index 000000000..b715e875c --- /dev/null +++ b/roles/custom/matrix-static-files/tasks/install.yml @@ -0,0 +1,87 @@ +--- + +- name: Ensure matrix-static-files paths exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_static_files_base_path }}" + - "{{ matrix_static_files_config_path }}" + - "{{ matrix_static_files_public_path }}" + - "{{ matrix_static_files_public_well_known_path }}" + - "{{ matrix_static_files_public_well_known_matrix_path }}" + +- name: Ensure matrix-static-files is configured + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + with_items: + - src: "{{ role_path }}/templates/config.toml.j2" + dest: "{{ matrix_static_files_config_path }}/config.toml" + + - src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_static_files_base_path }}/env" + + - src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_static_files_base_path }}/labels" + +- name: Ensure matrix-static-files files are installed + ansible.builtin.copy: + content: "{{ item.content | to_nice_json }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: item.when | bool + with_items: + - content: "{{ matrix_static_files_file_matrix_client_configuration }}" + dest: "{{ matrix_static_files_public_well_known_matrix_path }}/client" + when: true + + - content: "{{ matrix_static_files_file_matrix_server_configuration }}" + dest: "{{ matrix_static_files_public_well_known_matrix_path }}/server" + when: "{{ matrix_static_files_file_matrix_server_enabled }}" + + - content: "{{ matrix_static_files_file_matrix_support_configuration }}" + dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support" + when: "{{ matrix_static_files_file_matrix_support_enabled }}" + +- name: Ensure /.well-known/matrix/server file deleted if not enabled + ansible.builtin.file: + path: "{{ matrix_static_files_public_well_known_matrix_path }}/server" + state: absent + when: "not matrix_static_files_file_matrix_server_enabled | bool" + +- name: Ensure /.well-known/matrix/support file deleted if not enabled + ansible.builtin.file: + path: "{{ matrix_static_files_public_well_known_matrix_path }}/support" + state: absent + when: "not matrix_static_files_file_matrix_support_enabled | bool" + +- name: Ensure matrix-static-files container image is pulled + community.docker.docker_image: + name: "{{ matrix_static_files_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_static_files_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_static_files_container_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-static-files container network is created + community.general.docker_network: + name: "{{ matrix_static_files_container_network }}" + driver: bridge + +- name: Ensure matrix-static-files systemd service is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-static-files.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_static_files_ident }}.service" + mode: 0644 diff --git a/roles/custom/matrix-static-files/tasks/main.yml b/roles/custom/matrix-static-files/tasks/main.yml new file mode 100644 index 000000000..267e69b6d --- /dev/null +++ b/roles/custom/matrix-static-files/tasks/main.yml @@ -0,0 +1,25 @@ +--- + +- tags: + - setup-all + - setup-matrix-static-files + - install-all + - install-matrix-static-files + block: + - when: matrix_static_files_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_static_files_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-matrix-static-files + block: + - when: not matrix_static_files_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" + +- tags: + - self-check + block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" diff --git a/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/custom/matrix-static-files/tasks/self_check_well_known.yml similarity index 95% rename from roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml rename to roles/custom/matrix-static-files/tasks/self_check_well_known.yml index e7ed549c6..d419d370d 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml +++ b/roles/custom/matrix-static-files/tasks/self_check_well_known.yml @@ -1,5 +1,7 @@ --- +# TODO - migrate these variables and deprecate the old ones + - name: Determine well-known files to check (Matrix) ansible.builtin.set_fact: well_known_file_checks: diff --git a/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml similarity index 100% rename from roles/custom/matrix-nginx-proxy/tasks/self_check_well_known_file.yml rename to roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml diff --git a/roles/custom/matrix-static-files/tasks/uninstall.yml b/roles/custom/matrix-static-files/tasks/uninstall.yml new file mode 100644 index 000000000..dd13f3fcd --- /dev/null +++ b/roles/custom/matrix-static-files/tasks/uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-static-files systemd service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_static_files_ident }}.service" + register: matrix_static_files_service_stat + +- when: matrix_static_files_service_stat.stat.exists | bool + block: + - name: Ensure matrix-static-files systemd service is stopped + ansible.builtin.service: + name: "{{ matrix_static_files_ident }}" + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-static-files systemd service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_static_files_ident }}.service" + state: absent + + - name: Ensure matrix-static-files directory is deleted + ansible.builtin.file: + path: "{{ matrix_static_files_base_path }}" + state: absent diff --git a/roles/custom/matrix-static-files/tasks/validate_config.yml b/roles/custom/matrix-static-files/tasks/validate_config.yml new file mode 100644 index 000000000..38fb4b50e --- /dev/null +++ b/roles/custom/matrix-static-files/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required matrix-static-files settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname', when: "{{ matrix_static_files_container_labels_well_known_matrix_endpoint_enabled }}"} + - {'name': 'matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix', when: "{{ matrix_static_files_container_labels_well_known_matrix_endpoint_enabled }}"} + diff --git a/roles/custom/matrix-static-files/templates/config.toml.j2 b/roles/custom/matrix-static-files/templates/config.toml.j2 new file mode 100644 index 000000000..7eeccc041 --- /dev/null +++ b/roles/custom/matrix-static-files/templates/config.toml.j2 @@ -0,0 +1,7 @@ +#jinja2: lstrip_blocks: "True" + +[[advanced.headers]] +source = "/.well-known/matrix/*" +headers.Content-Type = "application/json" +headers.Access-Control-Allow-Origin = "*" +headers.Cache-Control = "max-age={{ matrix_static_files_files_cache_time_hours * 3600 }}" diff --git a/roles/custom/matrix-static-files/templates/env.j2 b/roles/custom/matrix-static-files/templates/env.j2 new file mode 100644 index 000000000..23c21aa86 --- /dev/null +++ b/roles/custom/matrix-static-files/templates/env.j2 @@ -0,0 +1,8 @@ +SERVER_PORT={{ matrix_static_files_environment_variable_server_port }} + +SERVER_LOG_LEVEL={{ matrix_static_files_environment_variable_server_log_level }} +SERVER_LOG_REMOTE_ADDRESS={{ 'true' if matrix_static_files_environment_variable_server_log_remote_address else 'false' }} + +SERVER_CONFIG_FILE={{ matrix_static_files_environment_variable_server_config_file }} + +{{ matrix_static_files_environment_variables_additional_variables }} diff --git a/roles/custom/matrix-static-files/templates/labels.j2 b/roles/custom/matrix-static-files/templates/labels.j2 new file mode 100644 index 000000000..c3058208c --- /dev/null +++ b/roles/custom/matrix-static-files/templates/labels.j2 @@ -0,0 +1,42 @@ +{% if matrix_static_files_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_static_files_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_static_files_container_labels_traefik_docker_network }} +{% endif %} + +traefik.http.services.{{ matrix_static_files_ident }}.loadbalancer.server.port={{ matrix_static_files_environment_variable_server_port }} + + +{# + Related to /.well-known/matrix +#} +{% if matrix_static_files_container_labels_well_known_matrix_endpoint_enabled %} + +traefik.http.middlewares.{{ matrix_static_files_ident }}-well-known-endpoint-compress.compress=true +traefik.http.middlewares.{{ matrix_static_files_ident }}-well-known-endpoint-compress.compress.minResponseBodyBytes=100 + +traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.rule={{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_rule }} +traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.middlewares={{ matrix_static_files_ident }}-well-known-endpoint-compress + +{% if matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_priority | int > 0 %} +traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.priority={{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_priority }} +{% endif %} + +traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.service={{ matrix_static_files_ident }} +traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.entrypoints={{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_entrypoints }} +traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.tls={{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls | to_json }} + +{% if matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls %} +traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.tls.certResolver={{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls_certResolver }} +{% endif %} + +{% endif %} +{# + /Related to /.well-known/matrix +#} + + +{% endif %} + +{{ matrix_static_files_container_labels_additional_labels }} diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 new file mode 100644 index 000000000..ca272fe35 --- /dev/null +++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 @@ -0,0 +1,50 @@ +{ + "m.homeserver": { + "base_url": "{{ matrix_static_files_file_matrix_client_property_m_homeserver_base_url }}" + } + {% if matrix_static_files_file_matrix_client_property_m_identity_server_base_url %}, + "m.identity_server": { + "base_url": "{{ matrix_static_files_file_matrix_client_property_m_identity_server_base_url }}" + } + {% endif %} + {% if matrix_static_files_file_matrix_client_property_m_integrations_managers_api_url and matrix_static_files_file_matrix_client_property_m_integrations_managers_ui_url %}, + "m.integrations": { + "managers": [ + { + "api_url": "{{ matrix_static_files_file_matrix_client_property_m_integrations_managers_api_url }}", + "ui_url": "{{ matrix_static_files_file_matrix_client_property_m_integrations_managers_ui_url }}" + } + ] + } + {% endif %} + {% if matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain %}, + "io.element.jitsi": { + "preferredDomain": {{ matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain|to_json }} + }, + "im.vector.riot.jitsi": { + "preferredDomain": {{ matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain|to_json }} + } + {% endif %} + {% if matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url %}, + "org.matrix.msc3575.proxy": { + "url": "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url }}" + } + {% endif %} + {% if matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled %}, + "m.tile_server": { + "map_style_url": "{{ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url }}" + } + {% endif %} + {% if matrix_static_files_file_matrix_client_property_io_element_e2ee_entries_enabled %}, + "io.element.e2ee": { + "default": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_default|to_json }}, + "secure_backup_required": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required|to_json }}, + "secure_backup_setup_methods": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods|to_json }} + } + {% endif %} + {% if matrix_static_files_file_matrix_client_property_io_element_e2ee_entries_enabled %}, + "im.vector.riot.e2ee": { + "default": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_default|to_json }} + } + {% endif %} +} diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/server.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/server.j2 new file mode 100644 index 000000000..8dc7f4a0c --- /dev/null +++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/server.j2 @@ -0,0 +1,3 @@ +{ + "m.server": "{{ matrix_static_files_file_matrix_server_property_m_server }}" +} diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/support.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/support.j2 new file mode 100644 index 000000000..0521f8086 --- /dev/null +++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/support.j2 @@ -0,0 +1,6 @@ +{ + "contacts": {{ matrix_static_files_file_matrix_support_property_m_contacts|to_json }} + {% if matrix_static_files_file_matrix_support_property_m_support_page %}, + "support_page": {{ matrix_static_files_file_matrix_support_property_m_support_page|to_json }} + {% endif %} +} diff --git a/roles/custom/matrix-static-files/templates/systemd/matrix-static-files.service.j2 b/roles/custom/matrix-static-files/templates/systemd/matrix-static-files.service.j2 new file mode 100755 index 000000000..b1bc2dd1b --- /dev/null +++ b/roles/custom/matrix-static-files/templates/systemd/matrix-static-files.service.j2 @@ -0,0 +1,49 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-static-files server +{% for service in matrix_static_files_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_static_files_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-static-files 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-static-files 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-static-files \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_static_files_container_network }} \ + {% if matrix_static_files_container_http_host_bind_port %} + -p {{ matrix_static_files_container_http_host_bind_port }}:{{ matrix_static_files_environment_variable_server_port }} \ + {% endif %} + --env-file={{ matrix_static_files_base_path }}/env \ + --label-file={{ matrix_static_files_base_path }}/labels \ + --mount type=bind,src={{ matrix_static_files_public_path }},dst=/public,ro \ + --mount type=bind,src={{ matrix_static_files_config_path }},dst=/config,ro \ + {{ matrix_static_files_container_image }} + +{% for network in matrix_static_files_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-static-files +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-static-files + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-static-files 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-static-files 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-static-files + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index a506e1cf9..dcbc8e67e 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -65,6 +65,9 @@ - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password', 'new': ''} + - {'old': 'matrix_well_known_matrix_server_enabled', 'new': 'matrix_static_files_file_matrix_server_enabled'} + - {'old': 'matrix_well_known_matrix_support_enabled', 'new': 'matrix_static_files_file_matrix_support_enabled'} + - name: (Deprecation) Catch and report matrix_postgres variables ansible.builtin.fail: msg: |- diff --git a/setup.yml b/setup.yml index 074b44a1e..69b1b748e 100644 --- a/setup.yml +++ b/setup.yml @@ -117,6 +117,7 @@ - galaxy/ntfy - custom/matrix-nginx-proxy - custom/matrix-homeserver-proxy + - custom/matrix-static-files - custom/matrix-coturn - custom/matrix-media-repo