diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 52dc671cf..7aa10625c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -19,9 +19,9 @@ matrix_container_global_registry_prefix: "docker.io/" matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" -# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:8008'. +# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}'. # This is because we explicitly disable them for the main Synapse process. -matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:8008' }}" +matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string }}" ###################################################################### # @@ -113,6 +113,7 @@ matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}" +matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}" matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}" @@ -151,6 +152,7 @@ matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_pr matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}" +matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}" matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}" @@ -567,6 +569,7 @@ matrix_sms_bridge_systemd_required_services_list: | matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}" +matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}" matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}" ###################################################################### @@ -1216,6 +1219,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" # ma1sd's web-server port. matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_default_port|string }}" + # We enable Synapse integration via its Postgres database by default. # When using another Identity store, you might wish to disable this and define # your own configuration in `matrix_ma1sd_configuration_extension_yaml`. @@ -1308,6 +1312,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 # Settings controlling matrix-synapse-proxy.conf matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" + matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" @@ -1722,7 +1729,7 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m # you can expose Synapse's ports to the host. # # For exposing the Matrix Client API's port (plain HTTP) to the local host. -matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" +matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port|string }}" # # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port|string }}" diff --git a/roles/matrix-awx/scripts/matrix_build_room_list.py b/roles/matrix-awx/scripts/matrix_build_room_list.py index 3abfcd8c9..94779ca70 100644 --- a/roles/matrix-awx/scripts/matrix_build_room_list.py +++ b/roles/matrix-awx/scripts/matrix_build_room_list.py @@ -5,10 +5,11 @@ import json janitor_token = sys.argv[1] synapse_container_ip = sys.argv[2] +synapse_container_port = sys.argv[3] # collect total amount of rooms -rooms_raw_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms' +rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms' rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token} rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header) rooms_raw_python = json.loads(rooms_raw.text) @@ -19,7 +20,7 @@ total_rooms = rooms_raw_python["total_rooms"] room_list_file = open("/tmp/room_list_complete.json", "w") for i in range(0, total_rooms, 100): - rooms_inc_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms?from=' + str(i) + rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i) rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header) room_list_file.write(rooms_inc.text) diff --git a/roles/matrix-awx/tasks/purge_database_build_list.yml b/roles/matrix-awx/tasks/purge_database_build_list.yml index 5ca57d220..339510f0d 100644 --- a/roles/matrix-awx/tasks/purge_database_build_list.yml +++ b/roles/matrix-awx/tasks/purge_database_build_list.yml @@ -2,9 +2,9 @@ - name: Collect entire room list into stdout shell: | - curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}' + curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/rooms?from={{ item }}' register: awx_rooms_output - + - name: Print stdout to file delegate_to: 127.0.0.1 shell: | diff --git a/roles/matrix-awx/tasks/purge_database_events.yml b/roles/matrix-awx/tasks/purge_database_events.yml index aaef3cba5..586bc17c9 100644 --- a/roles/matrix-awx/tasks/purge_database_events.yml +++ b/roles/matrix-awx/tasks/purge_database_events.yml @@ -2,11 +2,11 @@ - name: Purge all rooms with more then N events shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" + curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" register: awx_purge_command - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index 6b132091b..2cdf03303 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -31,7 +31,7 @@ - name: Collect access token for janitor user shell: | - curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' + curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) register: awx_janitors_token no_log: True @@ -47,7 +47,7 @@ - name: Run build_room_list.py script shell: | - runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} + runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }} register: awx_rooms_total when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) @@ -69,7 +69,7 @@ shell: | jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - + - name: Count number of rooms with no local users delegate_to: 127.0.0.1 shell: | @@ -84,7 +84,7 @@ when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Purge all rooms with no local users - include_tasks: purge_database_no_local.yml + include_tasks: purge_database_no_local.yml loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}" when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) @@ -116,7 +116,7 @@ no_log: True - name: Purge all rooms with more then N users - include_tasks: purge_database_users.yml + include_tasks: purge_database_users.yml loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}" when: awx_purge_mode.find("Number of users [slower]") != -1 @@ -141,7 +141,7 @@ no_log: True - name: Purge all rooms with more then N events - include_tasks: purge_database_events.yml + include_tasks: purge_database_events.yml loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}" when: awx_purge_mode.find("Number of events [slower]") != -1 @@ -171,7 +171,7 @@ wait: yes tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: yes when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -237,7 +237,7 @@ wait: yes tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: yes when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -272,7 +272,7 @@ when: (awx_purge_mode.find("Perform final shrink") != -1) no_log: True -- name: Print total number of rooms processed +- name: Print total number of rooms processed debug: msg: '{{ awx_rooms_total.stdout }}' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) diff --git a/roles/matrix-awx/tasks/purge_database_no_local.yml b/roles/matrix-awx/tasks/purge_database_no_local.yml index 33f99c49b..e464f56d1 100644 --- a/roles/matrix-awx/tasks/purge_database_no_local.yml +++ b/roles/matrix-awx/tasks/purge_database_no_local.yml @@ -2,11 +2,11 @@ - name: Purge all rooms with no local users shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room' + curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room' register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_database_users.yml b/roles/matrix-awx/tasks/purge_database_users.yml index 1c8da14d8..d315a9ef1 100644 --- a/roles/matrix-awx/tasks/purge_database_users.yml +++ b/roles/matrix-awx/tasks/purge_database_users.yml @@ -2,11 +2,11 @@ - name: Purge all rooms with more then N users shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" + curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_media_local.yml b/roles/matrix-awx/tasks/purge_media_local.yml index 2074d5d8b..7ef79eca3 100644 --- a/roles/matrix-awx/tasks/purge_media_local.yml +++ b/roles/matrix-awx/tasks/purge_media_local.yml @@ -7,11 +7,11 @@ - name: Purge local media to specific date shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' + curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index 9c5f6bfb8..0c322b85a 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -9,7 +9,7 @@ include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' no_log: True - + - name: Ensure curl and jq intalled on target machine apt: pkg: @@ -23,7 +23,7 @@ - name: Collect access token for janitor user shell: | - curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' + curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' register: awx_janitors_token no_log: True @@ -31,7 +31,7 @@ delegate_to: 127.0.0.1 shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" register: awx_purge_dates - + - name: Calculate initial size of local media repository shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_before @@ -47,12 +47,12 @@ no_log: True - name: Purge local media with loop - include_tasks: purge_media_local.yml + include_tasks: purge_media_local.yml loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" when: awx_purge_media_type == "Local Media" - name: Purge remote media with loop - include_tasks: purge_media_remote.yml + include_tasks: purge_media_remote.yml loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" when: awx_purge_media_type == "Remote Media" diff --git a/roles/matrix-awx/tasks/purge_media_remote.yml b/roles/matrix-awx/tasks/purge_media_remote.yml index 1418d9a61..5bb71918f 100644 --- a/roles/matrix-awx/tasks/purge_media_remote.yml +++ b/roles/matrix-awx/tasks/purge_media_remote.yml @@ -7,11 +7,11 @@ - name: Purge remote media to specific date shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' + curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index bf376c948..6639c223c 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -91,7 +91,7 @@ matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" # Specifies where the homeserver is on the container network. # Where this is depends on whether there's a reverse-proxy in front of it, etc. # This likely gets overriden elsewhere. -matrix_homeserver_container_url: "http://matrix-synapse:8008" +matrix_homeserver_container_url: "" matrix_identity_server_url: ~ diff --git a/roles/matrix-base/tasks/validate_config.yml b/roles/matrix-base/tasks/validate_config.yml new file mode 100644 index 000000000..8bb3fca06 --- /dev/null +++ b/roles/matrix-base/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required Matrix Base settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) for using this playbook. + when: "vars[item] == ''" + with_items: + - "matrix_homeserver_container_url" \ No newline at end of file diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 10b3d7b48..4f4d5e2ff 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -33,7 +33,7 @@ matrix_appservice_slack_slack_port: 9003 matrix_appservice_slack_container_http_host_bind_port: '' matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_slack_homeserver_url: "http://matrix-synapse:8008" +matrix_appservice_slack_homeserver_url: "" matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack' @@ -82,7 +82,7 @@ matrix_appservice_slack_configuration_extension_yaml: | # Optional #matrix_admin_room: "!aBcDeF:matrix.org" #homeserver: - # url: http://localhost:8008 + # url: http://localhost:{{ matrix_synapse_container_client_api_port }} # server_name: my.server # Optional #tls: diff --git a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml index 8af10f2f5..e02c6ab07 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml @@ -8,5 +8,6 @@ with_items: - "matrix_appservice_slack_control_room_id" - "matrix_appservice_slack_appservice_token" + - "matrix_appservice_slack_homeserver_url" - "matrix_appservice_slack_homeserver_token" - "matrix_appservice_slack_id_token" diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 2b9fe310e..25419900c 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -36,7 +36,7 @@ matrix_appservice_webhooks_matrix_port: 6789 matrix_appservice_webhooks_container_http_host_bind_port: '' matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008" +matrix_appservice_webhooks_homeserver_url: "" matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks' diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml index b92a0eb91..48f63e68b 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml @@ -7,6 +7,7 @@ when: "vars[item] == ''" with_items: - "matrix_appservice_webhooks_appservice_token" + - "matrix_appservice_webhooks_homeserver_url" - "matrix_appservice_webhooks_homeserver_token" - "matrix_appservice_webhooks_id_token" - "matrix_appservice_webhooks_api_secret" diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 55f99101b..d3a686cef 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -26,7 +26,7 @@ matrix_sms_bridge_systemd_wanted_services_list: [] matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080' matrix_sms_bridge_homeserver_hostname: 'matrix-synapse' -matrix_sms_bridge_homeserver_port: '8008' +matrix_sms_bridge_homeserver_port: "" matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" matrix_sms_bridge_default_room: '' diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml index 6dc6ce9c3..f89b18faa 100644 --- a/roles/matrix-bridge-sms/tasks/validate_config.yml +++ b/roles/matrix-bridge-sms/tasks/validate_config.yml @@ -7,6 +7,7 @@ when: "vars[item] == ''" with_items: - "matrix_sms_bridge_appservice_token" + - "matrix_sms_bridge_homeserver_port" - "matrix_sms_bridge_homeserver_token" - "matrix_sms_bridge_default_region" - "matrix_sms_bridge_default_timezone" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index ccc7ef65c..5c90fe994 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -36,7 +36,7 @@ matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}" -# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008"). +# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"). # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`. matrix_corporal_matrix_homeserver_api_endpoint: "" diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index adee0b447..35a48e97c 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -83,7 +83,7 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_password: "" # so that ma1sd can rewrite the original URL to one that would reach the homeserver. matrix_ma1sd_dns_overwrite_enabled: false matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}" -matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" +matrix_ma1sd_dns_overwrite_homeserver_client_value: "" # Override the default session templates # To use this, fill in the template variables with the full desired template as a multi-line YAML variable diff --git a/roles/matrix-ma1sd/tasks/validate_config.yml b/roles/matrix-ma1sd/tasks/validate_config.yml index 4f80b1548..1c64b134d 100644 --- a/roles/matrix-ma1sd/tasks/validate_config.yml +++ b/roles/matrix-ma1sd/tasks/validate_config.yml @@ -46,6 +46,7 @@ when: "vars[item] == ''" with_items: - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host" + - "matrix_ma1sd_dns_overwrite_homeserver_client_value" - name: (Deprecation) Catch and report renamed ma1sd variables fail: diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index ea26084ef..96468c207 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -197,8 +197,8 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-pr matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "127.0.0.1:12080" # The addresses where the Matrix Client API is, when using Synapse. -matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:8008" -matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008" +matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "" +matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "" # This needs to be equal or higher than the maximum upload size accepted by Synapse. matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 50 diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 39a2dfe59..0de93873f 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -45,5 +45,7 @@ - "matrix_ssl_lets_encrypt_support_email" - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container" - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container" + - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container" + - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 624a6b5e0..a6feb1ab0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -27,11 +27,13 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" +matrix_synapse_container_client_api_port: 8008 + matrix_synapse_container_federation_api_tls_port: 8448 matrix_synapse_container_federation_api_plain_port: 8048 -# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). +# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/{{ matrix_synapse_container_client_api_port }} in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8008"), or empty string to not expose. matrix_synapse_container_client_api_host_bind_port: '' diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index a8e0ab6f8..1f699ee27 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -289,7 +289,7 @@ listeners: # Unsecure HTTP listener (Client API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: 8008 + - port: {{ matrix_synapse_container_client_api_port|to_json }} tls: false bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 0451fd8dc..7fec66492 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -40,7 +40,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ --network={{ matrix_docker_network }} \ {% if matrix_synapse_container_client_api_host_bind_port %} - -p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ + -p {{ matrix_synapse_container_client_api_host_bind_port }}:{{ matrix_synapse_container_client_api_port }} \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_tls_port }} \ diff --git a/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 b/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 index 456c0667a..228cc9eaa 100644 --- a/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 +++ b/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 @@ -11,7 +11,7 @@ password=$2 admin=$3 if [ "$admin" -eq "1" ]; then - docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --admin http://localhost:8008 + docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --admin http://localhost:{{ matrix_synapse_container_client_api_port }} else - docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --no-admin http://localhost:8008 + docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --no-admin http://localhost:{{ matrix_synapse_container_client_api_port }} fi diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 36ae5a7e6..40714f442 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -38,7 +38,7 @@ worker_listeners: {% endif %} {% if matrix_synapse_worker_details.type == 'frontend_proxy' %} -worker_main_http_uri: http://matrix-synapse:8008 +worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} {% endif %} worker_daemonize: false diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 049ae9b53..fda7227cb 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -319,7 +319,7 @@ matrix_synapse_workers_frontend_proxy_endpoints: # the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration # file. For example: - # worker_main_http_uri: http://127.0.0.1:8008 + # worker_main_http_uri: http://127.0.0.1:{{ matrix_synapse_container_client_api_port }} matrix_synapse_workers_avail_list: - appservice