Add mxisd Identity Server support

roles/matrix-server/templates/mxisd/mxisd.yaml.j2

@@ -0,0 +1,19 @@
+matrix.domain: {{ hostname_identity }}
+server.name: {{ hostname_matrix }}
+
+key.path: /var/mxisd/sign.key
+
+storage.provider.sqlite.database: /var/mxisd/mxisd.db
+
+threepid.medium.email.identity.from: {{ matrix_mailer_sender_address }}
+threepid.medium.email.connectors.smtp.host: matrix-mailer
+threepid.medium.email.connectors.smtp.port: 587
+threepid.medium.email.connectors.smtp.tls: 0
+
+synapseSql.enabled: true
+synapseSql.type: postgresql
+synapseSql.connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
+
+{% if matrix_mxisd_matrixorg_forwarding_enabled %}
+forward.servers: ['matrix-org']
+{% endif %}

roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2

@@ -39,6 +39,20 @@ server {
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
 
+	{% if matrix_mxisd_enabled %}
+	location /_matrix/identity {
+		{% if matrix_nginx_proxy_enabled %}
+			{# Use the embedded DNS resolver in Docker containers to discover the service #}
+			resolver 127.0.0.11 valid=5s;
+			set $backend "matrix-mxisd:8090";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://localhost:8090;
+		{% endif %}
+	}
+	{% endif %}
+
 	location /_matrix {
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}

roles/matrix-server/templates/riot-web/config.json.j2

@@ -1,6 +1,6 @@
 {
     "default_hs_url": "https://{{ hostname_matrix }}",
-    "default_is_url": "https://vector.im",
+    "default_is_url": "{{ matrix_riot_web_default_identity_server_url }}",
     "disable_custom_urls": true,
     "disable_guests": false,
     "brand": "Riot",

roles/matrix-server/templates/synapse/homeserver.yaml.j2

@@ -446,9 +446,9 @@ allow_guest_access: False
 # The list of identity servers trusted to verify third party
 # identifiers by this server.
 trusted_third_party_id_servers:
-    - matrix.org
-    - vector.im
-    - riot.im
+{% for server in matrix_synapse_trusted_third_party_id_servers %}
+    - {{ server }}
+{% endfor %}
 
 # Users who register on this homeserver will automatically be joined
 # to these rooms

roles/matrix-server/templates/systemd/matrix-mxisd.service.j2

@@ -0,0 +1,29 @@
+[Unit]
+Description=Matrix mxisd identity server
+After=docker.service
+Requires=docker.service
+{% if not matrix_postgres_use_external %}
+Requires=matrix-postgres.service
+After=matrix-postgres.service
+{% endif %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-mxisd
+ExecStartPre=-/usr/bin/docker rm matrix-mxisd
+ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--network={{ matrix_docker_network }} \
+			{% if not matrix_nginx_proxy_enabled %}
+			-p 127.0.0.1:8090:8090 \
+			{% endif %}
+			-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
+			-v {{ matrix_mxisd_data_path }}:/var/mxisd \
+			{{ matrix_docker_image_mxisd }}
+ExecStop=-/usr/bin/docker kill matrix-mxisd
+ExecStop=-/usr/bin/docker rm matrix-mxisd
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2

@@ -6,6 +6,9 @@ Wants=matrix-synapse.service
 {% if matrix_riot_web_enabled %}
 Wants=matrix-riot-web.service
 {% endif %}
+{% if matrix_mxisd_enabled %}
+Wants=matrix-mxisd.service
+{% endif %}
 
 [Service]
 Type=simple