Rename some variables
This commit is contained in:
Slavi Pantaleev
@ -22,11 +22,11 @@ matrix_nginx_proxy_container_additional_volumes: []
|
||||
|
||||
# Controls whether proxying the riot domain should be done.
|
||||
matrix_nginx_proxy_proxy_riot_enabled: false
|
||||
matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"
|
||||
matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
|
||||
|
||||
# Controls whether proxying the matrix domain should be done.
|
||||
matrix_nginx_proxy_proxy_matrix_enabled: false
|
||||
matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}"
|
||||
matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
|
||||
@ -92,7 +92,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
|
||||
# obeying the following hierarchy:
|
||||
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
||||
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
||||
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
||||
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
|
||||
#
|
||||
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
|
||||
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
|
||||
@ -106,7 +106,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
|
||||
matrix_ssl_lets_encrypt_staging: false
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
|
||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
|
||||
matrix_ssl_lets_encrypt_support_email: ~
|
||||
|
||||
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
|
||||
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}"
|
||||
well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}"
|
||||
well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
|
||||
well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
|
||||
|
||||
# These well-known files may be served without a `Content-Type: application/json` header,
|
||||
# so we can't rely on the uri module's automatic parsing of JSON.
|
||||
@ -16,7 +16,7 @@
|
||||
|
||||
- name: Fail if .well-known not working on the matrix hostname
|
||||
fail:
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
||||
when: "result_well_known_matrix.failed"
|
||||
|
||||
- name: Parse JSON for well-known payload at the matrix hostname
|
||||
@ -25,12 +25,12 @@
|
||||
|
||||
- name: Fail if .well-known not CORS-aware on the matrix hostname
|
||||
fail:
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
||||
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
|
||||
|
||||
- name: Report working .well-known on the matrix hostname
|
||||
debug:
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
||||
|
||||
- name: Check .well-known on the identity hostname
|
||||
uri:
|
||||
@ -42,7 +42,7 @@
|
||||
|
||||
- name: Fail if .well-known not working on the identity hostname
|
||||
fail:
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
||||
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
||||
when: "result_well_known_identity.failed"
|
||||
|
||||
- name: Parse JSON for well-known payload at the identity hostname
|
||||
@ -51,15 +51,15 @@
|
||||
|
||||
- name: Fail if .well-known not CORS-aware on the identity hostname
|
||||
fail:
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
||||
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
||||
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
|
||||
|
||||
# For people who manually copy the well-known file, try to detect if it's outdated
|
||||
- name: Fail if well-known is different on matrix hostname and identity hostname
|
||||
fail:
|
||||
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
||||
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
||||
when: "well_known_matrix_payload != well_known_identity_payload"
|
||||
|
||||
- name: Report working .well-known on the identity hostname
|
||||
debug:
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|
||||
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|
||||
|
||||
@ -16,10 +16,22 @@
|
||||
# Tasks related to setting up Let's Encrypt's management of certificates
|
||||
#
|
||||
|
||||
- name: (Deprecation) Fail if using outdated configuration
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined"
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
with_items:
|
||||
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "Detected an undefined required variable"
|
||||
with_items:
|
||||
- "{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none"
|
||||
|
||||
- name: Allow access to HTTP/HTTPS in firewalld
|
||||
firewalld:
|
||||
@ -111,4 +123,4 @@
|
||||
file:
|
||||
path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
|
||||
state: absent
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
|
||||
Reference in New Issue
Block a user