parent
de0efe96e7
commit
c6ab1c6a90
11
CHANGELOG.md
11
CHANGELOG.md
@ -1,3 +1,14 @@
|
|||||||
|
# 2020-07-17
|
||||||
|
|
||||||
|
## (Compatibility Break) Riot is now Element
|
||||||
|
|
||||||
|
As per the official announcement, [Riot has been rebraned to Element](https://element.io/blog/welcome-to-element/).
|
||||||
|
|
||||||
|
The playbook follows suit. Existing installations have a few options for how to handle this.
|
||||||
|
|
||||||
|
See our [Migrating to Element](docs/configuring-playbook-riot-web.md#migrating-to-element) documentation page for more details.
|
||||||
|
|
||||||
|
|
||||||
# 2020-07-03
|
# 2020-07-03
|
||||||
|
|
||||||
## Steam bridging support via mx-puppet-steam
|
## Steam bridging support via mx-puppet-steam
|
||||||
|
@ -16,7 +16,7 @@ Using this playbook, you can get the following services configured on your serve
|
|||||||
|
|
||||||
- (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls
|
- (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls
|
||||||
|
|
||||||
- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Riot web UI
|
- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Element web UI
|
||||||
|
|
||||||
- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default
|
- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR
|
|||||||
| Type | Host | Priority | Weight | Port | Target |
|
| Type | Host | Priority | Weight | Port | Target |
|
||||||
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
||||||
| A | `matrix` | - | - | - | `matrix-server-IP` |
|
| A | `matrix` | - | - | - | `matrix-server-IP` |
|
||||||
| CNAME | `riot` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `element` | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
||||||
@ -32,10 +32,10 @@ DNS records marked with `(*)` above are optional. They refer to services that wi
|
|||||||
|
|
||||||
## Subdomains setup
|
## Subdomains setup
|
||||||
|
|
||||||
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `riot.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
|
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
|
||||||
|
|
||||||
The `riot.<your-domain>` subdomain is necessary, because this playbook installs the Riot web client for you.
|
The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/riot-web) web client for you.
|
||||||
If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `riot.<your-domain>` DNS record.
|
If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.
|
||||||
|
|
||||||
The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
|
The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
|
||||||
|
|
||||||
|
41
docs/configuring-playbook-client-element.md
Normal file
41
docs/configuring-playbook-client-element.md
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# Configuring Element (optional)
|
||||||
|
|
||||||
|
By default, this playbook installs the [Element](https://github.com/vector-im/riot-web) Matrix client web application.
|
||||||
|
If that's okay, you can skip this document.
|
||||||
|
|
||||||
|
|
||||||
|
## Disabling Element
|
||||||
|
|
||||||
|
If you'd like for the playbook to not install (or to uninstall the previously installed Element), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_client_element_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Configuring Element settings
|
||||||
|
|
||||||
|
The playbook provides some customization variables you could use to change Element's settings.
|
||||||
|
|
||||||
|
Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template.
|
||||||
|
|
||||||
|
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
|
||||||
|
|
||||||
|
Alternatively, **if there is no pre-defined variable** for an Element setting you wish to change:
|
||||||
|
|
||||||
|
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used.
|
||||||
|
|
||||||
|
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
|
||||||
|
|
||||||
|
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
|
||||||
|
|
||||||
|
|
||||||
|
## Themes
|
||||||
|
|
||||||
|
To change the look of Element, you can define your own themes manually by using the `matrix_client_element__settingDefaults_custom_themes` setting.
|
||||||
|
|
||||||
|
Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`).
|
||||||
|
|
||||||
|
If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it.
|
||||||
|
|
||||||
|
Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.
|
@ -21,7 +21,7 @@ matrix_dimension_enabled: true
|
|||||||
|
|
||||||
## Define admin users
|
## Define admin users
|
||||||
|
|
||||||
These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Riot and clicking the settings icon.
|
These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon.
|
||||||
Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
@ -39,7 +39,7 @@ Follow our [Registering users](registering-users.md) guide to learn how to regis
|
|||||||
You are required to specify an access token (belonging to this new user) for Dimension to work.
|
You are required to specify an access token (belonging to this new user) for Dimension to work.
|
||||||
To get an access token for the Dimension user, follow these steps:
|
To get an access token for the Dimension user, follow these steps:
|
||||||
|
|
||||||
1. In a private browsing session (incognito window), open Riot.
|
1. In a private browsing session (incognito window), open Element.
|
||||||
2. Log in with the `dimension` user and its password.
|
2. Log in with the `dimension` user and its password.
|
||||||
1. Set the display name and avatar, if required.
|
1. Set the display name and avatar, if required.
|
||||||
2. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
|
2. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
|
||||||
@ -70,7 +70,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
|||||||
|
|
||||||
By default Dimension will use [jitsi.riot.im](https://jitsi.riot.im/) as the `conferenceDomain` of [Jitsi](https://jitsi.org/) audio/video conference widgets. For users running [a self-hosted Jitsi instance](./configuring-playbook-jitsi.md), you will likely want the widget to use your own Jitsi instance. Currently there is no way to configure this via the playbook, see [this issue](https://github.com/turt2live/matrix-dimension/issues/345) for details.
|
By default Dimension will use [jitsi.riot.im](https://jitsi.riot.im/) as the `conferenceDomain` of [Jitsi](https://jitsi.org/) audio/video conference widgets. For users running [a self-hosted Jitsi instance](./configuring-playbook-jitsi.md), you will likely want the widget to use your own Jitsi instance. Currently there is no way to configure this via the playbook, see [this issue](https://github.com/turt2live/matrix-dimension/issues/345) for details.
|
||||||
|
|
||||||
In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In riot-web, go to *Manage Integrations* → *Settings* → *Widgets* → *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
|
In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In Element, go to *Manage Integrations* → *Settings* → *Widgets* → *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
|
||||||
|
|
||||||
|
|
||||||
## Additional features
|
## Additional features
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# Jitsi
|
# Jitsi
|
||||||
|
|
||||||
The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).
|
The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Element](configuring-playbook-client-element.md).
|
||||||
|
|
||||||
Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
|
Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
|
||||||
|
|
||||||
@ -144,13 +144,13 @@ Run this command for each user you would like to create, replacing `<USERNAME>`
|
|||||||
|
|
||||||
You can use the self-hosted Jitsi server in multiple ways:
|
You can use the self-hosted Jitsi server in multiple ways:
|
||||||
|
|
||||||
- **by adding a widget to a room via riot-web** (the one configured by the playbook at `https://riot.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
|
- **by adding a widget to a room via Element** (the one configured by the playbook at `https://element.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
|
||||||
|
|
||||||
- **by adding a widget to a room via the Dimension Integration Manager**. You'll have to point the widget to your own Jitsi server manually. See our [Dimension](./configuring-playbook-dimension.md) documentation page for more details. Naturally, Dimension would need to be installed first (the playbook doesn't install it by default).
|
- **by adding a widget to a room via the Dimension Integration Manager**. You'll have to point the widget to your own Jitsi server manually. See our [Dimension](./configuring-playbook-dimension.md) documentation page for more details. Naturally, Dimension would need to be installed first (the playbook doesn't install it by default).
|
||||||
|
|
||||||
- **directly (without any Matrix integration)**. Just go to `https://jitsi.DOMAIN`
|
- **directly (without any Matrix integration)**. Just go to `https://jitsi.DOMAIN`
|
||||||
|
|
||||||
**Note**: Riot apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
|
**Note**: Element apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
|
||||||
|
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
@ -113,7 +113,7 @@ With this, nginx would still be in use, but it would not bother with anything SS
|
|||||||
All services would be served locally on `127.0.0.1:81` and `127.0.0.1:8449` (as per the example configuration above).
|
All services would be served locally on `127.0.0.1:81` and `127.0.0.1:8449` (as per the example configuration above).
|
||||||
|
|
||||||
You can then set up another reverse-proxy server on ports 80/443/8448 for all of the expected domains and make traffic go to these local ports.
|
You can then set up another reverse-proxy server on ports 80/443/8448 for all of the expected domains and make traffic go to these local ports.
|
||||||
The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `riot.DOMAIN` and `dimension.DOMAIN` are optional).
|
The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `element.DOMAIN` and `dimension.DOMAIN` are optional).
|
||||||
|
|
||||||
### Sample configuration for running behind Traefik 2.0
|
### Sample configuration for running behind Traefik 2.0
|
||||||
|
|
||||||
@ -144,7 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
|
|||||||
- '--label "traefik.enable=true"'
|
- '--label "traefik.enable=true"'
|
||||||
|
|
||||||
# The Nginx proxy container will receive traffic from these subdomains
|
# The Nginx proxy container will receive traffic from these subdomains
|
||||||
- '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"'
|
- '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`)"'
|
||||||
|
|
||||||
# (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
|
# (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
|
||||||
- '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
|
- '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
|
||||||
@ -172,7 +172,7 @@ matrix_synapse_container_extra_arguments:
|
|||||||
- '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
|
- '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
|
||||||
```
|
```
|
||||||
|
|
||||||
This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `riot.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
|
This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
|
||||||
|
|
||||||
Note that this configuration on its own does **not** redirect traffic on port 80 (plain HTTP) to port 443 for HTTPS, which may cause some issues, since the built-in Nginx proxy usually does this. If you are not already doing this in Traefik, it can be added to Traefik in a [file provider](https://docs.traefik.io/v2.0/providers/file/) as follows:
|
Note that this configuration on its own does **not** redirect traffic on port 80 (plain HTTP) to port 443 for HTTPS, which may cause some issues, since the built-in Nginx proxy usually does this. If you are not already doing this in Traefik, it can be added to Traefik in a [file provider](https://docs.traefik.io/v2.0/providers/file/) as follows:
|
||||||
|
|
||||||
|
@ -1,40 +1,37 @@
|
|||||||
# Configuring Riot-web (optional)
|
# Configuring Riot-web (optional)
|
||||||
|
|
||||||
By default, this playbook installs the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
|
By default, this playbook **used to install** the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
|
||||||
If that's okay, you can skip this document.
|
|
||||||
|
Riot has since been [renamed to Element](https://element.io/blog/welcome-to-element/).
|
||||||
|
|
||||||
|
- to learn more about Element and its configuration, see our dedicated [Configuring Element](configuring-playbook-client-element.md) documentation page
|
||||||
|
- to learn how to migrate from Riot to Element, see [Migrating to Element](#migrating-to-element) below
|
||||||
|
|
||||||
|
|
||||||
## Disabling riot-web
|
## Migrating to Element
|
||||||
|
|
||||||
If you'd like for the playbook to not install (or to uninstall the previously installed riot-web), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
### Migrating your custom settings
|
||||||
|
|
||||||
|
If you have custom `matrix_riot_web_` variables in your `inventory/host_vars/matrix.DOMAIN/vars.yml` file, you'll need to rename them (`matrix_riot_web_` -> `matrix_client_element_`).
|
||||||
|
|
||||||
|
|
||||||
|
### Domain migration
|
||||||
|
|
||||||
|
We used to set up Riot at the `riot.DOMAIN` domain. The playbook now sets up Element at `element.DOMAIN` by default.
|
||||||
|
|
||||||
|
There are a few options for handling this:
|
||||||
|
|
||||||
|
- (**avoiding changes** - using the old `riot.DOMAIN` domain and avoiding DNS changes) -- to keep using `riot.DOMAIN` instead of `element.DOMAIN`, override the domain at which the playbook serves Element: `matrix_server_fqn_element: "riot.{{ matrix_domain }}"`
|
||||||
|
|
||||||
|
- (**embracing changes** - using only `element.DOMAIN`) - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)). You can drop the `riot.DOMAIN` in this case. If so, you may also wish to remove old SSL certificates (`rm -rf /matrix/ssl/live/riot.DOMAIN`), so that `certbot` would stop trying to renew them.
|
||||||
|
|
||||||
|
- (**embracing changes and transitioning smoothly** - using both `element.DOMAIN` and `riot.DOMAIN`) - to serve Element at the new domain (`element.DOMAIN`) and to also have `riot.DOMAIN` redirect there - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)) and enable Riot to Element redirection (`matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`).
|
||||||
|
|
||||||
|
|
||||||
|
### Re-running the playbook
|
||||||
|
|
||||||
|
As always, after making the necessary DNS and configuration adjustments, re-run the playbook to apply the changes:
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_riot_web_enabled: false
|
|
||||||
```
|
```
|
||||||
|
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||||
## Configuring riot-web settings
|
```
|
||||||
|
|
||||||
The playbook provides some customization variables you could use to change riot-web's settings.
|
|
||||||
|
|
||||||
Their defaults are defined in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml) and they ultimately end up in the generated `/matrix/riot-web/config.json` file (on the server). This file is generated from the [`roles/matrix-riot-web/templates/config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2) template.
|
|
||||||
|
|
||||||
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
|
|
||||||
|
|
||||||
Alternatively, **if there is no pre-defined variable** for a riot-web setting you wish to change:
|
|
||||||
|
|
||||||
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of riot-web's various settings that rarely get used.
|
|
||||||
|
|
||||||
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2)) by making use of the `matrix_riot_web_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
|
|
||||||
|
|
||||||
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_riot_web_configuration_default` (or `matrix_riot_web_configuration`). You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
|
|
||||||
|
|
||||||
|
|
||||||
## Themes
|
|
||||||
|
|
||||||
To change the look of riot-web, you can define your own themes manually by using the `matrix_riot_web_settingDefaults_custom_themes` setting.
|
|
||||||
|
|
||||||
Or better yet, you can automatically pull it all themes provided by the [aaronraimist/riot-web-themes](https://github.com/aaronraimist/riot-web-themes) project by simply flipping a flag (`matrix_riot_web_themes_enabled: true`).
|
|
||||||
|
|
||||||
If you make your own theme, we encourage you to submit it to the **aaronraimist/riot-web-themes** project, so that the whole community could easily enjoy it.
|
|
||||||
|
|
||||||
Note that for a custom theme to work well, all riot-web/riot-desktop instances that you use must have the same theme installed.
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# Adjusting SSL certificate retrieval (optional, advanced)
|
# Adjusting SSL certificate retrieval (optional, advanced)
|
||||||
|
|
||||||
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `riot.<your-domain>`)
|
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
|
||||||
|
|
||||||
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
|
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
|
||||||
They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
|
They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
|
||||||
@ -42,7 +42,7 @@ With such a configuration, the playbook would expect you to drop the SSL certifi
|
|||||||
- `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
|
- `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
|
||||||
- `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
|
- `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
|
||||||
|
|
||||||
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
|
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `element.<your-domain>`).
|
||||||
|
|
||||||
|
|
||||||
## Not bothering with SSL certificates
|
## Not bothering with SSL certificates
|
||||||
@ -62,7 +62,8 @@ The playbook tries to be smart about the certificates it will obtain for you.
|
|||||||
|
|
||||||
By default, it obtains certificates for:
|
By default, it obtains certificates for:
|
||||||
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
||||||
- possibly for `riot.<your-domain>`, unless you have disabled the Riot component using `matrix_riot_web_enabled: false`
|
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
|
||||||
|
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
|
||||||
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
||||||
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
||||||
|
|
||||||
@ -70,12 +71,12 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
|
|||||||
To do that, simply define your own custom configuration like this:
|
To do that, simply define your own custom configuration like this:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Riot, Dimension).
|
# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Element, Dimension).
|
||||||
# In this example, we retrieve an extra certificate - one for the base domain (in the `matrix_domain` variable).
|
# In this example, we retrieve an extra certificate - one for the base domain (in the `matrix_domain` variable).
|
||||||
# Adding any other additional domains (hosted on the same machine) is possible.
|
# Adding any other additional domains (hosted on the same machine) is possible.
|
||||||
matrix_ssl_domains_to_obtain_certificates_for:
|
matrix_ssl_domains_to_obtain_certificates_for:
|
||||||
- '{{ matrix_server_fqn_matrix }}'
|
- '{{ matrix_server_fqn_matrix }}'
|
||||||
- '{{ matrix_server_fqn_riot }}'
|
- '{{ matrix_server_fqn_element }}'
|
||||||
- '{{ matrix_server_fqn_dimension }}'
|
- '{{ matrix_server_fqn_dimension }}'
|
||||||
- '{{ matrix_domain }}'
|
- '{{ matrix_domain }}'
|
||||||
```
|
```
|
||||||
|
@ -38,7 +38,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||||||
|
|
||||||
- [Configuring Synapse](configuring-playbook-synapse.md) (optional)
|
- [Configuring Synapse](configuring-playbook-synapse.md) (optional)
|
||||||
|
|
||||||
- [Configuring Riot-web](configuring-playbook-riot-web.md) (optional)
|
- [Configuring Element](configuring-playbook-client-element.md) (optional)
|
||||||
|
|
||||||
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
|
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ There are 2 types of well-known service discovery that Matrix makes use of:
|
|||||||
|
|
||||||
- (important) **Federation Server discovery** (`/.well-known/matrix/server`) -- assists other servers in the Matrix network with finding your server. Without a proper configuration, your server will effectively not be part of the Matrix network. Learn more in [Introduction to Federation Server Discovery](#introduction-to-federation-server-discovery)
|
- (important) **Federation Server discovery** (`/.well-known/matrix/server`) -- assists other servers in the Matrix network with finding your server. Without a proper configuration, your server will effectively not be part of the Matrix network. Learn more in [Introduction to Federation Server Discovery](#introduction-to-federation-server-discovery)
|
||||||
|
|
||||||
- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Riot), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
|
- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Element), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
|
||||||
|
|
||||||
|
|
||||||
## Introduction to Federation Server Discovery
|
## Introduction to Federation Server Discovery
|
||||||
@ -59,7 +59,7 @@ All you need to do is:
|
|||||||
|
|
||||||
- copy `/.well-known/matrix/server` and `/.well-known/matrix/client` from the Matrix server (e.g. `matrix.example.com`) to your base domain's server (`example.com`). You can find these files in the `/matrix/static-files/.well-known/matrix` directory on the Matrix server. They are also accessible on URLs like this: `https://matrix.example.com/.well-known/matrix/server` (same for `client`).
|
- copy `/.well-known/matrix/server` and `/.well-known/matrix/client` from the Matrix server (e.g. `matrix.example.com`) to your base domain's server (`example.com`). You can find these files in the `/matrix/static-files/.well-known/matrix` directory on the Matrix server. They are also accessible on URLs like this: `https://matrix.example.com/.well-known/matrix/server` (same for `client`).
|
||||||
|
|
||||||
- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Riot) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
|
- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Element) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
|
||||||
|
|
||||||
This is relatively easy to do and possibly your only choice if you can only host static files from the base domain's server.
|
This is relatively easy to do and possibly your only choice if you can only host static files from the base domain's server.
|
||||||
It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.
|
It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.
|
||||||
|
@ -13,6 +13,7 @@ Table of contents:
|
|||||||
- [Vacuuming Postgres](#vacuuming-postgres)
|
- [Vacuuming Postgres](#vacuuming-postgres)
|
||||||
- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api)
|
- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api)
|
||||||
- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state)
|
- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state)
|
||||||
|
- [Browse and manipulate the database](#browse-and-manipulate-the-database)
|
||||||
|
|
||||||
- [Browse and manipulate the database](#browse-and-manipulate-the-database), for when you really need to take matters into your own hands
|
- [Browse and manipulate the database](#browse-and-manipulate-the-database), for when you really need to take matters into your own hands
|
||||||
|
|
||||||
@ -56,7 +57,7 @@ If [purging unused and unreachable data](#purging-unused-data-with-synapse-janit
|
|||||||
|
|
||||||
Synapse provides a [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) that you can use to purge on a per-room basis.
|
Synapse provides a [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) that you can use to purge on a per-room basis.
|
||||||
|
|
||||||
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like riot-web).
|
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
|
||||||
Alternatively, you can log in and obtain a new access token like this:
|
Alternatively, you can log in and obtain a new access token like this:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -16,7 +16,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
|
|||||||
|
|
||||||
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
|
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
|
||||||
|
|
||||||
**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
|
**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
@ -25,7 +25,7 @@ If you've just installed Matrix, **to finalize the installation process**, it's
|
|||||||
-----
|
-----
|
||||||
|
|
||||||
|
|
||||||
## Adding/Removing Administrator privileges to an existing user.
|
## Adding/Removing Administrator privileges to an existing user.
|
||||||
|
|
||||||
The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.
|
The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ To make use of self-building, you don't need to do anything besides change your
|
|||||||
Note that **not all components support self-building yet**.
|
Note that **not all components support self-building yet**.
|
||||||
List of roles where self-building the Docker image is currently possible:
|
List of roles where self-building the Docker image is currently possible:
|
||||||
- `matrix-synapse`
|
- `matrix-synapse`
|
||||||
- `matrix-riot-web`
|
- `matrix-client-element`
|
||||||
- `matrix-coturn`
|
- `matrix-coturn`
|
||||||
- `matrix-ma1sd`
|
- `matrix-ma1sd`
|
||||||
- `matrix-mailer`
|
- `matrix-mailer`
|
||||||
|
@ -10,7 +10,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
|
|||||||
|
|
||||||
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
|
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
|
||||||
|
|
||||||
**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
|
**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
|
||||||
|
|
||||||
|
|
||||||
## Option 2 (if you are using an external Postgres server):
|
## Option 2 (if you are using an external Postgres server):
|
||||||
@ -34,9 +34,9 @@ where `<password-hash>` is the hash returned by the docker command above.
|
|||||||
|
|
||||||
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
|
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
|
||||||
|
|
||||||
This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
|
This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
|
||||||
|
|
||||||
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
|
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
|
||||||
|
|
||||||
### Example:
|
### Example:
|
||||||
To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
|
To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
# This is a sample file demonstrating how to set up reverse-proxy for riot.DOMAIN.
|
# This is a sample file demonstrating how to set up reverse-proxy for element.DOMAIN.
|
||||||
# If you're not using Riot (`matrix_riot_web_enabled: false`), you won't need this.
|
# If you're not using Element (`matrix_client_element_enabled: false`), you won't need this.
|
||||||
|
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerName riot.DOMAIN
|
ServerName element.DOMAIN
|
||||||
|
|
||||||
ProxyVia On
|
ProxyVia On
|
||||||
|
|
||||||
@ -13,17 +13,17 @@
|
|||||||
ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
|
ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
Redirect permanent / https://riot.DOMAIN/
|
Redirect permanent / https://element.DOMAIN/
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<VirtualHost *:443>
|
<VirtualHost *:443>
|
||||||
ServerName riot.DOMAIN
|
ServerName element.DOMAIN
|
||||||
|
|
||||||
SSLEngine On
|
SSLEngine On
|
||||||
|
|
||||||
# If you manage SSL certificates by yourself, these paths will differ.
|
# If you manage SSL certificates by yourself, these paths will differ.
|
||||||
SSLCertificateFile /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem
|
SSLCertificateFile /matrix/ssl/config/live/element.DOMAIN/fullchain.pem
|
||||||
SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
|
SSLCertificateKeyFile /matrix/ssl/config/live/element.DOMAIN/privkey.pem
|
||||||
|
|
||||||
SSLProxyEngine on
|
SSLProxyEngine on
|
||||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||||
@ -36,6 +36,6 @@
|
|||||||
ProxyPass / http://127.0.0.1:8765/
|
ProxyPass / http://127.0.0.1:8765/
|
||||||
ProxyPassReverse / http://127.0.0.1:8765/
|
ProxyPassReverse / http://127.0.0.1:8765/
|
||||||
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/riot.DOMAIN-error.log
|
ErrorLog ${APACHE_LOG_DIR}/element.DOMAIN-error.log
|
||||||
CustomLog ${APACHE_LOG_DIR}/riot.DOMAIN-access.log combined
|
CustomLog ${APACHE_LOG_DIR}/element.DOMAIN-access.log combined
|
||||||
</VirtualHost>
|
</VirtualHost>
|
8
examples/caddy/matrix-client-element
Normal file
8
examples/caddy/matrix-client-element
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
https://element.DOMAIN {
|
||||||
|
# These might differ if you are supplying your own certificates
|
||||||
|
tls /matrix/ssl/config/live/element.DOMAIN/fullchain.pem /matrix/ssl/config/live/element.DOMAIN/privkey.pem
|
||||||
|
|
||||||
|
proxy / http://127.0.0.1:8765 {
|
||||||
|
transparent
|
||||||
|
}
|
||||||
|
}
|
@ -1,8 +0,0 @@
|
|||||||
https://riot.DOMAIN {
|
|
||||||
# These might differ if you are supplying your own certificates
|
|
||||||
tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
|
|
||||||
|
|
||||||
proxy / http://127.0.0.1:8765 {
|
|
||||||
transparent
|
|
||||||
}
|
|
||||||
}
|
|
@ -39,7 +39,7 @@ frontend https-frontend
|
|||||||
# HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use
|
# HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use
|
||||||
# cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem
|
# cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem
|
||||||
bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem
|
bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem
|
||||||
#bind *:443 ssl crt /etc/haproxy/certs/riot.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
|
#bind *:443 ssl crt /etc/haproxy/certs/element.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
|
||||||
reqadd X-Forwarded-Proto:\ https
|
reqadd X-Forwarded-Proto:\ https
|
||||||
option httplog
|
option httplog
|
||||||
option http-server-close
|
option http-server-close
|
||||||
@ -60,10 +60,10 @@ frontend https-frontend
|
|||||||
acl synapse_admin path -i -m beg /_synapse/admin
|
acl synapse_admin path -i -m beg /_synapse/admin
|
||||||
# Send to :8008
|
# Send to :8008
|
||||||
use_backend matrix-main if matrix_path or synapse_admin
|
use_backend matrix-main if matrix_path or synapse_admin
|
||||||
# riot.example.com
|
# element.example.com
|
||||||
acl riot_domain hdr_dom(host) -i riot.example.com
|
acl element_domain hdr_dom(host) -i element.example.com
|
||||||
# Send to 8765
|
# Send to 8765
|
||||||
use_backend riot if riot_domain
|
use_backend element if element_domain
|
||||||
# If nothing else match, just send to default matrix backend
|
# If nothing else match, just send to default matrix backend
|
||||||
use_backend matrix-main if matrix_domain
|
use_backend matrix-main if matrix_domain
|
||||||
#default_backend matrix-main
|
#default_backend matrix-main
|
||||||
@ -86,12 +86,12 @@ backend synapse
|
|||||||
|
|
||||||
backend nginx-static
|
backend nginx-static
|
||||||
capture request header origin len 128
|
capture request header origin len 128
|
||||||
http-response add-header Access-Control-Allow-Origin *
|
http-response add-header Access-Control-Allow-Origin *
|
||||||
rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
|
rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
|
||||||
rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found }
|
rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found }
|
||||||
rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found }
|
rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found }
|
||||||
server nginx 127.0.0.1:40888 check
|
server nginx 127.0.0.1:40888 check
|
||||||
|
|
||||||
backend riot
|
backend element
|
||||||
server riot 127.0.0.1:8765 check
|
server element 127.0.0.1:8765 check
|
||||||
|
|
||||||
|
@ -755,7 +755,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:4
|
|||||||
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
|
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_matrix_enabled: true
|
matrix_nginx_proxy_proxy_matrix_enabled: true
|
||||||
matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}"
|
matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
|
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
||||||
|
|
||||||
@ -792,14 +792,16 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
|
|||||||
+
|
+
|
||||||
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
|
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-riot-web.service'] if matrix_riot_web_enabled else [])
|
(['matrix-client-element.service'] if matrix_client_element_enabled else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
matrix_ssl_domains_to_obtain_certificates_for: |
|
matrix_ssl_domains_to_obtain_certificates_for: |
|
||||||
{{
|
{{
|
||||||
([matrix_server_fqn_matrix])
|
([matrix_server_fqn_matrix])
|
||||||
+
|
+
|
||||||
([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
|
([matrix_server_fqn_element] if matrix_client_element_enabled else [])
|
||||||
|
+
|
||||||
|
([matrix_nginx_proxy_proxy_riot_compat_redirect_hostname] if matrix_nginx_proxy_proxy_riot_compat_redirect_enabled else [])
|
||||||
+
|
+
|
||||||
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
|
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
|
||||||
+
|
+
|
||||||
@ -847,48 +849,48 @@ matrix_postgres_db_name: "homeserver"
|
|||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-riot-web
|
# matrix-client-element
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
|
# By default, this playbook installs the Element web UI on the `matrix_server_fqn_element` domain.
|
||||||
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
|
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
|
||||||
matrix_riot_web_enabled: true
|
matrix_client_element_enabled: true
|
||||||
|
|
||||||
matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
|
||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# the riot-web HTTP port to the local host.
|
# the Element HTTP port to the local host.
|
||||||
matrix_riot_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
|
matrix_client_element_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
|
||||||
|
|
||||||
matrix_riot_web_default_hs_url: "{{ matrix_homeserver_url }}"
|
matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
|
||||||
matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
|
matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
|
||||||
|
|
||||||
# Use Dimension if enabled, otherwise fall back to Scalar
|
# Use Dimension if enabled, otherwise fall back to Scalar
|
||||||
matrix_riot_web_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
|
matrix_client_element_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
|
||||||
matrix_riot_web_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
|
matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
|
||||||
matrix_riot_web_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
|
matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
|
||||||
matrix_riot_web_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
|
matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
|
||||||
|
|
||||||
matrix_riot_web_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
|
matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
|
||||||
|
|
||||||
matrix_riot_web_registration_enabled: "{{ matrix_synapse_enable_registration }}"
|
matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
|
||||||
|
|
||||||
matrix_riot_web_enable_presence_by_hs_url: |
|
matrix_client_element_enable_presence_by_hs_url: |
|
||||||
{{
|
{{
|
||||||
none
|
none
|
||||||
if matrix_synapse_use_presence
|
if matrix_synapse_use_presence
|
||||||
else {matrix_riot_web_default_hs_url: false}
|
else {matrix_client_element_default_hs_url: false}
|
||||||
}}
|
}}
|
||||||
|
|
||||||
matrix_riot_web_welcome_user_id: ~
|
matrix_client_element_welcome_user_id: ~
|
||||||
|
|
||||||
matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
|
matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# /matrix-riot-web
|
# /matrix-client-element
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
@ -8,12 +8,12 @@
|
|||||||
matrix_domain: ~
|
matrix_domain: ~
|
||||||
|
|
||||||
# This is where your data lives and what we set up.
|
# This is where your data lives and what we set up.
|
||||||
# This and the Riot FQN (see below) are expected to be on the same server.
|
# This and the Element FQN (see below) are expected to be on the same server.
|
||||||
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
|
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
|
||||||
|
|
||||||
# This is where you access the web UI from and what we set up here.
|
# This is where you access the Element web UI from (if enabled via matrix_client_element_enabled; enabled by default).
|
||||||
# This and the Matrix FQN (see above) are expected to be on the same server.
|
# This and the Matrix FQN (see above) are expected to be on the same server.
|
||||||
matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
|
matrix_server_fqn_element: "element.{{ matrix_domain }}"
|
||||||
|
|
||||||
# This is where you access the Dimension.
|
# This is where you access the Dimension.
|
||||||
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
|
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
|
||||||
@ -58,12 +58,12 @@ matrix_integration_manager_rest_url: ~
|
|||||||
matrix_integration_manager_ui_url: ~
|
matrix_integration_manager_ui_url: ~
|
||||||
|
|
||||||
# The domain name where a Jitsi server is self-hosted.
|
# The domain name where a Jitsi server is self-hosted.
|
||||||
# If set, `/.well-known/matrix/client` will suggest Riot clients to use that Jitsi server.
|
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
|
||||||
# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
|
# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
|
||||||
matrix_riot_jitsi_preferredDomain: ''
|
matrix_riot_jitsi_preferredDomain: ''
|
||||||
|
|
||||||
# Controls whether Riot should use End-to-End Encryption by default.
|
# Controls whether Element should use End-to-End Encryption by default.
|
||||||
# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE.
|
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
|
||||||
# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
|
# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
|
||||||
matrix_riot_e2ee_default: true
|
matrix_riot_e2ee_default: true
|
||||||
|
|
||||||
|
@ -25,7 +25,8 @@
|
|||||||
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
|
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
|
||||||
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
|
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
|
||||||
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
|
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
|
||||||
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
|
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
|
||||||
|
- {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
|
||||||
|
|
||||||
- name: Fail if required variables are undefined
|
- name: Fail if required variables are undefined
|
||||||
fail:
|
fail:
|
||||||
@ -33,7 +34,7 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- matrix_domain
|
- matrix_domain
|
||||||
- matrix_server_fqn_matrix
|
- matrix_server_fqn_matrix
|
||||||
- matrix_server_fqn_riot
|
- matrix_server_fqn_element
|
||||||
when: "item not in vars or vars[item] is none"
|
when: "item not in vars or vars[item] is none"
|
||||||
|
|
||||||
- name: Fail if uppercase domain used
|
- name: Fail if uppercase domain used
|
||||||
@ -42,7 +43,7 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- "{{ matrix_domain }}"
|
- "{{ matrix_domain }}"
|
||||||
- "{{ matrix_server_fqn_matrix }}"
|
- "{{ matrix_server_fqn_matrix }}"
|
||||||
- "{{ matrix_server_fqn_riot }}"
|
- "{{ matrix_server_fqn_element }}"
|
||||||
when: "item != item|lower"
|
when: "item != item|lower"
|
||||||
|
|
||||||
- name: Fail if using python2 on Archlinux
|
- name: Fail if using python2 on Archlinux
|
||||||
|
@ -145,7 +145,7 @@ bridge:
|
|||||||
# Set to false to disable link previews in messages sent to Telegram.
|
# Set to false to disable link previews in messages sent to Telegram.
|
||||||
telegram_link_preview: true
|
telegram_link_preview: true
|
||||||
# Use inline images instead of a separate message for the caption.
|
# Use inline images instead of a separate message for the caption.
|
||||||
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
|
# N.B. Inline images are not supported on all clients (e.g. Element iOS).
|
||||||
inline_images: false
|
inline_images: false
|
||||||
# Maximum size of image in megabytes before sending to Telegram as a document.
|
# Maximum size of image in megabytes before sending to Telegram as a document.
|
||||||
image_as_file_size: 10
|
image_as_file_size: 10
|
||||||
|
122
roles/matrix-client-element/defaults/main.yml
Normal file
122
roles/matrix-client-element/defaults/main.yml
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
matrix_client_element_enabled: true
|
||||||
|
|
||||||
|
matrix_client_element_container_image_self_build: false
|
||||||
|
|
||||||
|
matrix_client_element_docker_image: "vectorim/riot-web:v1.7.1"
|
||||||
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
|
||||||
|
matrix_client_element_docker_src_files_path: "{{ matrix_client_element_data_path }}/docker-src"
|
||||||
|
|
||||||
|
# Controls whether the matrix-client-element container exposes its HTTP port (tcp/8080 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
|
||||||
|
matrix_client_element_container_http_host_bind_port: ''
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_client_element_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-client-element.service depends on
|
||||||
|
matrix_client_element_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
# Element config.json customizations
|
||||||
|
matrix_client_element_default_server_name: "{{ matrix_domain }}"
|
||||||
|
matrix_client_element_default_hs_url: ""
|
||||||
|
matrix_client_element_default_is_url: ~
|
||||||
|
matrix_client_element_disable_custom_urls: true
|
||||||
|
matrix_client_element_disable_guests: true
|
||||||
|
matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"
|
||||||
|
matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
|
||||||
|
matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
|
||||||
|
matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
|
||||||
|
matrix_client_element_permalinkPrefix: "https://matrix.to"
|
||||||
|
# Element public room directory server(s)
|
||||||
|
matrix_client_element_roomdir_servers: ['matrix.org']
|
||||||
|
matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
|
||||||
|
# Branding of Element
|
||||||
|
matrix_client_element_brand: "Element"
|
||||||
|
|
||||||
|
# URL to Logo on welcome page
|
||||||
|
matrix_client_element_welcome_logo: "welcome/images/logo.svg"
|
||||||
|
|
||||||
|
# URL of link on welcome image
|
||||||
|
matrix_client_element_welcome_logo_link: "https://element.io"
|
||||||
|
|
||||||
|
matrix_client_element_welcome_headline: "_t('Welcome to Element')"
|
||||||
|
matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat & collaboration powered by [matrix]')"
|
||||||
|
|
||||||
|
# Links, shown in footer of welcome page:
|
||||||
|
# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
|
||||||
|
matrix_client_element_branding_authFooterLinks: ~
|
||||||
|
|
||||||
|
# URL to image, shown during Login
|
||||||
|
matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}"
|
||||||
|
|
||||||
|
# URL to Wallpaper, shown in background of welcome page
|
||||||
|
matrix_client_element_branding_welcomeBackgroundUrl: ~
|
||||||
|
|
||||||
|
# By default, there's no Element homepage (when logged in). If you wish to have one,
|
||||||
|
# point this to a `home.html` template file on your local filesystem.
|
||||||
|
matrix_client_element_embedded_pages_home_path: ~
|
||||||
|
|
||||||
|
matrix_client_element_jitsi_preferredDomain: ''
|
||||||
|
|
||||||
|
# Controls whether the self-check feature should validate SSL certificates.
|
||||||
|
matrix_client_element_self_check_validate_certificates: true
|
||||||
|
|
||||||
|
# don't show the registration button on welcome page
|
||||||
|
matrix_client_element_registration_enabled: false
|
||||||
|
|
||||||
|
# Controls whether presence will be enabled
|
||||||
|
matrix_client_element_enable_presence_by_hs_url: ~
|
||||||
|
|
||||||
|
# Controls whether custom Element themes will be installed.
|
||||||
|
# When enabled, all themes found in the `matrix_client_element_themes_repository_url` repository
|
||||||
|
# will be installed and enabled automatically.
|
||||||
|
matrix_client_element_themes_enabled: false
|
||||||
|
matrix_client_element_themes_repository_url: https://github.com/aaronraimist/element-themes
|
||||||
|
|
||||||
|
# Controls the default theme
|
||||||
|
matrix_client_element_default_theme: 'light'
|
||||||
|
|
||||||
|
# Controls the `settingsDefault.custom_themes` setting of the Element configuration.
|
||||||
|
# You can use this setting to define custom themes.
|
||||||
|
#
|
||||||
|
# Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically.
|
||||||
|
# If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well.
|
||||||
|
#
|
||||||
|
# Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.
|
||||||
|
matrix_client_element_settingDefaults_custom_themes: []
|
||||||
|
|
||||||
|
# Default Element configuration template which covers the generic use case.
|
||||||
|
# You can customize it by controlling the various variables inside it.
|
||||||
|
#
|
||||||
|
# For a more advanced customization, you can extend the default (see `matrix_client_element_configuration_extension_json`)
|
||||||
|
# or completely replace this variable with your own template.
|
||||||
|
#
|
||||||
|
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
||||||
|
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
||||||
|
matrix_client_element_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
|
||||||
|
|
||||||
|
# Your custom JSON configuration for Element should go to `matrix_client_element_configuration_extension_json`.
|
||||||
|
# This configuration extends the default starting configuration (`matrix_client_element_configuration_default`).
|
||||||
|
#
|
||||||
|
# You can override individual variables from the default configuration, or introduce new ones.
|
||||||
|
#
|
||||||
|
# If you need something more special, you can take full control by
|
||||||
|
# completely redefining `matrix_client_element_configuration_default`.
|
||||||
|
#
|
||||||
|
# Example configuration extension follows:
|
||||||
|
#
|
||||||
|
# matrix_client_element_configuration_extension_json: |
|
||||||
|
# {
|
||||||
|
# "disable_3pid_login": true,
|
||||||
|
# "disable_login_language_selector": true
|
||||||
|
# }
|
||||||
|
matrix_client_element_configuration_extension_json: '{}'
|
||||||
|
|
||||||
|
matrix_client_element_configuration_extension: "{{ matrix_client_element_configuration_extension_json|from_json if matrix_client_element_configuration_extension_json|from_json is mapping else {} }}"
|
||||||
|
|
||||||
|
# Holds the final Element configuration (a combination of the default and its extension).
|
||||||
|
# You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`.
|
||||||
|
matrix_client_element_configuration: "{{ matrix_client_element_configuration_default|combine(matrix_client_element_configuration_extension, recursive=True) }}"
|
@ -1,10 +1,10 @@
|
|||||||
- set_fact:
|
- set_fact:
|
||||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}"
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element'] }}"
|
||||||
when: matrix_riot_web_enabled|bool
|
when: matrix_client_element_enabled|bool
|
||||||
|
|
||||||
# ansible lower than 2.8, does not support docker_image build parameters
|
# ansible lower than 2.8, does not support docker_image build parameters
|
||||||
# for self buildig it is explicitly needed, so we rather fail here
|
# for self buildig it is explicitly needed, so we rather fail here
|
||||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||||
fail:
|
fail:
|
||||||
msg: "To self build Riot Web image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
msg: "To self build the Element image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_riot_web_container_image_self_build"
|
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build"
|
34
roles/matrix-client-element/tasks/main.yml
Normal file
34
roles/matrix-client-element/tasks/main.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
when: "run_setup|bool and matrix_client_element_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-client-element
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
|
||||||
|
when: run_setup|bool
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-client-element
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml"
|
||||||
|
when: run_setup|bool
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-client-element
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup.yml"
|
||||||
|
when: run_setup|bool
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-client-element
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/self_check.yml"
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
become: false
|
||||||
|
when: "run_self_check|bool and matrix_client_element_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- self-check
|
36
roles/matrix-client-element/tasks/migrate_riot_web.yml
Normal file
36
roles/matrix-client-element/tasks/migrate_riot_web.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-riot-web.service
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
|
||||||
|
register: matrix_client_riot_web_service_stat
|
||||||
|
when: "matrix_client_element_enabled|bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-riot-web is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-riot-web
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
register: stopping_result
|
||||||
|
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-riot-web.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
|
||||||
|
state: absent
|
||||||
|
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-riot-web.service removal
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Check existence of /matrix/riot-web
|
||||||
|
stat:
|
||||||
|
path: "/matrix/riot-web"
|
||||||
|
register: matrix_client_riot_web_dir_stat
|
||||||
|
when: "matrix_client_element_enabled|bool"
|
||||||
|
|
||||||
|
- name: Relocate /matrix/riot-web to /matrix/client-element
|
||||||
|
command: "mv /matrix/riot-web /matrix/client-element"
|
||||||
|
when: "matrix_client_element_enabled|bool and matrix_client_riot_web_dir_stat.stat.exists"
|
48
roles/matrix-client-element/tasks/prepare_themes.yml
Normal file
48
roles/matrix-client-element/tasks/prepare_themes.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to setting up Element themes
|
||||||
|
#
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Ensure Element themes repository is pulled
|
||||||
|
git:
|
||||||
|
repo: "{{ matrix_client_element_themes_repository_url }}"
|
||||||
|
dest: "{{ role_path }}/files/scratchpad/themes"
|
||||||
|
|
||||||
|
- name: Find all Element theme files
|
||||||
|
find:
|
||||||
|
paths: "{{ role_path }}/files/scratchpad/themes"
|
||||||
|
patterns: "*.json"
|
||||||
|
recurse: true
|
||||||
|
register: matrix_client_element_theme_file_list
|
||||||
|
|
||||||
|
- name: Read Element theme
|
||||||
|
slurp:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
register: "matrix_client_element_theme_file_contents"
|
||||||
|
with_items: "{{ matrix_client_element_theme_file_list.files }}"
|
||||||
|
|
||||||
|
- name: Load Element theme
|
||||||
|
set_fact:
|
||||||
|
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"
|
||||||
|
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
|
||||||
|
|
||||||
|
run_once: true
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
become: false
|
||||||
|
when: matrix_client_element_themes_enabled|bool
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to getting rid of Element themes (if it was previously enabled)
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Ensure Element themes repository is removed
|
||||||
|
file:
|
||||||
|
path: "{{ role_path }}/files/scratchpad/themes"
|
||||||
|
state: absent
|
||||||
|
run_once: true
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
become: false
|
||||||
|
when: "not matrix_client_element_themes_enabled|bool"
|
22
roles/matrix-client-element/tasks/self_check.yml
Normal file
22
roles/matrix-client-element/tasks/self_check.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_client_element_url_endpoint_public: "https://{{ matrix_server_fqn_element }}/config.json"
|
||||||
|
|
||||||
|
- name: Check Element
|
||||||
|
uri:
|
||||||
|
url: "{{ matrix_client_element_url_endpoint_public }}"
|
||||||
|
follow_redirects: none
|
||||||
|
validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}"
|
||||||
|
register: matrix_client_element_self_check_result
|
||||||
|
check_mode: no
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Fail if Element not working
|
||||||
|
fail:
|
||||||
|
msg: "Failed checking Element is up at `{{ matrix_server_fqn_element }}` (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`). Is Element running? Is port 443 open in your firewall? Full error: {{ matrix_client_element_self_check_result }}"
|
||||||
|
when: "matrix_client_element_self_check_result.failed or 'json' not in matrix_client_element_self_check_result"
|
||||||
|
|
||||||
|
- name: Report working Element
|
||||||
|
debug:
|
||||||
|
msg: "Element at `{{ matrix_server_fqn_element }}` is working (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`)"
|
127
roles/matrix-client-element/tasks/setup.yml
Normal file
127
roles/matrix-client-element/tasks/setup.yml
Normal file
@ -0,0 +1,127 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to setting up Element
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Ensure Element paths exists
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- { path: "{{ matrix_client_element_data_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" }
|
||||||
|
when: matrix_client_element_enabled|bool and item.when
|
||||||
|
|
||||||
|
- name: Ensure Element Docker image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_client_element_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}"
|
||||||
|
when: matrix_client_element_enabled|bool and not matrix_client_element_container_image_self_build
|
||||||
|
|
||||||
|
- name: Ensure Element repository is present on self-build
|
||||||
|
git:
|
||||||
|
repo: https://github.com/vector-im/riot-web.git
|
||||||
|
dest: "{{ matrix_client_element_docker_src_files_path }}"
|
||||||
|
version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
|
||||||
|
force: "yes"
|
||||||
|
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
|
||||||
|
|
||||||
|
- name: Ensure Element Docker image is built
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_client_element_docker_image }}"
|
||||||
|
source: build
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_client_element_docker_src_files_path }}"
|
||||||
|
pull: yes
|
||||||
|
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
|
||||||
|
|
||||||
|
- name: Ensure Element configuration installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_client_element_configuration|to_nice_json }}"
|
||||||
|
dest: "{{ matrix_client_element_data_path }}/config.json"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
when: matrix_client_element_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure Element config files installed
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
|
||||||
|
- {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
|
||||||
|
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
|
||||||
|
when: "matrix_client_element_enabled|bool and item.src is not none"
|
||||||
|
|
||||||
|
- name: Ensure Element config files removed
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
|
||||||
|
when: "matrix_client_element_enabled|bool and item.src is none"
|
||||||
|
|
||||||
|
- name: Ensure matrix-client-element.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2"
|
||||||
|
dest: "{{ matrix_systemd_path }}/matrix-client-element.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_client_element_systemd_service_result
|
||||||
|
when: matrix_client_element_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-client-element.service installation
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_client_element_enabled and matrix_client_element_systemd_service_result.changed"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to getting rid of Element (if it was previously enabled)
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Check existence of matrix-client-element.service
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
|
||||||
|
register: matrix_client_element_service_stat
|
||||||
|
when: "not matrix_client_element_enabled|bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-client-element is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-client-element
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
register: stopping_result
|
||||||
|
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-client-element.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-client-element.service removal
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure Element paths doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_client_element_data_path }}"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_client_element_enabled|bool"
|
||||||
|
|
||||||
|
- name: Ensure Element Docker image doesn't exist
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_client_element_docker_image }}"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_client_element_enabled|bool"
|
20
roles/matrix-client-element/tasks/validate_config.yml
Normal file
20
roles/matrix-client-element/tasks/validate_config.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if required Element settings not defined
|
||||||
|
fail:
|
||||||
|
msg: >
|
||||||
|
You need to define a required configuration setting (`{{ item }}`) for using Element.
|
||||||
|
when: "vars[item] == ''"
|
||||||
|
with_items:
|
||||||
|
- "matrix_client_element_default_hs_url"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report riot-web variables
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
Riot has been renamed to Element (https://element.io/blog/welcome-to-element/).
|
||||||
|
The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names.
|
||||||
|
Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
Also note that DNS configuration changes may be necessary.
|
||||||
|
when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'}
|
45
roles/matrix-client-element/templates/config.json.j2
Normal file
45
roles/matrix-client-element/templates/config.json.j2
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
{
|
||||||
|
"default_server_config": {
|
||||||
|
"m.homeserver": {
|
||||||
|
"base_url": {{ matrix_client_element_default_hs_url|string|to_json }},
|
||||||
|
"server_name": {{ matrix_client_element_default_server_name|string|to_json }}
|
||||||
|
},
|
||||||
|
"m.identity_server": {
|
||||||
|
"base_url": {{ matrix_client_element_default_is_url|string|to_json }}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"settingDefaults": {
|
||||||
|
"custom_themes": {{ matrix_client_element_settingDefaults_custom_themes|to_json }}
|
||||||
|
},
|
||||||
|
"default_theme": {{ matrix_client_element_default_theme|string|to_json }},
|
||||||
|
"permalinkPrefix": {{ matrix_client_element_permalinkPrefix|string|to_json }},
|
||||||
|
"disable_custom_urls": {{ matrix_client_element_disable_custom_urls|to_json }},
|
||||||
|
"disable_guests": {{ matrix_client_element_disable_guests|to_json }},
|
||||||
|
"brand": {{ matrix_client_element_brand|to_json }},
|
||||||
|
"integrations_ui_url": {{ matrix_client_element_integrations_ui_url|string|to_json }},
|
||||||
|
"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
|
||||||
|
"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
|
||||||
|
"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
|
||||||
|
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||||
|
"enableLabs": true,
|
||||||
|
"roomDirectory": {
|
||||||
|
"servers": {{ matrix_client_element_roomdir_servers|to_json }}
|
||||||
|
},
|
||||||
|
"welcomeUserId": {{ matrix_client_element_welcome_user_id|to_json }},
|
||||||
|
{% if matrix_client_element_enable_presence_by_hs_url is not none %}
|
||||||
|
"enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url|to_json }},
|
||||||
|
{% endif %}
|
||||||
|
"embeddedPages": {
|
||||||
|
"homeUrl": {{ matrix_client_element_embedded_pages_home_url|string|to_json }}
|
||||||
|
},
|
||||||
|
{% if matrix_client_element_jitsi_preferredDomain %}
|
||||||
|
"jitsi": {
|
||||||
|
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
|
||||||
|
},
|
||||||
|
{% endif %}
|
||||||
|
"branding": {
|
||||||
|
"authFooterLinks": {{ matrix_client_element_branding_authFooterLinks|to_json }},
|
||||||
|
"authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl|to_json }},
|
||||||
|
"welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl|to_json }}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,43 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Element server
|
||||||
|
{% for service in matrix_client_element_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-client-element
|
||||||
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-client-element
|
||||||
|
|
||||||
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--read-only \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if matrix_client_element_container_http_host_bind_port %}
|
||||||
|
-p {{ matrix_client_element_container_http_host_bind_port }}:8080 \
|
||||||
|
{% endif %}
|
||||||
|
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
||||||
|
-v {{ matrix_client_element_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
|
-v {{ matrix_client_element_data_path }}/config.json:/app/config.json:ro \
|
||||||
|
-v {{ matrix_client_element_data_path }}/config.json:/app/config.{{ matrix_server_fqn_element }}.json:ro \
|
||||||
|
{% if matrix_client_element_embedded_pages_home_path is not none %}
|
||||||
|
-v {{ matrix_client_element_data_path }}/home.html:/app/home.html:ro \
|
||||||
|
{% endif %}
|
||||||
|
-v {{ matrix_client_element_data_path }}/welcome.html:/app/welcome.html:ro \
|
||||||
|
{% for arg in matrix_client_element_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_client_element_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-client-element
|
||||||
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-client-element
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-client-element
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -153,23 +153,23 @@ h1::after {
|
|||||||
</style>
|
</style>
|
||||||
|
|
||||||
<div class="mx_Parent">
|
<div class="mx_Parent">
|
||||||
<a href="{{ matrix_riot_web_welcome_logo_link }}" target="_blank" rel="noopener">
|
<a href="{{ matrix_client_element_welcome_logo_link }}" target="_blank" rel="noopener">
|
||||||
<img src="{{ matrix_riot_web_welcome_logo }}" alt="" class="mx_Logo"/>
|
<img src="{{ matrix_client_element_welcome_logo }}" alt="" class="mx_Logo"/>
|
||||||
</a>
|
</a>
|
||||||
<h1 class="mx_Header_title">{{ matrix_riot_web_welcome_headline }}</h1>
|
<h1 class="mx_Header_title">{{ matrix_client_element_welcome_headline }}</h1>
|
||||||
<h4 class="mx_Header_subtitle">{{ matrix_riot_web_welcome_text }}</h4>
|
<h4 class="mx_Header_subtitle">{{ matrix_client_element_welcome_text }}</h4>
|
||||||
<div class="mx_ButtonGroup">
|
<div class="mx_ButtonGroup">
|
||||||
<div class="mx_ButtonRow">
|
<div class="mx_ButtonRow">
|
||||||
<a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
|
<a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
|
||||||
<div class="mx_ButtonLabel">_t("Sign In")</div>
|
<div class="mx_ButtonLabel">_t("Sign In")</div>
|
||||||
</a>
|
</a>
|
||||||
{% if matrix_riot_web_registration_enabled %}
|
{% if matrix_client_element_registration_enabled %}
|
||||||
<a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
|
<a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
|
||||||
<div class="mx_ButtonLabel">_t("Create Account")</div>
|
<div class="mx_ButtonLabel">_t("Create Account")</div>
|
||||||
</a>
|
</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
{% if matrix_riot_web_disable_guests != true %}
|
{% if matrix_client_element_disable_guests != true %}
|
||||||
<!-- The comments below are meant to be used by Ansible as a quick way
|
<!-- The comments below are meant to be used by Ansible as a quick way
|
||||||
to strip out the marked content when desired.
|
to strip out the marked content when desired.
|
||||||
See https://github.com/vector-im/riot-web/issues/8622.
|
See https://github.com/vector-im/riot-web/issues/8622.
|
3
roles/matrix-client-element/vars/main.yml
Normal file
3
roles/matrix-client-element/vars/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
matrix_client_element_embedded_pages_home_url: "{{ ('' if matrix_client_element_embedded_pages_home_path is none else 'home.html') }}"
|
@ -31,7 +31,7 @@ homeserver:
|
|||||||
accessToken: "{{ matrix_dimension_access_token }}"
|
accessToken: "{{ matrix_dimension_access_token }}"
|
||||||
|
|
||||||
# These users can modify the integrations this Dimension supports.
|
# These users can modify the integrations this Dimension supports.
|
||||||
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
# To access the admin interface, open Dimension in Element and click the settings icon.
|
||||||
admins: {{ matrix_dimension_admins|to_json }}
|
admins: {{ matrix_dimension_admins|to_json }}
|
||||||
|
|
||||||
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
||||||
|
@ -94,8 +94,12 @@ matrix_nginx_proxy_base_domain_homepage_template: |-
|
|||||||
|
|
||||||
|
|
||||||
# Controls whether proxying the riot domain should be done.
|
# Controls whether proxying the riot domain should be done.
|
||||||
matrix_nginx_proxy_proxy_riot_enabled: false
|
matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: false
|
||||||
matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
|
matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain }}"
|
||||||
|
|
||||||
|
# Controls whether proxying the Element domain should be done.
|
||||||
|
matrix_nginx_proxy_proxy_element_enabled: false
|
||||||
|
matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
|
||||||
|
|
||||||
# Controls whether proxying the matrix domain should be done.
|
# Controls whether proxying the matrix domain should be done.
|
||||||
matrix_nginx_proxy_proxy_matrix_enabled: false
|
matrix_nginx_proxy_proxy_matrix_enabled: false
|
||||||
@ -162,23 +166,26 @@ matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []
|
|||||||
# A list of strings containing additional configuration blocks to add to the matrix synapse's server configuration.
|
# A list of strings containing additional configuration blocks to add to the matrix synapse's server configuration.
|
||||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
# A list of strings containing additional configuration blocks to add to the matrix riot's server configuration.
|
# A list of strings containing additional configuration blocks to add to Riot's server configuration.
|
||||||
matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
# A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
|
# A list of strings containing additional configuration blocks to add to Element's server configuration.
|
||||||
|
matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
|
# A list of strings containing additional configuration blocks to add to Dimension's server configuration.
|
||||||
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
# A list of strings containing additional configuration blocks to add to the jitsi's server configuration.
|
# A list of strings containing additional configuration blocks to add to Jitsi's server configuration.
|
||||||
matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
# A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
|
# A list of strings containing additional configuration blocks to add to the base domain server configuration.
|
||||||
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
# Specifies when to reload the matrix-nginx-proxy service so that
|
# Specifies when to reload the matrix-nginx-proxy service so that
|
||||||
# a new SSL certificate could go into effect.
|
# a new SSL certificate could go into effect.
|
||||||
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
||||||
|
|
||||||
# Specifies which SSL protocols to use when serving Riot and Synapse
|
# Specifies which SSL protocols to use when serving all the various vhosts
|
||||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"
|
matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"
|
||||||
|
|
||||||
# Controls whether the self-check feature should validate SSL certificates.
|
# Controls whether the self-check feature should validate SSL certificates.
|
||||||
@ -204,7 +211,7 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
|
|||||||
# obeying the following hierarchy:
|
# obeying the following hierarchy:
|
||||||
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
||||||
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
||||||
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
|
# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_element`).
|
||||||
#
|
#
|
||||||
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
|
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
|
||||||
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
|
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
|
||||||
|
@ -52,12 +52,19 @@
|
|||||||
mode: 0644
|
mode: 0644
|
||||||
when: matrix_nginx_proxy_proxy_matrix_enabled|bool
|
when: matrix_nginx_proxy_proxy_matrix_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure Matrix nginx-proxy configuration for Element domain exists
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2"
|
||||||
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf"
|
||||||
|
mode: 0644
|
||||||
|
when: matrix_nginx_proxy_proxy_element_enabled|bool
|
||||||
|
|
||||||
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
||||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: matrix_nginx_proxy_proxy_riot_enabled|bool
|
when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool
|
||||||
|
|
||||||
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
|
||||||
template:
|
template:
|
||||||
@ -162,7 +169,7 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
||||||
state: absent
|
state: absent
|
||||||
when: "not matrix_nginx_proxy_proxy_riot_enabled|bool"
|
when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool"
|
||||||
|
|
||||||
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
|
||||||
file:
|
file:
|
||||||
|
@ -9,6 +9,9 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}
|
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}
|
||||||
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}
|
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}
|
||||||
|
# People who configured this to disable Riot, would now wish to be disabling Element.
|
||||||
|
# We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default.
|
||||||
|
- {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
|
||||||
|
|
||||||
- name: Fail on unknown matrix_ssl_retrieval_method
|
- name: Fail on unknown matrix_ssl_retrieval_method
|
||||||
fail:
|
fail:
|
||||||
|
@ -0,0 +1,73 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
|
||||||
|
{% macro render_vhost_directives() %}
|
||||||
|
gzip on;
|
||||||
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
{% for configuration_block in matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks %}
|
||||||
|
{{- configuration_block }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-client-element:8080";
|
||||||
|
proxy_pass http://$backend;
|
||||||
|
{% else %}
|
||||||
|
{# Generic configuration for use outside of our container setup #}
|
||||||
|
proxy_pass http://127.0.0.1:8765;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
{% endmacro %}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||||
|
|
||||||
|
server_name {{ matrix_nginx_proxy_proxy_element_hostname }};
|
||||||
|
|
||||||
|
server_tokens off;
|
||||||
|
root /dev/null;
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_https_enabled %}
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-certbot:8080";
|
||||||
|
proxy_pass http://$backend;
|
||||||
|
{% else %}
|
||||||
|
{# Generic configuration for use outside of our container setup #}
|
||||||
|
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$http_host$request_uri;
|
||||||
|
}
|
||||||
|
{% else %}
|
||||||
|
{{ render_vhost_directives() }}
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_https_enabled %}
|
||||||
|
server {
|
||||||
|
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||||
|
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||||
|
|
||||||
|
server_name {{ matrix_nginx_proxy_proxy_element_hostname }};
|
||||||
|
|
||||||
|
server_tokens off;
|
||||||
|
root /dev/null;
|
||||||
|
|
||||||
|
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/fullchain.pem;
|
||||||
|
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/privkey.pem;
|
||||||
|
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||||
|
|
||||||
|
{{ render_vhost_directives() }}
|
||||||
|
}
|
||||||
|
{% endif %}
|
@ -1,32 +1,19 @@
|
|||||||
#jinja2: lstrip_blocks: "True"
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
|
||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
{% if matrix_nginx_proxy_enabled %}
|
return 301 https://{{ matrix_nginx_proxy_proxy_element_hostname }}$request_uri;
|
||||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
|
||||||
resolver 127.0.0.11 valid=5s;
|
|
||||||
set $backend "matrix-riot-web:8080";
|
|
||||||
proxy_pass http://$backend;
|
|
||||||
{% else %}
|
|
||||||
{# Generic configuration for use outside of our container setup #}
|
|
||||||
proxy_pass http://127.0.0.1:8765;
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||||
|
|
||||||
server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
|
server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
|
||||||
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
root /dev/null;
|
root /dev/null;
|
||||||
@ -57,13 +44,13 @@ server {
|
|||||||
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||||
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||||
|
|
||||||
server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
|
server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
|
||||||
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
root /dev/null;
|
root /dev/null;
|
||||||
|
|
||||||
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_hostname }}/fullchain.pem;
|
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/fullchain.pem;
|
||||||
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_hostname }}/privkey.pem;
|
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/privkey.pem;
|
||||||
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#jinja2: lstrip_blocks: "True"
|
#jinja2: lstrip_blocks: "True"
|
||||||
# The default is aligned to the CPU's cache size,
|
# The default is aligned to the CPU's cache size,
|
||||||
# which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
|
# which can sometimes be too low to handle our 2 vhosts (Synapse and Element).
|
||||||
#
|
#
|
||||||
# Thus, we ensure a larger bucket size value is used.
|
# Thus, we ensure a larger bucket size value is used.
|
||||||
server_names_hash_bucket_size 64;
|
server_names_hash_bucket_size 64;
|
||||||
|
@ -1,122 +0,0 @@
|
|||||||
matrix_riot_web_enabled: true
|
|
||||||
|
|
||||||
matrix_riot_web_container_image_self_build: false
|
|
||||||
|
|
||||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.7.1"
|
|
||||||
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
|
||||||
|
|
||||||
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
|
||||||
matrix_riot_web_docker_src_files_path: "{{ matrix_riot_web_data_path }}/docker-src"
|
|
||||||
|
|
||||||
# Controls whether the matrix-riot-web container exposes its HTTP port (tcp/8080 in the container).
|
|
||||||
#
|
|
||||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
|
|
||||||
matrix_riot_web_container_http_host_bind_port: ''
|
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
|
||||||
matrix_riot_web_container_extra_arguments: []
|
|
||||||
|
|
||||||
# List of systemd services that matrix-riot-web.service depends on
|
|
||||||
matrix_riot_web_systemd_required_services_list: ['docker.service']
|
|
||||||
|
|
||||||
# Riot config.json customizations
|
|
||||||
matrix_riot_web_default_server_name: "{{ matrix_domain }}"
|
|
||||||
matrix_riot_web_default_hs_url: ""
|
|
||||||
matrix_riot_web_default_is_url: ~
|
|
||||||
matrix_riot_web_disable_custom_urls: true
|
|
||||||
matrix_riot_web_disable_guests: true
|
|
||||||
matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
|
|
||||||
matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api"
|
|
||||||
matrix_riot_web_integrations_widgets_urls: ["https://scalar.vector.im/api"]
|
|
||||||
matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
|
|
||||||
matrix_riot_web_permalinkPrefix: "https://matrix.to"
|
|
||||||
# Riot public room directory server(s)
|
|
||||||
matrix_riot_web_roomdir_servers: ['matrix.org']
|
|
||||||
matrix_riot_web_welcome_user_id: "@riot-bot:matrix.org"
|
|
||||||
# Branding of riot web
|
|
||||||
matrix_riot_web_brand: "Riot"
|
|
||||||
|
|
||||||
# URL to Logo on welcome page
|
|
||||||
matrix_riot_web_welcome_logo: "welcome/images/logo.svg"
|
|
||||||
|
|
||||||
# URL of link on welcome image
|
|
||||||
matrix_riot_web_welcome_logo_link: "https://element.io"
|
|
||||||
|
|
||||||
matrix_riot_web_welcome_headline: "_t('Welcome to Element')"
|
|
||||||
matrix_riot_web_welcome_text: "_t('Decentralised, encrypted chat & collaboration powered by [matrix]')"
|
|
||||||
|
|
||||||
# Links, shown in footer of welcome page:
|
|
||||||
# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
|
|
||||||
matrix_riot_web_branding_authFooterLinks: ~
|
|
||||||
|
|
||||||
# URL to image, shown during Login
|
|
||||||
matrix_riot_web_branding_authHeaderLogoUrl: "{{ matrix_riot_web_welcome_logo }}"
|
|
||||||
|
|
||||||
# URL to Wallpaper, shown in background of welcome page
|
|
||||||
matrix_riot_web_branding_welcomeBackgroundUrl: ~
|
|
||||||
|
|
||||||
# By default, there's no Riot homepage (when logged in). If you wish to have one,
|
|
||||||
# point this to a `home.html` template file on your local filesystem.
|
|
||||||
matrix_riot_web_embedded_pages_home_path: ~
|
|
||||||
|
|
||||||
matrix_riot_web_jitsi_preferredDomain: ''
|
|
||||||
|
|
||||||
# Controls whether the self-check feature should validate SSL certificates.
|
|
||||||
matrix_riot_web_self_check_validate_certificates: true
|
|
||||||
|
|
||||||
# don't show the registration button on welcome page
|
|
||||||
matrix_riot_web_registration_enabled: false
|
|
||||||
|
|
||||||
# Controls whether Riot shows the presence features
|
|
||||||
matrix_riot_web_enable_presence_by_hs_url: ~
|
|
||||||
|
|
||||||
# Controls whether custom riot-web themes will be installed.
|
|
||||||
# When enabled, all themes found in the `matrix_riot_web_themes_repository_url` repository
|
|
||||||
# will be installed and enabled automatically.
|
|
||||||
matrix_riot_web_themes_enabled: false
|
|
||||||
matrix_riot_web_themes_repository_url: https://github.com/aaronraimist/riot-web-themes
|
|
||||||
|
|
||||||
# Controls the default riot-web theme
|
|
||||||
matrix_riot_web_default_theme: 'light'
|
|
||||||
|
|
||||||
# Controls the `settingsDefault.custom_themes` setting of the riot-web configuration.
|
|
||||||
# You can use this setting to define custom themes.
|
|
||||||
#
|
|
||||||
# Also, look at `matrix_riot_web_themes_enabled` for a way to pull in a bunch of custom themes automatically.
|
|
||||||
# If you define your own themes here and set `matrix_riot_web_themes_enabled: true`, your themes will be preserved as well.
|
|
||||||
#
|
|
||||||
# Note that for a custom theme to work well, all riot-web/riot-desktop instances that you use must have the same theme installed.
|
|
||||||
matrix_riot_web_settingDefaults_custom_themes: []
|
|
||||||
|
|
||||||
# Default riot-web configuration template which covers the generic use case.
|
|
||||||
# You can customize it by controlling the various variables inside it.
|
|
||||||
#
|
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_riot_web_configuration_extension_json`)
|
|
||||||
# or completely replace this variable with your own template.
|
|
||||||
#
|
|
||||||
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
|
||||||
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
|
||||||
matrix_riot_web_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
|
|
||||||
|
|
||||||
# Your custom JSON configuration for riot-web should go to `matrix_riot_web_configuration_extension_json`.
|
|
||||||
# This configuration extends the default starting configuration (`matrix_riot_web_configuration_default`).
|
|
||||||
#
|
|
||||||
# You can override individual variables from the default configuration, or introduce new ones.
|
|
||||||
#
|
|
||||||
# If you need something more special, you can take full control by
|
|
||||||
# completely redefining `matrix_riot_web_configuration_default`.
|
|
||||||
#
|
|
||||||
# Example configuration extension follows:
|
|
||||||
#
|
|
||||||
# matrix_riot_web_configuration_extension_json: |
|
|
||||||
# {
|
|
||||||
# "disable_3pid_login": true,
|
|
||||||
# "disable_login_language_selector": true
|
|
||||||
# }
|
|
||||||
matrix_riot_web_configuration_extension_json: '{}'
|
|
||||||
|
|
||||||
matrix_riot_web_configuration_extension: "{{ matrix_riot_web_configuration_extension_json|from_json if matrix_riot_web_configuration_extension_json|from_json is mapping else {} }}"
|
|
||||||
|
|
||||||
# Holds the final riot-web configuration (a combination of the default and its extension).
|
|
||||||
# You most likely don't need to touch this variable. Instead, see `matrix_riot_web_configuration_default`.
|
|
||||||
matrix_riot_web_configuration: "{{ matrix_riot_web_configuration_default|combine(matrix_riot_web_configuration_extension, recursive=True) }}"
|
|
@ -1,28 +0,0 @@
|
|||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
|
||||||
when: "run_setup|bool and matrix_riot_web_enabled|bool"
|
|
||||||
tags:
|
|
||||||
- setup-all
|
|
||||||
- setup-riot-web
|
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/prepare_riot_web_themes.yml"
|
|
||||||
when: run_setup|bool
|
|
||||||
tags:
|
|
||||||
- setup-all
|
|
||||||
- setup-riot-web
|
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/setup_riot_web.yml"
|
|
||||||
when: run_setup|bool
|
|
||||||
tags:
|
|
||||||
- setup-all
|
|
||||||
- setup-riot-web
|
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/self_check_riot_web.yml"
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
become: false
|
|
||||||
when: "run_self_check|bool and matrix_riot_web_enabled|bool"
|
|
||||||
tags:
|
|
||||||
- self-check
|
|
@ -1,48 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
#
|
|
||||||
# Tasks related to setting up riot-web themes
|
|
||||||
#
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Ensure riot-web themes repository is pulled
|
|
||||||
git:
|
|
||||||
repo: "{{ matrix_riot_web_themes_repository_url }}"
|
|
||||||
dest: "{{ role_path }}/files/scratchpad/riot-web-themes"
|
|
||||||
|
|
||||||
- name: Find all riot-web theme files
|
|
||||||
find:
|
|
||||||
paths: "{{ role_path }}/files/scratchpad/riot-web-themes"
|
|
||||||
patterns: "*.json"
|
|
||||||
recurse: true
|
|
||||||
register: matrix_riot_web_theme_file_list
|
|
||||||
|
|
||||||
- name: Read riot-web theme
|
|
||||||
slurp:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
register: "matrix_riot_web_theme_file_contents"
|
|
||||||
with_items: "{{ matrix_riot_web_theme_file_list.files }}"
|
|
||||||
|
|
||||||
- name: Load riot-web theme
|
|
||||||
set_fact:
|
|
||||||
matrix_riot_web_settingDefaults_custom_themes: "{{ matrix_riot_web_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"
|
|
||||||
with_items: "{{ matrix_riot_web_theme_file_contents.results }}"
|
|
||||||
|
|
||||||
run_once: true
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
become: false
|
|
||||||
when: matrix_riot_web_themes_enabled|bool
|
|
||||||
|
|
||||||
|
|
||||||
# #
|
|
||||||
# # Tasks related to getting rid of riot-web themes (if it was previously enabled)
|
|
||||||
# #
|
|
||||||
|
|
||||||
- name: Ensure riot-web themes repository is removed
|
|
||||||
file:
|
|
||||||
path: "{{ role_path }}/files/scratchpad/riot-web-themes"
|
|
||||||
state: absent
|
|
||||||
run_once: true
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
become: false
|
|
||||||
when: "not matrix_riot_web_themes_enabled|bool"
|
|
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"
|
|
||||||
|
|
||||||
- name: Check riot-web
|
|
||||||
uri:
|
|
||||||
url: "{{ riot_web_url_endpoint_public }}"
|
|
||||||
follow_redirects: none
|
|
||||||
validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
|
|
||||||
register: result_riot_web
|
|
||||||
check_mode: no
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
- name: Fail if riot-web not working
|
|
||||||
fail:
|
|
||||||
msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
|
|
||||||
when: "result_riot_web.failed or 'json' not in result_riot_web"
|
|
||||||
|
|
||||||
- name: Report working riot-web
|
|
||||||
debug:
|
|
||||||
msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
|
|
@ -1,127 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
#
|
|
||||||
# Tasks related to setting up riot-web
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: Ensure Matrix riot-web path exists
|
|
||||||
file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: directory
|
|
||||||
mode: 0750
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
with_items:
|
|
||||||
- { path: "{{ matrix_riot_web_data_path }}", when: true }
|
|
||||||
- { path: "{{ matrix_riot_web_docker_src_files_path }}", when: "{{ matrix_riot_web_container_image_self_build }}" }
|
|
||||||
when: matrix_riot_web_enabled|bool and item.when
|
|
||||||
|
|
||||||
- name: Ensure riot-web Docker image is pulled
|
|
||||||
docker_image:
|
|
||||||
name: "{{ matrix_riot_web_docker_image }}"
|
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
||||||
force_source: "{{ matrix_riot_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_riot_web_docker_image_force_pull }}"
|
|
||||||
when: matrix_riot_web_enabled|bool and not matrix_riot_web_container_image_self_build
|
|
||||||
|
|
||||||
- name: Ensure Riot Web repository is present on self-build
|
|
||||||
git:
|
|
||||||
repo: https://github.com/vector-im/riot-web.git
|
|
||||||
dest: "{{ matrix_riot_web_docker_src_files_path }}"
|
|
||||||
version: "{{ matrix_riot_web_docker_image.split(':')[1] }}"
|
|
||||||
force: "yes"
|
|
||||||
when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
|
|
||||||
|
|
||||||
- name: Ensure Riot Web Docker image is built
|
|
||||||
docker_image:
|
|
||||||
name: "{{ matrix_riot_web_docker_image }}"
|
|
||||||
source: build
|
|
||||||
build:
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
path: "{{ matrix_riot_web_docker_src_files_path }}"
|
|
||||||
pull: yes
|
|
||||||
when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
|
|
||||||
|
|
||||||
- name: Ensure Matrix riot-web configuration installed
|
|
||||||
copy:
|
|
||||||
content: "{{ matrix_riot_web_configuration|to_nice_json }}"
|
|
||||||
dest: "{{ matrix_riot_web_data_path }}/config.json"
|
|
||||||
mode: 0644
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
when: matrix_riot_web_enabled|bool
|
|
||||||
|
|
||||||
- name: Ensure Matrix riot-web config files installed
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ matrix_riot_web_data_path }}/{{ item.name }}"
|
|
||||||
mode: 0644
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
with_items:
|
|
||||||
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
|
|
||||||
- {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
|
|
||||||
- {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
|
|
||||||
when: "matrix_riot_web_enabled|bool and item.src is not none"
|
|
||||||
|
|
||||||
- name: Ensure Matrix riot-web config files removed
|
|
||||||
file:
|
|
||||||
path: "{{ matrix_riot_web_data_path }}/{{ item.name }}"
|
|
||||||
state: absent
|
|
||||||
with_items:
|
|
||||||
- {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
|
|
||||||
when: "matrix_riot_web_enabled|bool and item.src is none"
|
|
||||||
|
|
||||||
- name: Ensure matrix-riot-web.service installed
|
|
||||||
template:
|
|
||||||
src: "{{ role_path }}/templates/systemd/matrix-riot-web.service.j2"
|
|
||||||
dest: "{{ matrix_systemd_path }}/matrix-riot-web.service"
|
|
||||||
mode: 0644
|
|
||||||
register: matrix_riot_web_systemd_service_result
|
|
||||||
when: matrix_riot_web_enabled|bool
|
|
||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-riot-web.service installation
|
|
||||||
service:
|
|
||||||
daemon_reload: yes
|
|
||||||
when: "matrix_riot_web_enabled and matrix_riot_web_systemd_service_result.changed"
|
|
||||||
|
|
||||||
#
|
|
||||||
# Tasks related to getting rid of riot-web (if it was previously enabled)
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: Check existence of matrix-riot-web service
|
|
||||||
stat:
|
|
||||||
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
|
|
||||||
register: matrix_riot_web_service_stat
|
|
||||||
when: "not matrix_riot_web_enabled|bool"
|
|
||||||
|
|
||||||
- name: Ensure matrix-riot-web is stopped
|
|
||||||
service:
|
|
||||||
name: matrix-riot-web
|
|
||||||
state: stopped
|
|
||||||
daemon_reload: yes
|
|
||||||
register: stopping_result
|
|
||||||
when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
|
|
||||||
|
|
||||||
- name: Ensure matrix-riot-web.service doesn't exist
|
|
||||||
file:
|
|
||||||
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
|
|
||||||
state: absent
|
|
||||||
when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
|
|
||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-riot-web.service removal
|
|
||||||
service:
|
|
||||||
daemon_reload: yes
|
|
||||||
when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
|
|
||||||
|
|
||||||
- name: Ensure Matrix riot-web paths doesn't exist
|
|
||||||
file:
|
|
||||||
path: "{{ matrix_riot_web_data_path }}"
|
|
||||||
state: absent
|
|
||||||
when: "not matrix_riot_web_enabled|bool"
|
|
||||||
|
|
||||||
- name: Ensure riot-web Docker image doesn't exist
|
|
||||||
docker_image:
|
|
||||||
name: "{{ matrix_riot_web_docker_image }}"
|
|
||||||
state: absent
|
|
||||||
when: "not matrix_riot_web_enabled|bool"
|
|
@ -1,23 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Fail if required riot-web settings not defined
|
|
||||||
fail:
|
|
||||||
msg: >
|
|
||||||
You need to define a required configuration setting (`{{ item }}`) for using riot-web.
|
|
||||||
when: "vars[item] == ''"
|
|
||||||
with_items:
|
|
||||||
- "matrix_riot_web_default_hs_url"
|
|
||||||
|
|
||||||
- name: (Deprecation) Catch and report renamed riot-web variables
|
|
||||||
fail:
|
|
||||||
msg: >-
|
|
||||||
Your configuration contains a variable, which now has a different name.
|
|
||||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
|
||||||
when: "item.old in vars"
|
|
||||||
with_items:
|
|
||||||
- {'old': 'matrix_riot_web_homepage_template', 'new': 'matrix_riot_web_embedded_pages_home_path'}
|
|
||||||
- {'old': 'matrix_riot_web_homepage_template_general', 'new': '<removed>'}
|
|
||||||
- {'old': 'matrix_riot_web_homepage_template_technical', 'new': '<removed>'}
|
|
||||||
- {'old': 'matrix_riot_web_homepage_template_building', 'new': '<removed>'}
|
|
||||||
- {'old': 'matrix_riot_web_homepage_template_contributing', 'new': '<removed>'}
|
|
||||||
- {'old': 'matrix_riot_web_container_expose_port', 'new': '<superseded by matrix_riot_web_container_http_host_bind_port>'}
|
|
@ -1,45 +0,0 @@
|
|||||||
{
|
|
||||||
"default_server_config": {
|
|
||||||
"m.homeserver": {
|
|
||||||
"base_url": {{ matrix_riot_web_default_hs_url|string|to_json }},
|
|
||||||
"server_name": {{ matrix_riot_web_default_server_name|string|to_json }}
|
|
||||||
},
|
|
||||||
"m.identity_server": {
|
|
||||||
"base_url": {{ matrix_riot_web_default_is_url|string|to_json }}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"settingDefaults": {
|
|
||||||
"custom_themes": {{ matrix_riot_web_settingDefaults_custom_themes|to_json }}
|
|
||||||
},
|
|
||||||
"default_theme": {{ matrix_riot_web_default_theme|string|to_json }},
|
|
||||||
"permalinkPrefix": {{ matrix_riot_web_permalinkPrefix|string|to_json }},
|
|
||||||
"disable_custom_urls": {{ matrix_riot_web_disable_custom_urls|to_json }},
|
|
||||||
"disable_guests": {{ matrix_riot_web_disable_guests|to_json }},
|
|
||||||
"brand": {{ matrix_riot_web_brand|to_json }},
|
|
||||||
"integrations_ui_url": {{ matrix_riot_web_integrations_ui_url|string|to_json }},
|
|
||||||
"integrations_rest_url": {{ matrix_riot_web_integrations_rest_url|string|to_json }},
|
|
||||||
"integrations_widgets_urls": {{ matrix_riot_web_integrations_widgets_urls|to_json }},
|
|
||||||
"integrations_jitsi_widget_url": {{ matrix_riot_web_integrations_jitsi_widget_url|string|to_json }},
|
|
||||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
|
||||||
"enableLabs": true,
|
|
||||||
"roomDirectory": {
|
|
||||||
"servers": {{ matrix_riot_web_roomdir_servers|to_json }}
|
|
||||||
},
|
|
||||||
"welcomeUserId": {{ matrix_riot_web_welcome_user_id|to_json }},
|
|
||||||
{% if matrix_riot_web_enable_presence_by_hs_url is not none %}
|
|
||||||
"enable_presence_by_hs_url": {{ matrix_riot_web_enable_presence_by_hs_url|to_json }},
|
|
||||||
{% endif %}
|
|
||||||
"embeddedPages": {
|
|
||||||
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
|
|
||||||
},
|
|
||||||
{% if matrix_riot_web_jitsi_preferredDomain %}
|
|
||||||
"jitsi": {
|
|
||||||
"preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}
|
|
||||||
},
|
|
||||||
{% endif %}
|
|
||||||
"branding": {
|
|
||||||
"authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }},
|
|
||||||
"authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }},
|
|
||||||
"welcomeBackgroundUrl": {{ matrix_riot_web_branding_welcomeBackgroundUrl|to_json }}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,43 +0,0 @@
|
|||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
[Unit]
|
|
||||||
Description=Matrix riot-web server
|
|
||||||
{% for service in matrix_riot_web_systemd_required_services_list %}
|
|
||||||
Requires={{ service }}
|
|
||||||
After={{ service }}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
|
||||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
|
||||||
|
|
||||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
|
|
||||||
--log-driver=none \
|
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
|
||||||
--cap-drop=ALL \
|
|
||||||
--read-only \
|
|
||||||
--network={{ matrix_docker_network }} \
|
|
||||||
{% if matrix_riot_web_container_http_host_bind_port %}
|
|
||||||
-p {{ matrix_riot_web_container_http_host_bind_port }}:8080 \
|
|
||||||
{% endif %}
|
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
|
||||||
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
|
||||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
|
|
||||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
|
|
||||||
{% if matrix_riot_web_embedded_pages_home_path is not none %}
|
|
||||||
-v {{ matrix_riot_web_data_path }}/home.html:/app/home.html:ro \
|
|
||||||
{% endif %}
|
|
||||||
-v {{ matrix_riot_web_data_path }}/welcome.html:/app/welcome.html:ro \
|
|
||||||
{% for arg in matrix_riot_web_container_extra_arguments %}
|
|
||||||
{{ arg }} \
|
|
||||||
{% endfor %}
|
|
||||||
{{ matrix_riot_web_docker_image }}
|
|
||||||
|
|
||||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
|
||||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
|
||||||
Restart=always
|
|
||||||
RestartSec=30
|
|
||||||
SyslogIdentifier=matrix-riot-web
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,3 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
matrix_riot_web_embedded_pages_home_url: "{{ ('' if matrix_riot_web_embedded_pages_home_path is none else 'home.html') }}"
|
|
@ -289,7 +289,7 @@ matrix_synapse_email_smtp_host: ""
|
|||||||
matrix_synapse_email_smtp_port: 587
|
matrix_synapse_email_smtp_port: 587
|
||||||
matrix_synapse_email_smtp_require_transport_security: false
|
matrix_synapse_email_smtp_require_transport_security: false
|
||||||
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
||||||
matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_riot }}"
|
matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"
|
||||||
|
|
||||||
|
|
||||||
# Enable this to activate the REST auth password provider module.
|
# Enable this to activate the REST auth password provider module.
|
||||||
|
@ -24,7 +24,7 @@
|
|||||||
- matrix-bridge-mx-puppet-instagram
|
- matrix-bridge-mx-puppet-instagram
|
||||||
- matrix-bridge-sms
|
- matrix-bridge-sms
|
||||||
- matrix-synapse
|
- matrix-synapse
|
||||||
- matrix-riot-web
|
- matrix-client-element
|
||||||
- matrix-jitsi
|
- matrix-jitsi
|
||||||
- matrix-ma1sd
|
- matrix-ma1sd
|
||||||
- matrix-dimension
|
- matrix-dimension
|
||||||
|
Loading…
Reference in New Issue
Block a user