More progress on matrix-static-files role and cleaning up of matrix-base and matrix-nginx-proxy
This commit is contained in:
Slavi Pantaleev
parent
23a78d1718
commit
da48a605bb
@ -40,15 +40,15 @@ To learn how to set it up, read the Installing section below.
|
||||
|
||||
[MSC 1929](https://github.com/matrix-org/matrix-spec-proposals/pull/1929) specifies a way to add contact details of admins, as well as a link to a support page for users who are having issues with the service. Automated services may also index this information and use it for abuse reports, etc.
|
||||
|
||||
The two playbook variables that you could look for, if you're interested in being an early adopter, are: `matrix_homeserver_admin_contacts` and `matrix_homeserver_support_url`.
|
||||
The two playbook variables that you could look for, if you're interested in being an early adopter, are: `matrix_static_files_file_matrix_support_property_m_contacts` and `matrix_static_files_file_matrix_support_property_m_support_page`.
|
||||
|
||||
Example snippet for `vars.yml`:
|
||||
```
|
||||
# Enable generation of `/.well-known/matrix/support`.
|
||||
matrix_well_known_matrix_support_enabled: true
|
||||
matrix_static_files_file_matrix_support_enabled: true
|
||||
|
||||
# Homeserver admin contacts as per MSC 1929 https://github.com/matrix-org/matrix-spec-proposals/pull/1929
|
||||
matrix_homeserver_admin_contacts:
|
||||
matrix_static_files_file_matrix_support_property_m_contacts:
|
||||
- matrix_id: "@admin1:{{ matrix_domain }}"
|
||||
email_address: admin@domain.tld
|
||||
role: m.role.admin
|
||||
@ -58,7 +58,7 @@ matrix_homeserver_admin_contacts:
|
||||
- email_address: security@domain.tld
|
||||
role: m.role.security
|
||||
|
||||
matrix_homeserver_support_url: "https://example.domain.tld/support"
|
||||
matrix_static_files_file_matrix_support_property_m_support_page: "https://example.domain.tld/support"
|
||||
```
|
||||
|
||||
To learn how to set up `/.well-known/matrix/support` for the base domain, read the Installing section below.
|
||||
|
||||
@ -2996,8 +2996,6 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_
|
||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
|
||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
|
||||
|
||||
matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
|
||||
|
||||
# OCSP stapling does not make sense when self-signed certificates are used.
|
||||
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1073
|
||||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1074
|
||||
@ -4599,21 +4597,17 @@ matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook
|
||||
matrix_static_files_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||
matrix_static_files_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||
|
||||
matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_client_element_jitsi_preferred_domain }}"
|
||||
matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
|
||||
|
||||
matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}"
|
||||
|
||||
matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
|
||||
matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "https://{{ matrix_server_fqn_element }}/map_style.json"
|
||||
|
||||
matrix_static_files_file_matrix_client_property_io_element_e2ee_default: "{{ matrix_well_known_matrix_client_io_element_e2ee_default }}"
|
||||
matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required: "{{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required }}"
|
||||
matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods: "{{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods }}"
|
||||
|
||||
matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
|
||||
|
||||
matrix_static_files_file_matrix_support_property_m_contacts: "{{ matrix_homeserver_admin_contacts }}"
|
||||
matrix_static_files_file_matrix_support_property_m_support_page: "{{ matrix_homeserver_support_url }}"
|
||||
matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"
|
||||
matrix_static_files_self_check_hostname_identity: "{{ matrix_domain }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
||||
@ -52,21 +52,6 @@ matrix_bots_homeserver_systemd_services_list: "{{ matrix_homeserver_systemd_serv
|
||||
# Whether homeserver software is installed depends on other (`matrix_HOMESERVER_enabled`) variables - see `group_vars/matrix_servers`.
|
||||
matrix_homeserver_enabled: true
|
||||
|
||||
# Homeserver admin contacts and support page as per MSC 1929
|
||||
# See: https://github.com/matrix-org/matrix-spec-proposals/pull/1929
|
||||
# Users in form:
|
||||
# matrix_homeserver_admin_contacts:
|
||||
# - matrix_id: @admin:domain.tld
|
||||
# email_address: admin@domain.tld
|
||||
# role: admin
|
||||
# - email_address: security@domain.tld
|
||||
# role: security
|
||||
# Also see: `matrix_well_known_matrix_support_enabled`
|
||||
matrix_homeserver_admin_contacts: []
|
||||
# Url string like https://domain.tld/support.html
|
||||
# Also see: `matrix_well_known_matrix_support_enabled`
|
||||
matrix_homeserver_support_url: ''
|
||||
|
||||
# This will contain the homeserver implementation that is in use.
|
||||
# Valid values: synapse, dendrite, conduit
|
||||
#
|
||||
@ -161,8 +146,6 @@ matrix_base_data_path_mode: "750"
|
||||
|
||||
matrix_bin_path: "{{ matrix_base_data_path }}/bin"
|
||||
|
||||
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
||||
|
||||
matrix_host_command_sleep: "/usr/bin/env sleep"
|
||||
matrix_host_command_chown: "/usr/bin/env chown"
|
||||
matrix_host_command_fusermount: "/usr/bin/env fusermount"
|
||||
@ -203,122 +186,9 @@ matrix_identity_server_url: ~
|
||||
matrix_integration_manager_rest_url: ~
|
||||
matrix_integration_manager_ui_url: ~
|
||||
|
||||
# The domain name where a Jitsi server is self-hosted.
|
||||
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
|
||||
# See: https://github.com/element-hq/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
|
||||
matrix_client_element_jitsi_preferred_domain: '' # noqa var-naming
|
||||
|
||||
# Controls whether Element should use End-to-End Encryption by default.
|
||||
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
|
||||
# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md
|
||||
matrix_well_known_matrix_client_io_element_e2ee_default: true
|
||||
|
||||
# Controls whether Element should require a secure backup set up before Element can be used.
|
||||
# Setting this to true will update `/.well-known/matrix/client` and tell Element require a secure backup.
|
||||
# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md
|
||||
matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required: false
|
||||
|
||||
# Controls which backup methods from ["key", "passphrase"] should be used, both is the default.
|
||||
# Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use
|
||||
# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md
|
||||
matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods: []
|
||||
|
||||
# Controls whether element related entries should be added to the client well-known. Override this to false to hide
|
||||
# element related well-known entries.
|
||||
# By default if any of the following change from their default this is set to true:
|
||||
# `matrix_well_known_matrix_client_io_element_e2ee_default`
|
||||
# `matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required`
|
||||
# `matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods`
|
||||
matrix_well_known_matrix_client_io_element_e2ee_entries_enabled: "{{ not matrix_well_known_matrix_client_io_element_e2ee_default or matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required or matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods | length > 0 }}"
|
||||
|
||||
# Default `/.well-known/matrix/client` configuration - it covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside the template file that it references.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_client_configuration_extension_json`)
|
||||
# or completely replace this variable with your own template.
|
||||
#
|
||||
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
||||
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
||||
matrix_well_known_matrix_client_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-client.j2') }}"
|
||||
|
||||
# Your custom JSON configuration for `/.well-known/matrix/client` should go to `matrix_well_known_matrix_client_configuration_extension_json`.
|
||||
# This configuration extends the default starting configuration (`matrix_well_known_matrix_client_configuration_default`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_well_known_matrix_client_configuration`.
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
#
|
||||
# matrix_well_known_matrix_client_configuration_extension_json: |
|
||||
# {
|
||||
# "io.element.call_behaviour": {
|
||||
# "widget_build_url": "https://dimension.example.com/api/v1/dimension/bigbluebutton/widget_state"
|
||||
# }
|
||||
# }
|
||||
matrix_well_known_matrix_client_configuration_extension_json: '{}'
|
||||
|
||||
matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json | from_json if matrix_well_known_matrix_client_configuration_extension_json | from_json is mapping else {} }}"
|
||||
|
||||
# Holds the final `/.well-known/matrix/client` configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_client_configuration_default` and `matrix_well_known_matrix_client_configuration_extension_json`.
|
||||
matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default | combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}"
|
||||
|
||||
# Default `/.well-known/matrix/server` configuration - it covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside the template file that it references.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_server_configuration_extension_json`)
|
||||
# or completely replace this variable with your own template.
|
||||
#
|
||||
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
||||
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
||||
matrix_well_known_matrix_server_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-server.j2') }}"
|
||||
|
||||
# Your custom JSON configuration for `/.well-known/matrix/server` should go to `matrix_well_known_matrix_server_configuration_extension_json`.
|
||||
# This configuration extends the default starting configuration (`matrix_well_known_matrix_server_configuration_default`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_well_known_matrix_server_configuration`.
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
#
|
||||
# matrix_well_known_matrix_server_configuration_extension_json: |
|
||||
# {
|
||||
# "something": "another"
|
||||
# }
|
||||
matrix_well_known_matrix_server_configuration_extension_json: '{}'
|
||||
|
||||
matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json | from_json if matrix_well_known_matrix_server_configuration_extension_json | from_json is mapping else {} }}"
|
||||
|
||||
# Holds the final `/.well-known/matrix/server` configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`.
|
||||
matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default | combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}"
|
||||
|
||||
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
||||
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
||||
matrix_well_known_matrix_support_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-support.j2') }}"
|
||||
|
||||
matrix_well_known_matrix_support_configuration_extension_json: '{}'
|
||||
|
||||
matrix_well_known_matrix_support_configuration_extension: "{{ matrix_well_known_matrix_support_configuration_extension_json | from_json if matrix_well_known_matrix_support_configuration_extension_json | from_json is mapping else {} }}"
|
||||
|
||||
# Holds the final `/.well-known/matrix/support` configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_support_configuration_default` and `matrix_well_known_matrix_support_configuration_extension_json`.
|
||||
matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_support_configuration_default | combine(matrix_well_known_matrix_support_configuration_extension, recursive=True) }}"
|
||||
|
||||
# The Docker network that all services would be put into
|
||||
matrix_docker_network: "matrix"
|
||||
|
||||
# Controls whether a `/.well-known/matrix/support` file is generated and used at all.
|
||||
# For details about this file, see the spec: https://github.com/matrix-org/matrix-spec-proposals/pull/1929
|
||||
#
|
||||
# This is not enabled by default, as for it to be useful, other information is necessary.
|
||||
# See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
|
||||
matrix_well_known_matrix_support_enabled: false
|
||||
|
||||
matrix_homeserver_container_extra_arguments_auto: []
|
||||
matrix_homeserver_app_service_config_files_auto: []
|
||||
|
||||
|
||||
@ -21,19 +21,3 @@
|
||||
- common
|
||||
block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-ma1sd
|
||||
- setup-synapse
|
||||
- setup-dendrite
|
||||
- setup-conduit
|
||||
- setup-nginx-proxy
|
||||
- install-all
|
||||
- install-ma1sd
|
||||
- install-synapse
|
||||
- install-dendrite
|
||||
- install-conduit
|
||||
- install-nginx-proxy
|
||||
block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
---
|
||||
# We need others to be able to read these directories too,
|
||||
# so that matrix-nginx-proxy's nginx user can access the files.
|
||||
#
|
||||
# For running with another webserver, we recommend being part of the `matrix` group.
|
||||
- name: Ensure Matrix static-files path exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_static_files_base_path }}/.well-known/matrix"
|
||||
@ -18,9 +18,9 @@
|
||||
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
|
||||
- {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
|
||||
- {'old': 'matrix_local_bin_path', 'new': '<there is no global bin path anymore - each role has its own>'}
|
||||
- {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_well_known_matrix_client_io_element_e2ee_default'}
|
||||
- {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required'}
|
||||
- {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods'}
|
||||
- {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'}
|
||||
- {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'}
|
||||
- {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'}
|
||||
|
||||
# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
|
||||
- name: Fail if matrix_homeserver_generic_secret_key is undefined
|
||||
|
||||
@ -1,51 +0,0 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "{{ matrix_homeserver_url }}"
|
||||
}
|
||||
{% if matrix_identity_server_url %},
|
||||
"m.identity_server": {
|
||||
"base_url": "{{ matrix_identity_server_url }}"
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_integration_manager_rest_url and matrix_integration_manager_ui_url %},
|
||||
"m.integrations": {
|
||||
"managers": [
|
||||
{
|
||||
"api_url": "{{ matrix_integration_manager_rest_url }}",
|
||||
"ui_url": "{{ matrix_integration_manager_ui_url }}"
|
||||
}
|
||||
]
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_client_element_jitsi_preferred_domain %},
|
||||
"io.element.jitsi": {
|
||||
"preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }}
|
||||
},
|
||||
"im.vector.riot.jitsi": {
|
||||
"preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }}
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_homeserver_sliding_sync_url %},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "{{ matrix_homeserver_sliding_sync_url }}"
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_client_element_location_sharing_enabled %},
|
||||
"m.tile_server": {
|
||||
"map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json"
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_well_known_matrix_client_io_element_e2ee_entries_enabled %},
|
||||
"io.element.e2ee": {
|
||||
"default": {{ matrix_well_known_matrix_client_io_element_e2ee_default|to_json }},
|
||||
"secure_backup_required": {{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required|to_json }},
|
||||
"secure_backup_setup_methods": {{ matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods|to_json }}
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_well_known_matrix_client_io_element_e2ee_entries_enabled %},
|
||||
"im.vector.riot.e2ee": {
|
||||
"default": {{ matrix_well_known_matrix_client_io_element_e2ee_default|to_json }}
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
@ -1,4 +0,0 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
{
|
||||
"m.server": "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
|
||||
}
|
||||
@ -1,7 +0,0 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
{
|
||||
"contacts": {{ matrix_homeserver_admin_contacts|to_json }}
|
||||
{% if matrix_homeserver_support_url %},
|
||||
"support_page": {{ matrix_homeserver_support_url|to_json }}
|
||||
{% endif %}
|
||||
}
|
||||
@ -568,15 +568,6 @@ matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_
|
||||
# you may wish to set this to '$proxy_add_x_forwarded_for' instead.
|
||||
matrix_nginx_proxy_x_forwarded_for: '$remote_addr'
|
||||
|
||||
# Controls whether the self-check feature should validate SSL certificates.
|
||||
matrix_nginx_proxy_self_check_validate_certificates: true
|
||||
|
||||
# Controls whether redirects will be followed when checking the `/.well-known/matrix/client` resource.
|
||||
#
|
||||
# As per the spec (https://matrix.org/docs/spec/client_server/r0.6.0#well-known-uri), it shouldn't be,
|
||||
# so we default to not following redirects as well.
|
||||
matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
|
||||
|
||||
# For OCSP purposes, we need to define a resolver at the `server{}` level or `http{}` level (we do the latter).
|
||||
#
|
||||
# Otherwise, we get warnings like this:
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
---
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_well_known_file_path: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
|
||||
|
||||
# We need others to be able to read these directories too,
|
||||
# so that matrix-nginx-proxy's nginx user can access the files.
|
||||
#
|
||||
# For running with another webserver, we recommend being part of the `matrix` group.
|
||||
- name: Ensure Matrix static-files path exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_static_files_base_path }}/.well-known/matrix"
|
||||
|
||||
- name: Ensure Matrix /.well-known/matrix/client configured
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/well-known/matrix-client.j2"
|
||||
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
@ -24,17 +24,6 @@
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location /.well-known/matrix {
|
||||
root {{ matrix_static_files_base_path }};
|
||||
{#
|
||||
A somewhat long expires value is used to prevent outages
|
||||
in case this is unreachable due to network failure.
|
||||
#}
|
||||
expires 4h;
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
|
||||
@ -29,18 +29,6 @@
|
||||
|
||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||
|
||||
location /.well-known/matrix {
|
||||
root {{ matrix_static_files_base_path }};
|
||||
{#
|
||||
A somewhat long expires value is used to prevent outages
|
||||
in case this is unreachable due to network failure or
|
||||
due to the base domain's server completely dying.
|
||||
#}
|
||||
expires 4h;
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %}
|
||||
{{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }}
|
||||
{% endif %}
|
||||
|
||||
@ -41,7 +41,6 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
{% if matrix_ssl_retrieval_method != 'none' %}
|
||||
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst={{ matrix_ssl_config_dir_path }},ro \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_static_files_base_path }},dst={{ matrix_static_files_base_path }},ro \
|
||||
{% for volume in matrix_nginx_proxy_container_additional_volumes %}
|
||||
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
||||
{% endfor %}
|
||||
|
||||
@ -112,6 +112,9 @@ matrix_static_files_file_matrix_client_property_m_integrations_managers_api_url:
|
||||
matrix_static_files_file_matrix_client_property_m_integrations_managers_ui_url: "{{ matrix_integration_manager_ui_url }}"
|
||||
|
||||
# Controls the io.element.jitsi/preferredDomain property in the /.well-known/matrix/client file
|
||||
# This specifies the domain name where a Jitsi server is self-hosted.
|
||||
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
|
||||
# See: https://github.com/element-hq/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
|
||||
matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: ""
|
||||
|
||||
# Controls the org.matrix.msc3575.proxy/url (sliding sync) property in the /.well-known/matrix/client file
|
||||
@ -295,6 +298,17 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# Controls whether the self-check feature should validate SSL certificates.
|
||||
matrix_static_files_self_check_validate_certificates: true
|
||||
|
||||
matrix_static_files_self_check_hostname_matrix: ''
|
||||
matrix_static_files_self_check_hostname_identity: ''
|
||||
|
||||
# Controls whether redirects will be followed when checking the `/.well-known/matrix/client` resource.
|
||||
#
|
||||
# As per the spec (https://matrix.org/docs/spec/client_server/r0.6.0#well-known-uri), it shouldn't be,
|
||||
# so we default to not following redirects as well.
|
||||
matrix_static_files_self_check_well_known_matrix_client_follow_redirects: none
|
||||
|
||||
# TODO - review this one
|
||||
# Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected.
|
||||
|
||||
@ -1,27 +1,28 @@
|
||||
---
|
||||
|
||||
# TODO - migrate these variables and deprecate the old ones
|
||||
# TODO - deprecate the old variables in the matrix-nginx-proxy role
|
||||
|
||||
- name: Determine well-known files to check (Matrix)
|
||||
- name: Determine well-known files to check (start with /.well-known/matrix/client)
|
||||
ansible.builtin.set_fact:
|
||||
well_known_file_checks:
|
||||
- path: /.well-known/matrix/client
|
||||
purpose: Client Discovery
|
||||
cors: true
|
||||
follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}"
|
||||
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
||||
follow_redirects: "{{ matrix_static_files_self_check_well_known_matrix_client_follow_redirects }}"
|
||||
validate_certs: "{{ matrix_static_files_self_check_validate_certificates }}"
|
||||
|
||||
- when: matrix_well_known_matrix_server_enabled | bool
|
||||
block:
|
||||
- ansible.builtin.set_fact:
|
||||
- name: Prepare /.well-known/matrix/server to well-known files to check, if enabled
|
||||
ansible.builtin.set_fact:
|
||||
well_known_file_check_matrix_server:
|
||||
path: /.well-known/matrix/server
|
||||
purpose: Server Discovery
|
||||
cors: false
|
||||
follow_redirects: safe
|
||||
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
||||
validate_certs: "{{ matrix_static_files_self_check_validate_certificates }}"
|
||||
|
||||
- name: Determine domains that we require certificates for (ma1sd)
|
||||
- name: Inject /.well-known/matrix/server to well-known files to check, if enabled
|
||||
ansible.builtin.set_fact:
|
||||
well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
|
||||
well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
|
||||
well_known_url_matrix: "https://{{ matrix_static_files_self_check_hostname_matrix }}{{ well_known_file_check.path }}"
|
||||
well_known_url_identity: "https://{{ matrix_static_files_self_check_hostname_identity }}{{ well_known_file_check.path }}"
|
||||
|
||||
# These well-known files may be served without a `Content-Type: application/json` header,
|
||||
# so we can't rely on the uri module's automatic parsing of JSON.
|
||||
|
||||
@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
# Files used to be installed by the `matrix-base` role into `/matrix/static-files/.well-known/*`.
|
||||
# Such files are now generated by the `matrix-static-files` role into a slightly different path: `/matrix/static-files/public/.well-known/*`.
|
||||
|
||||
- name: Ensure old /matrix/static-files/.well-known files are deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_base_data_path }}/static-files/.well-known"
|
||||
state: absent
|
||||
@ -21,6 +21,12 @@
|
||||
block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_usr_local_bin.yml"
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- install-all
|
||||
block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_matrix_static_files_well_known.yml"
|
||||
|
||||
- when: devture_traefik_enabled | bool
|
||||
tags:
|
||||
- setup-all
|
||||
|
||||
@ -67,6 +67,16 @@
|
||||
|
||||
- {'old': 'matrix_well_known_matrix_server_enabled', 'new': 'matrix_static_files_file_matrix_server_enabled'}
|
||||
- {'old': 'matrix_well_known_matrix_support_enabled', 'new': 'matrix_static_files_file_matrix_support_enabled'}
|
||||
- {'old': 'matrix_homeserver_admin_contacts', 'new': 'matrix_static_files_file_matrix_support_property_m_contacts'}
|
||||
- {'old': 'matrix_homeserver_support_url', 'new': 'matrix_static_files_file_matrix_support_property_m_support_page'}
|
||||
- {'old': 'matrix_well_known_matrix_client_io_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'}
|
||||
- {'old': 'matrix_well_known_matrix_client_io_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'}
|
||||
- {'old': 'matrix_well_known_matrix_client_io_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'}
|
||||
- {'old': 'matrix_well_known_matrix_client_configuration_extension_json', 'new': 'matrix_static_files_file_matrix_client_configuration_extension_json'}
|
||||
- {'old': 'matrix_well_known_matrix_server_configuration_extension_json', 'new': 'matrix_static_files_file_matrix_server_configuration_extension_json'}
|
||||
- {'old': 'matrix_well_known_matrix_support_configuration_extension_json', 'new': 'matrix_static_files_file_matrix_support_configuration_extension_json'}
|
||||
- {'old': 'matrix_nginx_proxy_self_check_validate_certificates', 'new': 'matrix_static_files_self_check_validate_certificates'}
|
||||
- {'old': 'matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects', 'new': 'matrix_static_files_self_check_well_known_matrix_client_follow_redirects'}
|
||||
|
||||
- name: (Deprecation) Catch and report matrix_postgres variables
|
||||
ansible.builtin.fail:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user