From bfb61e776e817b2219d26b195291ead5d4fd0344 Mon Sep 17 00:00:00 2001
From: Michael Collins <gomatrixhosting@tutanota.com>
Date: Tue, 10 Aug 2021 12:58:10 +0800
Subject: [PATCH 1/6] GMH v0.5.7... maybe!

---
 roles/matrix-common-after/tasks/awx_post.yml                | 6 ------
 roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml        | 4 ++--
 .../templates/nginx/conf.d/matrix-base-domain.conf.j2       | 4 ++++
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml
index 1e194046f..ef12a8674 100644
--- a/roles/matrix-common-after/tasks/awx_post.yml
+++ b/roles/matrix-common-after/tasks/awx_post.yml
@@ -62,9 +62,3 @@
     group: matrix
     mode: '0574'
   when: customise_base_domain_website is defined
-
-- name: Ensure erroneous /chroot/website/matrix-domain location doesn't exist
-  file:
-    path: /chroot/website/matrix-domain
-    state: absent
-  when: customise_base_domain_website is defined
diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index 1d59f5677..2f36945d2 100644
--- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -127,7 +127,7 @@
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_nginx_proxy_base_domain_serving_enabled|bool
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and not matrix_awx_enabled|bool
 
 - name: Ensure Matrix nginx-proxy homepage for base domain exists
   copy:
@@ -136,7 +136,7 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool and not matrix_awx_enabled|bool
 
 - name: Ensure Matrix nginx-proxy configuration for base domain exists
   template:
diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
index fc567aa3e..a88c66854 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
@@ -1,7 +1,11 @@
 #jinja2: lstrip_blocks: "True"
 
 {% macro render_vhost_directives() %}
+{% if matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled %}
+	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }};
+{% else %}
 	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-domain;
+{% endif %}
 
 	gzip on;
 	gzip_types text/plain application/json;

From 8238d65e5f44d5bd70f860d1e4b189c366ce97d3 Mon Sep 17 00:00:00 2001
From: Michael Collins <gomatrixhosting@tutanota.com>
Date: Wed, 11 Aug 2021 14:19:19 +0800
Subject: [PATCH 2/6] simplify template conditional

---
 .../templates/nginx/conf.d/matrix-base-domain.conf.j2           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
index a88c66854..78e8a6326 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
@@ -2,7 +2,7 @@
 
 {% macro render_vhost_directives() %}
 {% if matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled %}
-	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }};
+	root {{ matrix_nginx_proxy_data_path_in_container }};
 {% else %}
 	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-domain;
 {% endif %}

From 2e30802b87428b4da7afe282a202efa9c0af7691 Mon Sep 17 00:00:00 2001
From: Michael Collins <gomatrixhosting@tutanota.com>
Date: Wed, 11 Aug 2021 15:21:09 +0800
Subject: [PATCH 3/6] use group variables instead

---
 group_vars/matrix_servers                                   | 1 +
 roles/matrix-nginx-proxy/defaults/main.yml                  | 1 +
 .../templates/nginx/conf.d/matrix-base-domain.conf.j2       | 6 +-----
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index cc45042db..667d5a88e 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -41,6 +41,7 @@ matrix_awx_enabled: false
 
 matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}"
 matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}"
+matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}"
 
 ######################################################################
 #
diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index 59dddafb4..d8c378066 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -10,6 +10,7 @@ matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.
 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
 matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data"
 matrix_nginx_proxy_data_path_in_container: "/nginx-data"
+matrix_nginx_proxy_data_path_extension: "/matrix_domain"
 matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d"
 
 # List of systemd services that matrix-nginx-proxy.service depends on
diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
index 78e8a6326..b02942838 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
@@ -1,11 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 
 {% macro render_vhost_directives() %}
-{% if matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled %}
-	root {{ matrix_nginx_proxy_data_path_in_container }};
-{% else %}
-	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-domain;
-{% endif %}
+	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}{{ matrix_nginx_proxy_data_path_extension }};
 
 	gzip on;
 	gzip_types text/plain application/json;

From 4d57a41b3f6123a06562fdf20cf8451ea48c0897 Mon Sep 17 00:00:00 2001
From: Michael Collins <gomatrixhosting@tutanota.com>
Date: Wed, 11 Aug 2021 17:18:57 +0800
Subject: [PATCH 4/6] remove matrix_awx_enabled from these

---
 group_vars/matrix_servers                            | 1 +
 roles/matrix-nginx-proxy/defaults/main.yml           | 3 +++
 roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 4 ++--
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 667d5a88e..a4e00d41b 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -42,6 +42,7 @@ matrix_awx_enabled: false
 matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}"
 matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}"
 matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}"
+matrix_nginx_proxy_base_domain_create_directory: "{{ false if matrix_awx_enabled else true }}"
 
 ######################################################################
 #
diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index d8c378066..87cbcde1d 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -76,6 +76,9 @@ matrix_nginx_proxy_container_federation_host_bind_port: '8448'
 # in the `{{ matrix_nginx_proxy_data_path }}/matrix-domain` (`/matrix/nginx-proxy/data/matrix-domain`) directory.
 matrix_nginx_proxy_base_domain_serving_enabled: false
 
+# Controls whether the base domain directory and default index.html file are created.
+matrix_nginx_proxy_base_domain_create_directory: true
+
 matrix_nginx_proxy_base_domain_hostname: "{{ matrix_domain }}"
 
 # Controls whether `matrix_nginx_proxy_base_domain_homepage_template` would be dumped to an `index.html` file
diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index 2f36945d2..149fadab7 100644
--- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -127,7 +127,7 @@
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and not matrix_awx_enabled|bool
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool
 
 - name: Ensure Matrix nginx-proxy homepage for base domain exists
   copy:
@@ -136,7 +136,7 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool and not matrix_awx_enabled|bool
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool
 
 - name: Ensure Matrix nginx-proxy configuration for base domain exists
   template:

From 4c12c1892ca9e153d015a13354f806ae8801659f Mon Sep 17 00:00:00 2001
From: Michael Collins <gomatrixhosting@tutanota.com>
Date: Wed, 11 Aug 2021 17:32:38 +0800
Subject: [PATCH 5/6] use saner folder permissions

---
 roles/matrix-awx/tasks/customise_website_access_export.yml | 2 +-
 roles/matrix-common-after/tasks/awx_post.yml               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml
index 290197662..d4f48f42c 100755
--- a/roles/matrix-awx/tasks/customise_website_access_export.yml
+++ b/roles/matrix-awx/tasks/customise_website_access_export.yml
@@ -176,7 +176,7 @@
     state: directory
     owner: matrix
     group: matrix
-    mode: '0574'
+    mode: '0770'
   when: customise_base_domain_website is defined
 
 - name: Ensure /chroot/export location exists
diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml
index ef12a8674..b934104bc 100644
--- a/roles/matrix-common-after/tasks/awx_post.yml
+++ b/roles/matrix-common-after/tasks/awx_post.yml
@@ -60,5 +60,5 @@
     state: directory
     owner: matrix
     group: matrix
-    mode: '0574'
+    mode: '0770'
   when: customise_base_domain_website is defined

From 46340fdf63de3ca28fc731f2fbbc3936d0e03c43 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 15 Aug 2021 08:45:21 +0300
Subject: [PATCH 6/6] Simplify if condition

---
 group_vars/matrix_servers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index a4e00d41b..a8e392820 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -42,7 +42,7 @@ matrix_awx_enabled: false
 matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}"
 matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}"
 matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}"
-matrix_nginx_proxy_base_domain_create_directory: "{{ false if matrix_awx_enabled else true }}"
+matrix_nginx_proxy_base_domain_create_directory: "{{ not matrix_awx_enabled }}"
 
 ######################################################################
 #