From 95750c1bc7a6da3e5b12bae4fe0c21e4db7f2899 Mon Sep 17 00:00:00 2001
From: microchipster <blackhole@inzcloud.com>
Date: Sat, 3 Aug 2019 17:23:48 +0000
Subject: [PATCH] attempt to inject nginx config for hangouts bridge

---
 .../defaults/main.yml                         |  2 +
 .../tasks/init.yml                            | 46 +++++++++++++++++++
 .../tasks/validate_config.yml                 |  2 +-
 .../nginx/conf.d/matrix-domain.conf.j2        |  7 ---
 4 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
index 48dedfc3..6835a3d9 100644
--- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
@@ -10,6 +10,8 @@ matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts
 matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config"
 matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data"
 
+matrix_mautrix_hangouts_public_endpoint: 'mautrix-hangouts'
+
 matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
index 9881398d..84e33f13 100644
--- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
@@ -14,3 +14,49 @@
       +
       {{ ["/matrix-mautrix-hangouts-registration.yaml"] }}
   when: matrix_mautrix_hangouts_enabled|bool
+
+- block:
+  - name: Fail if matrix-nginx-proxy role already executed
+    fail:
+      msg: >-
+        Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
+        but it's pointless since the matrix-nginx-proxy role had already executed.
+        To fix this, please change the order of roles in your plabook,
+        so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
+    when: matrix_nginx_proxy_role_executed|default(False)|bool
+
+  - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
+    set_fact:
+      matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
+        location {{ matrix_mautrix_hangouts_public_endpoint }} {
+        {% if matrix_nginx_proxy_enabled|default(False) %}
+        	{# Use the embedded DNS resolver in Docker containers to discover the service #}
+        	resolver 127.0.0.11 valid=5s;
+        	set $backend "matrix-mautrix-hangouts:8080";
+        	proxy_pass http://$backend;
+        {% else %}
+        	{# Generic configuration for use outside of our container setup #}
+        	proxy_pass http://127.0.0.1:9007;
+        {% endif %}
+        }
+  - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
+    set_fact:
+      matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+        {{
+          matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+          +
+          [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
+        }}
+  tags:
+   - always
+  when: matrix_mautrix_hangouts_enabled|bool
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  debug:
+    msg: >-
+      NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
+      URL endpoint to the matrix-mautrix-hangouts container.
+      You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
+  when: "matrix_mautrix_hangouts_enabled|bool and matrix_nginx_proxy_enabled is not defined"
diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml
index 31ff3d0b..8922bef4 100644
--- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml
@@ -6,9 +6,9 @@
       You need to define a required configuration setting (`{{ item }}`).
   when: "vars[item] == ''"
   with_items:
+    - "matrix_mautrix_hangouts_public_endpoint"
     - "matrix_mautrix_hangouts_appservice_token"
     - "matrix_mautrix_hangouts_homeserver_token"
 - debug:
     msg:
-    - '`matrix_base` == {{ matrix_base }}'
     - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}'
diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
index 1c3e6e0f..0d234827 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
@@ -39,13 +39,6 @@ server {
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-	
-	{% if matrix_mautrix_hangouts_enabled %}
-	location /login {
-			proxy_pass http://matrix-mautrix-hangouts:8080;
-			proxy_set_header X-Forwarded-For $remote_addr;
-	}
-	{% endif %}
 
 	location /.well-known/matrix {
 		root {{ matrix_static_files_base_path }};