diff --git a/CHANGELOG.md b/CHANGELOG.md index a69ad72d..134dba8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +# 2019-02-19 + +## Renaming variables + +The following playbook variables were renamed: + +- from `host_specific_hostname_identity` to `matrix_domain` +- from `hostname_identity` to `matrix_domain` +- from `hostname_matrix` to `matrix_server_fqn_matrix` +- from `hostname_riot` to `matrix_server_fqn_riot` +- from `host_specific_matrix_ssl_lets_encrypt_support_email` to `matrix_ssl_lets_encrypt_support_email` + +Doing that, we've simplified things, made names less confusing (hopefully) and moved all variable names under the `matrix_` prefix. + + # 2019-02-16 ## Riot v1.0.1 support diff --git a/docs/configuring-playbook-bridge-appservice-irc.md b/docs/configuring-playbook-bridge-appservice-irc.md index 7f8349a0..bec1791b 100644 --- a/docs/configuring-playbook-bridge-appservice-irc.md +++ b/docs/configuring-playbook-bridge-appservice-irc.md @@ -73,4 +73,4 @@ matrix_appservice_irc_configuration_extension_yaml: | lineLimit: 3 ``` -You then need to start a chat with `@irc_bot:{{ hostname_identity }}` +You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 223392d6..f83a4dda 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -12,4 +12,4 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH ``` -You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname). +You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index ad7f6fec..4c646717 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -10,4 +10,4 @@ Use the following playbook configuration: matrix_mautrix_whatsapp_enabled: true ``` -You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname). +You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index d7673738..6a319575 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -66,13 +66,13 @@ If you are hosting other domains on the Matrix machine, you can make the playboo To do that, simply define your own custom configuration like this: ```yaml -# Note: we need to include the matrix (`hostname_matrix`) and riot (`hostname_riot`) domains explicitly. -# Your base domain is in the `hostname_identity` variable. +# Note: we need to include the matrix (`matrix_server_fqn_matrix`) and riot (`matrix_server_fqn_riot`) domains explicitly. +# Your base domain is in the `matrix_domain` variable. # Adding any other additional domains (hosted on the same machine) is possible. matrix_ssl_domains_to_obtain_certificates_for: - - '{{ hostname_matrix }}' - - '{{ hostname_riot }}' - - '{{ hostname_identity }}' + - '{{ matrix_server_fqn_matrix }}' + - '{{ matrix_server_fqn_riot }}' + - '{{ matrix_domain }}' ``` After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should: diff --git a/examples/host-vars.yml b/examples/host-vars.yml index 060997a7..64d12097 100644 --- a/examples/host-vars.yml +++ b/examples/host-vars.yml @@ -1,26 +1,21 @@ -# This is something which is provided to Let's Encrypt -# when retrieving the SSL certificates for domains. +# The bare domain name which represents your Matrix identity. +# Matrix user ids for your server will be of the form (`@user:`). # -# In case SSL renewal fails at some point, you'll also get -# an email notification there. -# -# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt), -# you won't be required to define this variable -# (see `docs/configuring-playbook-ssl-certificates.md`). -# -# Example value: someone@example.com -host_specific_matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE - -# This is your bare domain name (``). -# -# Note: the server specified here is not touched. -# -# This playbook only installs to `matrix.`, -# but it nevertheless requires to know the bare domain name -# (for configuration purposes). +# Note: this playbook does not touch the server referenced here. +# Installation happens on another server ("matrix."). # # Example value: example.com -host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE +matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE + +# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains. +# +# In case SSL renewal fails at some point, you'll also get an email notification there. +# +# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt), +# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`). +# +# Example value: someone@example.com +matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE # A shared secret (between Coturn and Synapse) used for authentication. # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index f46b5c6f..49183e37 100644 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -112,7 +112,7 @@ matrix_mailer_enabled: true # ###################################################################### -# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`). +# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`). # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. matrix_mxisd_enabled: true @@ -129,7 +129,7 @@ matrix_mxisd_synapsesql_type: postgresql matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }} matrix_mxisd_dns_overwrite_enabled: true -matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}" +matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}" matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}" # By default, we send mail through the `matrix-mailer` service. @@ -207,9 +207,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: | matrix_ssl_domains_to_obtain_certificates_for: | {{ - ([hostname_matrix]) + ([matrix_server_fqn_matrix]) + - ([hostname_riot] if matrix_riot_web_enabled else []) + ([matrix_server_fqn_riot] if matrix_riot_web_enabled else []) }} ###################################################################### @@ -247,7 +247,7 @@ matrix_postgres_db_name: "homeserver" # ###################################################################### -# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain. +# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain. # If you wish to connect to your Matrix server by other means, you may wish to disable this. matrix_riot_web_enabled: true @@ -274,7 +274,7 @@ matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}" ###################################################################### # When mxisd is enabled, we can use it instead of the default public Identity servers. -matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}" +matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports @@ -303,13 +303,13 @@ matrix_synapse_email_smtp_host: "matrix-mailer" matrix_synapse_email_smtp_port: 8025 matrix_synapse_email_smtp_require_transport_security: false matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>" -matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}" +matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}" matrix_synapse_turn_uris: | {{ [ - 'turn:' + hostname_matrix + ':3478?transport=udp', - 'turn:' + hostname_matrix + ':3478?transport=tcp', + 'turn:' + matrix_server_fqn_matrix + ':3478?transport=udp', + 'turn:' + matrix_server_fqn_matrix + ':3478?transport=tcp', ] if matrix_coturn_enabled else [] diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 033bda7e..25122173 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -1,16 +1,19 @@ -# The bare hostname which represents your identity. -# This is something like "example.com". +# The bare domain name which represents your Matrix identity. +# Matrix user ids for your server will be of the form (`@user:`). +# # Note: this playbook does not touch the server referenced here. -hostname_identity: "{{ host_specific_hostname_identity|lower }}" +# Installation happens on another server ("matrix.", see `matrix_server_fqn_matrix`). +# +# Example value: example.com +matrix_domain: ~ -# This is where your data lives and what we set up here. -# This and the Riot hostname (see below) are expected to be on the same server. -hostname_matrix: "matrix.{{ hostname_identity }}" +# This is where your data lives and what we set up. +# This and the Riot FQN (see below) are expected to be on the same server. +matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}" # This is where you access the web UI from and what we set up here. -# This and the Matrix hostname (see above) are expected to be on the same server. -hostname_riot: "riot.{{ hostname_identity }}" - +# This and the Matrix FQN (see above) are expected to be on the same server. +matrix_server_fqn_riot: "riot.{{ matrix_domain }}" matrix_user_username: "matrix" matrix_user_uid: 991 @@ -21,7 +24,7 @@ matrix_base_data_path_mode: "750" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" -matrix_homeserver_url: "https://{{ hostname_matrix }}" +matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" matrix_identity_server_url: ~ @@ -32,8 +35,8 @@ matrix_docker_network: "matrix" # # If you wish to rely on DNS SRV records only, you can disable this. # Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448) -# using certificates for the base domain (`hostname_identity`) and not for the -# matrix domain (`hostname_matrix`). +# using certificates for the base domain (`matrix_domain`) and not for the +# matrix domain (`matrix_server_fqn_matrix`). matrix_well_known_matrix_server_enabled: true # Variables to Control which parts of our roles run. diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml index facfc5b2..892cd7d1 100644 --- a/roles/matrix-base/tasks/main.yml +++ b/roles/matrix-base/tasks/main.yml @@ -1,3 +1,7 @@ +- import_tasks: "{{ role_path }}/tasks/sanity_check.yml" + tags: + - always + - import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" when: run_setup tags: @@ -21,13 +25,9 @@ - setup-synapse - setup-nginx-proxy -- import_tasks: "{{ role_path }}/tasks/sanity_check.yml" - tags: - - always - - import_tasks: "{{ role_path }}/tasks/self_check_dns.yml" delegate_to: 127.0.0.1 become: false when: run_self_check tags: - - self-check \ No newline at end of file + - self-check diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 592afe2e..0bff6a6b 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -15,15 +15,32 @@ msg: "{{ matrix_ansible_outdated_fail_msg }}" when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2" -# This sanity check is only used to detect uppercase when people override these specific variables. -# -# If people set `host_specific_hostname_identity` without overriding other variables (the general use-case), -# we take care to lower-case it automatically and it won't cause trouble anyway. +- name: (Deprecation) Catch and report renamed settings + fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'} + - {'old': 'hostname_identity', 'new': 'matrix_domain'} + - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'} + - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'} + +- name: Fail if required variables are undefined + fail: + msg: "The `{{ item }}` variable must be defined and have a non-null value" + with_items: + - matrix_domain + - matrix_server_fqn_matrix + - matrix_server_fqn_riot + when: "item not in vars or vars[item] is none" + - name: Fail if uppercase domain used fail: msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!" - when: "item != item|lower" with_items: - - "{{ hostname_identity }}" - - "{{ hostname_matrix }}" - - "{{ hostname_riot }}" + - "{{ matrix_domain }}" + - "{{ matrix_server_fqn_matrix }}" + - "{{ matrix_server_fqn_riot }}" + when: "item != item|lower" diff --git a/roles/matrix-base/tasks/self_check_dns.yml b/roles/matrix-base/tasks/self_check_dns.yml index 371147fd..36c14631 100644 --- a/roles/matrix-base/tasks/self_check_dns.yml +++ b/roles/matrix-base/tasks/self_check_dns.yml @@ -4,16 +4,16 @@ set_fact: dns_srv_record_checks: - service_and_protocol: "_matrix._tcp" - domain: "{{ (hostname_identity + '.') }}" - expected_target: "{{ (hostname_matrix + '.') }}" + domain: "{{ (matrix_domain + '.') }}" + expected_target: "{{ (matrix_server_fqn_matrix + '.') }}" expected_port: 8448 - block: - set_fact: dns_srv_record_check_mxisd: service_and_protocol: "_matrix-identity._tcp" - domain: "{{ (hostname_identity + '.') }}" - expected_target: "{{ (hostname_matrix + '.') }}" + domain: "{{ (matrix_domain + '.') }}" + expected_target: "{{ (matrix_server_fqn_matrix + '.') }}" expected_port: 443 - name: Determine domains that we require certificates for (mxisd) @@ -25,4 +25,4 @@ include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml" with_items: "{{ dns_srv_record_checks }}" loop_control: - loop_var: dns_srv_record_check \ No newline at end of file + loop_var: dns_srv_record_check diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 index 53ed8787..a8e19167 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 @@ -1,3 +1,3 @@ { - "m.server": "{{ hostname_matrix }}:8448" + "m.server": "{{ matrix_server_fqn_matrix }}:8448" } diff --git a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 index 9fdd7a21..fc1ab5ba 100644 --- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 +++ b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 @@ -5,7 +5,7 @@ if [ "$(id -u)" != "0" ]; then exit 1 fi -echo "WARNING! You are about to remove everything the playbook installs for matrix.{{ host_specific_hostname_identity }}: matrix, docker images,..." +echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images,..." echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'" read sure diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 20f0fe62..ca89d481 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -15,7 +15,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config" matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache" matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" -matrix_corporal_matrix_homeserver_domain_name: "{{ hostname_identity }}" +matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}" # Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008"). # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`. diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml index 86985be1..03e91d8d 100644 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/matrix-corporal/tasks/self_check_corporal.yml @@ -1,7 +1,7 @@ --- - set_fact: - corporal_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/corporal" + corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal" - name: Check Matrix Corporal HTTP gateway uri: @@ -13,9 +13,9 @@ - name: Fail if Matrix Corporal HTTP gateway not working fail: - msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}" + msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}" when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content" - name: Report working Matrix Corporal HTTP gateway debug: - msg: "Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)" \ No newline at end of file + msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)" diff --git a/roles/matrix-corporal/templates/config.json.j2 b/roles/matrix-corporal/templates/config.json.j2 index 5835cced..378b2c19 100644 --- a/roles/matrix-corporal/templates/config.json.j2 +++ b/roles/matrix-corporal/templates/config.json.j2 @@ -8,7 +8,7 @@ }, "Reconciliation": { - "UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ hostname_identity }}", + "UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}", "RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }} }, diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index 56c84120..a91aa5e0 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -1,6 +1,6 @@ use-auth-secret static-auth-secret={{ matrix_coturn_turn_static_auth_secret }} -realm=turn.{{ hostname_matrix }} +realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} external-ip={{ matrix_coturn_turn_external_ip_address }} diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 3b652799..f4b2e917 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0" matrix_mailer_container_user_uid: 100 matrix_mailer_container_user_gid: 101 -matrix_mailer_sender_address: "matrix@{{ hostname_identity }}" +matrix_mailer_sender_address: "matrix@{{ matrix_domain }}" matrix_mailer_relay_use: false matrix_mailer_relay_host_name: "mail.example.com" matrix_mailer_relay_host_port: 587 diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index 54beb215..f9e1348e 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -15,7 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ --tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \ --network={{ matrix_docker_network }} \ --env-file={{ matrix_mailer_base_path }}/env-mailer \ - --hostname={{ hostname_matrix }} \ + --hostname={{ matrix_server_fqn_matrix }} \ {{ matrix_mailer_docker_image }} ExecStop=-/usr/bin/docker kill matrix-mailer ExecStop=-/usr/bin/docker rm matrix-mailer diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index 4cd87003..13866bd1 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -29,7 +29,7 @@ matrix_mxisd_synapsesql_type: "" matrix_mxisd_synapsesql_connection: "" # Setting up email-sending settings is required for using mxisd. -matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ hostname_identity }}" +matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}" matrix_mxisd_threepid_medium_email_connectors_smtp_host: "" matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587 matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1 @@ -40,7 +40,7 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_password: "" # Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd, # so that mxisd can rewrite the original URL to one that would reach the homeserver. matrix_mxisd_dns_overwrite_enabled: false -matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}" +matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}" matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" # Default mxisd configuration template which covers the generic use case. @@ -50,10 +50,10 @@ matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" # or completely replace this variable with your own template. matrix_mxisd_configuration_yaml: | matrix: - domain: {{ hostname_identity }} + domain: {{ matrix_domain }} server: - name: {{ hostname_matrix }} + name: {{ matrix_server_fqn_matrix }} key: path: /var/mxisd/sign.key diff --git a/roles/matrix-mxisd/tasks/self_check_mxisd.yml b/roles/matrix-mxisd/tasks/self_check_mxisd.yml index 6c9f1e2d..1ca9a39b 100644 --- a/roles/matrix-mxisd/tasks/self_check_mxisd.yml +++ b/roles/matrix-mxisd/tasks/self_check_mxisd.yml @@ -1,7 +1,7 @@ --- - set_fact: - mxisd_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/identity/api/v1" + mxisd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1" - name: Check mxisd Identity Service uri: @@ -12,9 +12,9 @@ - name: Fail if mxisd Identity Service not working fail: - msg: "Failed checking mxisd is up at `{{ hostname_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}" + msg: "Failed checking mxisd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}" when: "result_mxisd.failed or 'json' not in result_mxisd" - name: Report working mxisd Identity Service debug: - msg: "mxisd at `{{ hostname_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)" \ No newline at end of file + msg: "mxisd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 30a41cb8..48c3e18f 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -22,11 +22,11 @@ matrix_nginx_proxy_container_additional_volumes: [] # Controls whether proxying the riot domain should be done. matrix_nginx_proxy_proxy_riot_enabled: false -matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}" +matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}" # Controls whether proxying the matrix domain should be done. matrix_nginx_proxy_proxy_matrix_enabled: false -matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}" +matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false @@ -92,7 +92,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3" # obeying the following hierarchy: # - /live//fullchain.pem # - /live//privkey.pem -# where refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`). +# where refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`). # # The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen. # It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`) @@ -106,7 +106,7 @@ matrix_ssl_domains_to_obtain_certificates_for: [] matrix_ssl_lets_encrypt_staging: false matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 -matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}" +matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index 40fa95a6..6467cedb 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -1,8 +1,8 @@ --- - set_fact: - well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}" - well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}" + well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}" + well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}" # These well-known files may be served without a `Content-Type: application/json` header, # so we can't rely on the uri module's automatic parsing of JSON. @@ -16,7 +16,7 @@ - name: Fail if .well-known not working on the matrix hostname fail: - msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}" + msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}" when: "result_well_known_matrix.failed" - name: Parse JSON for well-known payload at the matrix hostname @@ -25,12 +25,12 @@ - name: Fail if .well-known not CORS-aware on the matrix hostname fail: - msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set." + msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set." when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix" - name: Report working .well-known on the matrix hostname debug: - msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)" + msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)" - name: Check .well-known on the identity hostname uri: @@ -42,7 +42,7 @@ - name: Fail if .well-known not working on the identity hostname fail: - msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}" + msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}" when: "result_well_known_identity.failed" - name: Parse JSON for well-known payload at the identity hostname @@ -51,15 +51,15 @@ - name: Fail if .well-known not CORS-aware on the identity hostname fail: - msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md" + msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md" when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity" # For people who manually copy the well-known file, try to detect if it's outdated - name: Fail if well-known is different on matrix hostname and identity hostname fail: - msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?" + msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?" when: "well_known_matrix_payload != well_known_identity_payload" - name: Report working .well-known on the identity hostname debug: - msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)" + msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 583ce29c..78f1458b 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -16,10 +16,22 @@ # Tasks related to setting up Let's Encrypt's management of certificates # -- name: (Deprecation) Fail if using outdated configuration +- name: (Deprecation) Catch and report renamed settings fail: - msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!" - when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined" + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + with_items: + - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} + - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} + when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars" + +- name: Fail if required variables are undefined + fail: + msg: "Detected an undefined required variable" + with_items: + - "{{ matrix_ssl_lets_encrypt_support_email }}" + when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none" - name: Allow access to HTTP/HTTPS in firewalld firewalld: @@ -111,4 +123,4 @@ file: path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew state: absent - when: "matrix_ssl_retrieval_method != 'lets-encrypt'" \ No newline at end of file + when: "matrix_ssl_retrieval_method != 'lets-encrypt'" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 index 5f474453..20f9fda2 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 @@ -13,4 +13,4 @@ docker run \ --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ --network {{ matrix_docker_network }} \ {{ matrix_postgres_docker_image_to_use }} \ - psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ host_specific_hostname_identity }}'" + psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'" diff --git a/roles/matrix-riot-web/tasks/self_check_riot_web.yml b/roles/matrix-riot-web/tasks/self_check_riot_web.yml index a32fb2cb..1e10566f 100644 --- a/roles/matrix-riot-web/tasks/self_check_riot_web.yml +++ b/roles/matrix-riot-web/tasks/self_check_riot_web.yml @@ -1,7 +1,7 @@ --- - set_fact: - riot_web_url_endpoint_public: "https://{{ hostname_riot }}/config.json" + riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json" - name: Check riot-web uri: @@ -12,9 +12,9 @@ - name: Fail if riot-web not working fail: - msg: "Failed checking riot-web is up at `{{ hostname_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}" + msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}" when: "result_riot_web.failed or 'json' not in result_riot_web" - name: Report working riot-web debug: - msg: "riot-web at `{{ hostname_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)" \ No newline at end of file + msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index f58251bf..fd320ab4 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -71,8 +71,8 @@ matrix_synapse_rc_message_burst_count: 10.0 # If you're serving Synapse behind an HTTPS-capable reverse-proxy, # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`). matrix_synapse_tls_federation_listener_enabled: true -matrix_synapse_tls_certificate_path: "/data/{{ hostname_matrix }}.tls.crt" -matrix_synapse_tls_private_key_path: "/data/{{ hostname_matrix }}.tls.key" +matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt" +matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key" # Enable this to allow Synapse to report utilization statistics about your server to matrix.org # (things like number of users, number of messages sent, uptime, load, etc.) @@ -155,8 +155,8 @@ matrix_synapse_email_enabled: false matrix_synapse_email_smtp_host: "" matrix_synapse_email_smtp_port: 587 matrix_synapse_email_smtp_require_transport_security: false -matrix_synapse_email_notif_from: "Matrix " -matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}" +matrix_synapse_email_notif_from: "Matrix " +matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}" # Enable this to activate the REST auth password provider module. @@ -229,8 +229,8 @@ matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" matrix_appservice_irc_configuration_yaml: | homeserver: - url: "https://{{ hostname_matrix }}" - domain: "{{ hostname_identity }}" + url: "https://{{ matrix_server_fqn_matrix }}" + domain: "{{ matrix_domain }}" enablePresence: true matrix_appservice_irc_configuration_extension_yaml: | diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index d8914214..654f6a1a 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -9,9 +9,9 @@ - name: Fail if Matrix Client API not working fail: - msg: "Failed checking Matrix Client API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" + msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api" - name: Report working Matrix Client API debug: - msg: "The Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" \ No newline at end of file + msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index dc451955..235036cf 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -10,9 +10,9 @@ - name: Fail if Matrix Federation API not working fail: - msg: "Failed checking Matrix Federation API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" + msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api" - name: Report working Matrix Federation API debug: - msg: "The Matrix Federation API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" \ No newline at end of file + msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" diff --git a/roles/matrix-synapse/tasks/setup_synapse_main.yml b/roles/matrix-synapse/tasks/setup_synapse_main.yml index 339f5650..f5199540 100644 --- a/roles/matrix-synapse/tasks/setup_synapse_main.yml +++ b/roles/matrix-synapse/tasks/setup_synapse_main.yml @@ -41,7 +41,7 @@ --cap-drop=ALL -v {{ matrix_synapse_config_dir_path }}:/data -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml - -e SYNAPSE_SERVER_NAME={{ hostname_matrix }} + -e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }} -e SYNAPSE_REPORT_STATS=no {{ matrix_synapse_docker_image }} generate @@ -56,7 +56,7 @@ - name: Ensure Matrix log config installed template: src: "{{ matrix_synapse_template_synapse_log }}" - dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config" + dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config" mode: 0644 - name: Ensure matrix-synapse.service installed diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 607dced4..65778967 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -10,7 +10,7 @@ - name: (Deprecation) Catch and report renamed settings fail: - msg: > + msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). when: "item.old in vars" diff --git a/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 b/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 index 7e6174a1..638f3e0e 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 @@ -1,9 +1,9 @@ # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://{{ hostname_matrix }} + address: https://{{ matrix_server_fqn_matrix }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ hostname_identity }} + domain: {{ matrix_domain }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -38,7 +38,7 @@ appservice: prefix: {{ matrix_mautrix_telegram_public_endpoint }} # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. - external: https://{{ hostname_matrix }}{{ matrix_mautrix_telegram_public_endpoint }} + external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like Dimension (https://dimension.t2bot.io/). @@ -206,7 +206,7 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ hostname_identity }}': full + '{{ matrix_domain }}': full # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 index a29117cc..15d9bbe6 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 @@ -1,9 +1,9 @@ # Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://{{ hostname_matrix }} + address: https://{{ matrix_server_fqn_matrix }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ hostname_identity }} + domain: {{ matrix_domain }} # Application service host/registration related details. # Changing these values requires regeneration of the registration. @@ -67,7 +67,7 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ hostname_identity }}': user + '{{ matrix_domain }}': user # Logging config. logging: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 73c0003a..36333788 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -5,7 +5,7 @@ # This is used by remote servers to connect to this server, # e.g. matrix.org, localhost:8080, etc. # This is also the last part of your UserID. -server_name: "{{ hostname_identity }}" +server_name: "{{ matrix_domain }}" # When running as a daemon, the file to store the pid in pid_file: /homeserver.pid @@ -43,7 +43,7 @@ pid_file: /homeserver.pid # enter into the 'custom HS URL' field on their client. If you # use synapse with a reverse proxy, this should be the URL to reach # synapse via the proxy. -public_baseurl: https://{{ hostname_matrix }}/ +public_baseurl: https://{{ matrix_server_fqn_matrix }}/ # Set the soft limit on the number of file descriptors synapse can use # Zero is used to indicate synapse should set the soft limit to the @@ -339,7 +339,7 @@ event_cache_size: "{{ matrix_synapse_event_cache_size }}" # A yaml python logging config file -log_config: "/data/{{ hostname_matrix }}.log.config" +log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config" ## Ratelimiting ## @@ -660,7 +660,7 @@ form_secret: {{ matrix_synapse_form_secret|to_json }} ## Signing Keys ## # Path to the signing key to sign messages with -signing_key_path: "/data/{{ hostname_matrix }}.signing.key" +signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key" # The keys that the server used to sign messages with but won't use # to sign new messages. E.g. it has lost its private key diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index 9d0136c2..f5c40021 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -2,5 +2,5 @@ matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] -matrix_synapse_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/versions" -matrix_synapse_federation_api_url_endpoint_public: "https://{{ hostname_matrix }}:8448/_matrix/federation/v1/version" \ No newline at end of file +matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" +matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"