diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6d56307e..b5976bfa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1212,7 +1212,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # ma1sd's web-server port. -matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8090' }}" +matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_default_port|string }}" # We enable Synapse integration via its Postgres database by default. # When using another Identity store, you might wish to disable this and define @@ -1294,8 +1294,8 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corpor matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081" matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}" -matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:8090" -matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:8090" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" # By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy. # Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy. @@ -1709,8 +1709,8 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6 # When ma1sd is enabled, we can use it to validate email addresses and phone numbers. # Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. -matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" -matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" +matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:{{ matrix_ma1sd_default_port }}' if matrix_ma1sd_enabled else '' }}" +matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:{{ matrix_ma1sd_default_port }}' if matrix_ma1sd_enabled else '' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index 0f4234f1..81012d28 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -30,7 +30,7 @@ insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' - 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"' + 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_default_port }}"' when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' - name: Remove entire ma1sd configuration extension diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index f91189f5..adee0b44 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -19,7 +19,8 @@ matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src/ma1 matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config" matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data" -# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/8090 in the container). +matrix_ma1sd_default_port: 8090 +# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/{{ matrix_ma1sd_default_port }} in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8090"), or empty string to not expose. matrix_ma1sd_container_http_host_bind_port: '' diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index c2adffc0..696e8008 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -26,7 +26,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ --tmpfs=/tmp:rw,exec,nosuid,size=10m \ --network={{ matrix_docker_network }} \ {% if matrix_ma1sd_container_http_host_bind_port %} - -p {{ matrix_ma1sd_container_http_host_bind_port }}:8090 \ + -p {{ matrix_ma1sd_container_http_host_bind_port }}:{{ matrix_ma1sd_default_port }} \ {% endif %} {% if matrix_ma1sd_verbose_logging %} -e MA1SD_LOG_LEVEL=debug \ diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 3bd273cf..ff917c90 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -165,20 +165,20 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:410 # This can be used to forward the API endpoint to another service, augmenting the functionality of Synapse's own User Directory Search. # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/directory.md matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false -matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:8090" -matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090" +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain). # This allows another service to control registrations involving 3PIDs. # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false -matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:8090" -matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:8090" +matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false -matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:8090" -matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:8090" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_synapse_metrics: false