mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-17 20:54:57 +00:00
add SchildiChat client
This commit is contained in:
parent
f19ea93ac8
commit
86655db995
@ -47,9 +47,10 @@ Web clients for matrix that you can host on your own domains.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
[Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) |
|
||||
| [Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) |
|
||||
| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) |
|
||||
| [Cinny](https://github.com/ajbura/cinny) | x | Web client | [Link](docs/configuring-playbook-client-cinny.md) |
|
||||
| [SchildiChat](https://schildichat.io/) | x | Web client | [Link](docs/configuring-playbook-client-schildichat.md) |
|
||||
|
||||
|
||||
|
||||
|
40
docs/configuring-playbook-client-schildichat.md
Normal file
40
docs/configuring-playbook-client-schildichat.md
Normal file
@ -0,0 +1,40 @@
|
||||
# Configuring schildichat (optional)
|
||||
|
||||
By default, this playbook does not install the [schildichat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application.
|
||||
|
||||
|
||||
## Enabling schildichat
|
||||
|
||||
If you'd like for the playbook to install schildichat, you can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
||||
|
||||
```yaml
|
||||
matrix_client_schildichat_enabled: true
|
||||
```
|
||||
|
||||
|
||||
## Configuring schildichat settings
|
||||
|
||||
The playbook provides some customization variables you could use to change schildichat's settings.
|
||||
|
||||
Their defaults are defined in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml) and they ultimately end up in the generated `/matrix/schildichat/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-schildichat/templates/config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2) template.
|
||||
|
||||
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
|
||||
|
||||
Alternatively, **if there is no pre-defined variable** for an schildichat setting you wish to change:
|
||||
|
||||
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of schildichat's various settings that rarely get used.
|
||||
|
||||
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2)) by making use of the `matrix_client_schildichat_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml).
|
||||
|
||||
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_schildichat_configuration_default` (or `matrix_client_schildichat_configuration`). You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml).
|
||||
|
||||
|
||||
## Themes
|
||||
|
||||
To change the look of schildichat, you can define your own themes manually by using the `matrix_client_schildichat_setting_defaults_custom_themes` setting.
|
||||
|
||||
Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_schildichat_themes_enabled: true`).
|
||||
|
||||
If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it.
|
||||
|
||||
Note that for a custom theme to work well, all schildichat instances that you use must have the same theme installed.
|
@ -312,6 +312,8 @@ devture_systemd_service_manager_services_list_auto: |
|
||||
+
|
||||
([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen']}] if matrix_client_hydrogen_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-client-schildichat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'schildichat', 'client-schildichat']}] if matrix_client_schildichat_enabled else [])
|
||||
+
|
||||
([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
|
||||
@ -2752,6 +2754,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true
|
||||
matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||
matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||
matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||
matrix_nginx_proxy_proxy_schildichat_enabled: "{{ matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||
matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||
matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||
@ -2852,6 +2855,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
|
||||
+
|
||||
(['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
||||
+
|
||||
(['matrix-client-schildichat.service'] if matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
||||
+
|
||||
([(grafana_identifier + '.service')] if grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
||||
+
|
||||
(['matrix-dimension.service'] if matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
||||
@ -2883,6 +2888,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
||||
+
|
||||
([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_schildichat] if matrix_client_schildichat_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
|
||||
@ -3485,6 +3492,62 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_playbo
|
||||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-client-schildichat
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# By default, this playbook installs the schildichat web UI on the `matrix_server_fqn_schildichat` domain.
|
||||
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
|
||||
matrix_client_schildichat_enabled: true
|
||||
|
||||
matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach schildichat over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||
# the schildichat HTTP port to the local host.
|
||||
matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
||||
|
||||
matrix_client_schildichat_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-client-schildichat' }}"
|
||||
|
||||
matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
|
||||
|
||||
matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
|
||||
matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
|
||||
matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||
matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||
|
||||
matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}"
|
||||
matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}"
|
||||
|
||||
# Use Dimension if enabled, otherwise fall back to Scalar
|
||||
matrix_client_schildichat_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
|
||||
matrix_client_schildichat_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
|
||||
matrix_client_schildichat_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
|
||||
matrix_client_schildichat_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
|
||||
|
||||
matrix_client_schildichat_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
|
||||
|
||||
matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}"
|
||||
|
||||
matrix_client_schildichat_enable_presence_by_hs_url: |
|
||||
{{
|
||||
none
|
||||
if matrix_synapse_presence_enabled
|
||||
else {matrix_client_schildichat_default_hs_url: false}
|
||||
}}
|
||||
|
||||
matrix_client_schildichat_welcome_user_id: ~
|
||||
|
||||
matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-client-schildichat
|
||||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-synapse
|
||||
|
@ -72,6 +72,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
|
||||
# This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default).
|
||||
matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access the schildichat web client from (if enabled via matrix_client_schildichat_enabled; disabled by default).
|
||||
matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default).
|
||||
matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
|
||||
|
||||
|
312
roles/custom/matrix-client-schildichat/defaults/main.yml
Normal file
312
roles/custom/matrix-client-schildichat/defaults/main.yml
Normal file
@ -0,0 +1,312 @@
|
||||
---
|
||||
# Project source code URL: https://github.com/SchildiChat/schildichat-desktop
|
||||
|
||||
matrix_client_schildichat_enabled: true
|
||||
|
||||
matrix_client_schildichat_container_image_self_build: false
|
||||
|
||||
matrix_client_schildichat_version: v1.11.30-sc.2
|
||||
matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}"
|
||||
matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}"
|
||||
matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_client_schildichat_data_path: "{{ matrix_base_data_path }}/client-schildichat"
|
||||
matrix_client_schildichat_docker_src_files_path: "{{ matrix_client_schildichat_data_path }}/docker-src"
|
||||
|
||||
# The base container network
|
||||
matrix_client_schildichat_container_network: matrix-client-schildichat
|
||||
|
||||
# A list of additional container networks that the container would be connected to.
|
||||
# The role does not create these networks, so make sure they already exist.
|
||||
# Use this to expose this container to a reverse proxy, which runs in a different container network.
|
||||
matrix_client_schildichat_container_additional_networks: []
|
||||
|
||||
# Controls whether the matrix-client-schildichat container exposes its HTTP port (tcp/8080 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
|
||||
matrix_client_schildichat_container_http_host_bind_port: ''
|
||||
|
||||
# matrix_client_schildichat_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
||||
# See `../templates/labels.j2` for details.
|
||||
#
|
||||
# To inject your own other container labels, see `matrix_client_schildichat_container_labels_additional_labels`.
|
||||
matrix_client_schildichat_container_labels_traefik_enabled: true
|
||||
matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_client_schildichat_container_network }}"
|
||||
matrix_client_schildichat_container_labels_traefik_hostname: "{{ matrix_client_schildichat_hostname }}"
|
||||
# The path prefix must either be `/` or not end with a slash (e.g. `/schildichat`).
|
||||
matrix_client_schildichat_container_labels_traefik_path_prefix: "{{ matrix_client_schildichat_path_prefix }}"
|
||||
matrix_client_schildichat_container_labels_traefik_rule: "Host(`{{ matrix_client_schildichat_container_labels_traefik_hostname }}`){% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_client_schildichat_container_labels_traefik_path_prefix }}`){% endif %}"
|
||||
matrix_client_schildichat_container_labels_traefik_priority: 0
|
||||
matrix_client_schildichat_container_labels_traefik_entrypoints: web-secure
|
||||
matrix_client_schildichat_container_labels_traefik_tls: "{{ matrix_client_schildichat_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_client_schildichat_container_labels_traefik_tls_certResolver: default # noqa var-naming
|
||||
|
||||
# Controls which additional headers to attach to all HTTP responses.
|
||||
# To add your own headers, use `matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom`
|
||||
matrix_client_schildichat_container_labels_traefik_additional_response_headers: "{{ matrix_client_schildichat_container_labels_traefik_additional_response_headers_auto | combine(matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom) }}"
|
||||
matrix_client_schildichat_container_labels_traefik_additional_response_headers_auto: |
|
||||
{{
|
||||
{}
|
||||
| combine ({'X-XSS-Protection': matrix_client_schildichat_http_header_xss_protection} if matrix_client_schildichat_http_header_xss_protection else {})
|
||||
| combine ({'X-Frame-Options': matrix_client_schildichat_http_header_frame_options} if matrix_client_schildichat_http_header_frame_options else {})
|
||||
| combine ({'X-Content-Type-Options': matrix_client_schildichat_http_header_content_type_options} if matrix_client_schildichat_http_header_content_type_options else {})
|
||||
| combine ({'Content-Security-Policy': matrix_client_schildichat_http_header_content_security_policy} if matrix_client_schildichat_http_header_content_security_policy else {})
|
||||
| combine ({'Permission-Policy': matrix_client_schildichat_http_header_content_permission_policy} if matrix_client_schildichat_http_header_content_permission_policy else {})
|
||||
| combine ({'Strict-Transport-Security': matrix_client_schildichat_http_header_strict_transport_security} if matrix_client_schildichat_http_header_strict_transport_security and matrix_client_schildichat_container_labels_traefik_tls else {})
|
||||
}}
|
||||
matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom: {}
|
||||
|
||||
# matrix_client_schildichat_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
|
||||
# See `../templates/labels.j2` for details.
|
||||
#
|
||||
# Example:
|
||||
# matrix_client_schildichat_container_labels_additional_labels: |
|
||||
# my.label=1
|
||||
# another.label="here"
|
||||
matrix_client_schildichat_container_labels_additional_labels: ''
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_client_schildichat_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-client-schildichat.service depends on
|
||||
matrix_client_schildichat_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# Specifies the value of the `X-XSS-Protection` header
|
||||
# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
|
||||
#
|
||||
# Learn more about it is here:
|
||||
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
||||
# - https://portswigger.net/web-security/cross-site-scripting/reflected
|
||||
matrix_client_schildichat_http_header_xss_protection: "1; mode=block"
|
||||
|
||||
# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
|
||||
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
||||
matrix_client_schildichat_http_header_frame_options: SAMEORIGIN
|
||||
|
||||
# Specifies the value of the `X-Content-Type-Options` header.
|
||||
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
||||
matrix_client_schildichat_http_header_content_type_options: nosniff
|
||||
|
||||
# Specifies the value of the `Content-Security-Policy` header.
|
||||
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
||||
matrix_client_schildichat_http_header_content_security_policy: frame-ancestors 'self'
|
||||
|
||||
# Specifies the value of the `Permission-Policy` header.
|
||||
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
|
||||
matrix_client_schildichat_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_schildichat_floc_optout_enabled else '' }}"
|
||||
|
||||
# Specifies the value of the `Strict-Transport-Security` header.
|
||||
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
|
||||
matrix_client_schildichat_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_schildichat_hsts_preload_enabled else '' }}"
|
||||
|
||||
# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
|
||||
#
|
||||
# Learn more about what it is here:
|
||||
# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
|
||||
# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
|
||||
# - https://amifloced.org/
|
||||
#
|
||||
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
|
||||
# See: `matrix_client_schildichat_content_permission_policy`
|
||||
matrix_client_schildichat_floc_optout_enabled: true
|
||||
|
||||
# Controls if HSTS preloading is enabled
|
||||
#
|
||||
# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
|
||||
# indicates a willingness to be "preloaded" into browsers:
|
||||
# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
|
||||
# For more information visit:
|
||||
# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
|
||||
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
|
||||
# - https://hstspreload.org/#opt-in
|
||||
# See: `matrix_client_schildichat_http_header_strict_transport_security`
|
||||
matrix_client_schildichat_hsts_preload_enabled: false
|
||||
|
||||
# The hostname at which schildichat is served.
|
||||
# Only works with with Traefik reverse-proxying.
|
||||
# For matrix-nginx-proxy, `matrix_server_fqn_schildichat` is used and this variable has no effect.
|
||||
matrix_client_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}"
|
||||
|
||||
# The path at which schildichat is exposed.
|
||||
# When matrix-nginx-proxy is used, setting this to values other than `/` will cause configuration mismatches and trouble.
|
||||
#
|
||||
# If Traefik is used, the hostname is also configurable - see `matrix_client_schildichat_container_labels_traefik_hostname`.
|
||||
# This value must either be `/` or not end with a slash (e.g. `/schildichat`).
|
||||
matrix_client_schildichat_path_prefix: /
|
||||
|
||||
# schildichat config.json customizations
|
||||
matrix_client_schildichat_default_server_name: "{{ matrix_domain }}"
|
||||
matrix_client_schildichat_default_hs_url: ""
|
||||
matrix_client_schildichat_default_is_url: ~
|
||||
matrix_client_schildichat_disable_custom_urls: true
|
||||
matrix_client_schildichat_disable_guests: true
|
||||
matrix_client_schildichat_integrations_ui_url: "https://scalar.vector.im/"
|
||||
matrix_client_schildichat_integrations_rest_url: "https://scalar.vector.im/api"
|
||||
matrix_client_schildichat_integrations_widgets_urls: ["https://scalar.vector.im/api"]
|
||||
matrix_client_schildichat_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
|
||||
matrix_client_schildichat_permalink_prefix: "https://matrix.to" # noqa var-naming
|
||||
matrix_client_schildichat_bug_report_endpoint_url: "https://element.io/bugreports/submit"
|
||||
matrix_client_schildichat_show_lab_settings: true # noqa var-naming
|
||||
# schildichat public room directory server(s)
|
||||
matrix_client_schildichat_room_directory_servers: ['matrix.org']
|
||||
matrix_client_schildichat_welcome_user_id: ~
|
||||
# Branding of schildichat
|
||||
matrix_client_schildichat_brand: "schildichat"
|
||||
|
||||
# URL to Logo on welcome page
|
||||
matrix_client_schildichat_welcome_logo: "themes/schildichat/img/logos/schildichat-logo.svg"
|
||||
|
||||
# URL of link on welcome image
|
||||
matrix_client_schildichat_welcome_logo_link: "https://schildi.chat"
|
||||
|
||||
matrix_client_schildichat_welcome_headline: "_t('Welcome to SchildiChat')"
|
||||
matrix_client_schildichat_welcome_text: "_t('Decentralised, encrypted chat & collaboration powered by [matrix]')"
|
||||
|
||||
# Links, shown in footer of welcome page:
|
||||
# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
|
||||
matrix_client_schildichat_branding_auth_footer_links: ~ # noqa var-naming
|
||||
|
||||
# URL to image, shown during Login
|
||||
matrix_client_schildichat_branding_auth_header_logo_url: "{{ matrix_client_schildichat_welcome_logo }}" # noqa var-naming
|
||||
|
||||
# URL to Wallpaper, shown in background of welcome page
|
||||
matrix_client_schildichat_branding_welcome_background_url: ~ # noqa var-naming
|
||||
|
||||
matrix_client_schildichat_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2"
|
||||
|
||||
# By default, there's no schildichat homepage (when logged in). If you wish to have one,
|
||||
# point this to a `home.html` template file on your local filesystem.
|
||||
matrix_client_schildichat_embedded_pages_home_path: ~
|
||||
|
||||
matrix_client_schildichat_jitsi_preferred_domain: '' # noqa var-naming
|
||||
|
||||
# Controls whether the self-check feature should validate SSL certificates.
|
||||
matrix_client_schildichat_self_check_validate_certificates: true
|
||||
|
||||
# don't show the registration button on welcome page
|
||||
matrix_client_schildichat_registration_enabled: false
|
||||
|
||||
# Default country code on welcome page when login by phone number
|
||||
matrix_client_schildichat_default_country_code: "GB"
|
||||
|
||||
# Controls whether presence will be enabled
|
||||
matrix_client_schildichat_enable_presence_by_hs_url: ~
|
||||
|
||||
# Controls whether custom schildichat themes will be installed.
|
||||
# When enabled, all themes found in the `matrix_client_schildichat_themes_repository_url` repository
|
||||
# will be installed and enabled automatically.
|
||||
matrix_client_schildichat_themes_enabled: false
|
||||
matrix_client_schildichat_themes_repository_url: https://github.com/aaronraimist/element-themes
|
||||
matrix_client_schildichat_themes_repository_version: master
|
||||
|
||||
# Controls the default theme
|
||||
matrix_client_schildichat_default_theme: 'light'
|
||||
|
||||
# Controls the `setting_defaults.custom_themes` setting of the schildichat configuration.
|
||||
# You can use this setting to define custom themes.
|
||||
#
|
||||
# Also, look at `matrix_client_schildichat_themes_enabled` for a way to pull in a bunch of custom themes automatically.
|
||||
# If you define your own themes here and set `matrix_client_schildichat_themes_enabled: true`, your themes will be preserved as well.
|
||||
#
|
||||
# Note that for a custom theme to work well, all schildichat instances that you use must have the same theme installed.
|
||||
matrix_client_schildichat_setting_defaults_custom_themes: [] # noqa var-naming
|
||||
|
||||
# Default schildichat configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_client_schildichat_configuration_extension_json`)
|
||||
# or completely replace this variable with your own template.
|
||||
#
|
||||
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
||||
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
||||
matrix_client_schildichat_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
|
||||
|
||||
# Your custom JSON configuration for schildichat should go to `matrix_client_schildichat_configuration_extension_json`.
|
||||
# This configuration extends the default starting configuration (`matrix_client_schildichat_configuration_default`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_client_schildichat_configuration_default`.
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
#
|
||||
# matrix_client_schildichat_configuration_extension_json: |
|
||||
# {
|
||||
# "disable_3pid_login": true,
|
||||
# "disable_login_language_selector": true
|
||||
# }
|
||||
matrix_client_schildichat_configuration_extension_json: '{}'
|
||||
|
||||
matrix_client_schildichat_configuration_extension: "{{ matrix_client_schildichat_configuration_extension_json | from_json if matrix_client_schildichat_configuration_extension_json | from_json is mapping else {} }}"
|
||||
|
||||
# Holds the final schildichat configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_client_schildichat_configuration_default`.
|
||||
matrix_client_schildichat_configuration: "{{ matrix_client_schildichat_configuration_default | combine(matrix_client_schildichat_configuration_extension, recursive=True) }}"
|
||||
|
||||
# schildichat Location sharing functionality
|
||||
# More info: https://element.io/blog/element-launches-e2ee-location-sharing/
|
||||
# How to host your own map tile server: https://matrix.org/docs/guides/map-tile-server
|
||||
matrix_client_schildichat_location_sharing_enabled: false
|
||||
|
||||
# Default schildichat location sharing map style configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_client_schildichat_location_sharing_map_style_extension_json`)
|
||||
# or completely replace this variable with your own template.
|
||||
#
|
||||
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
||||
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
||||
matrix_client_schildichat_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2') }}"
|
||||
|
||||
# Your custom JSON configuration for schildichat location sharing map style should go to `matrix_client_schildichat_location_sharing_map_style_extension_json`.
|
||||
# This configuration extends the default starting configuration (`matrix_client_schildichat_location_sharing_map_style_default`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_client_schildichat_location_sharing_map_style_default`.
|
||||
#
|
||||
# Example configuration override follows:
|
||||
#
|
||||
# matrix_client_schildichat_location_sharing_map_style_extension_json: |
|
||||
# {
|
||||
# "sources": {
|
||||
# "localsource": {
|
||||
# "tileSize": 512
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
#
|
||||
# matrix_client_schildichat_location_sharing_map_style_extension_json: |
|
||||
# {
|
||||
# "sources": {
|
||||
# "anothersource": {
|
||||
# "attribution": "",
|
||||
# "tileSize": 256,
|
||||
# "tiles": ["https://anothertile.example.com/{z}/{x}/{y}.png"],
|
||||
# "type": "raster"
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
matrix_client_schildichat_location_sharing_map_style_extension_json: '{}'
|
||||
|
||||
matrix_client_schildichat_location_sharing_map_style_extension: "{{ matrix_client_schildichat_location_sharing_map_style_extension_json | from_json if matrix_client_schildichat_location_sharing_map_style_extension_json | from_json is mapping else {} }}"
|
||||
|
||||
# Holds the final schildichat location sharing map style configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_client_schildichat_location_sharing_map_style_default`.
|
||||
matrix_client_schildichat_location_sharing_map_style: "{{ matrix_client_schildichat_location_sharing_map_style_default | combine(matrix_client_schildichat_location_sharing_map_style_extension, recursive=True) }}"
|
||||
|
||||
# Example tile servers configuration
|
||||
# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: ["https://tile.example.com/{z}/{x}/{y}.png"]
|
||||
# or
|
||||
# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: ["https://s1.example.com/{z}/{x}/{y}.png", "https://s2.example.com/{z}/{x}/{y}.png", "https://s3.example.com/{z}/{x}/{y}.png"]
|
||||
matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: []
|
||||
|
||||
# Map attribution (optional):
|
||||
# Attribution for OpenStreetMap would be like this:
|
||||
# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution: "© <a href=\"https://www.openstreetmap.org/copyright\" target=\"_blank\">OpenStreetMap</a> contributors"
|
||||
# Leave blank, if map does not require attribution.
|
||||
matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution: ""
|
29
roles/custom/matrix-client-schildichat/tasks/main.yml
Normal file
29
roles/custom/matrix-client-schildichat/tasks/main.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-client-schildichat
|
||||
- install-all
|
||||
- install-client-schildichat
|
||||
block:
|
||||
- when: matrix_client_schildichat_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
|
||||
- when: matrix_client_schildichat_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
|
||||
|
||||
- when: matrix_client_schildichat_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-client-schildichat
|
||||
block:
|
||||
- when: not matrix_client_schildichat_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
|
||||
- tags:
|
||||
- self-check
|
||||
block:
|
||||
- when: matrix_client_schildichat_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
|
@ -0,0 +1,47 @@
|
||||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up schildichat themes
|
||||
#
|
||||
|
||||
- when: matrix_client_schildichat_themes_enabled | bool
|
||||
run_once: true
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
block:
|
||||
- name: Ensure schildichat themes repository is pulled
|
||||
ansible.builtin.git:
|
||||
repo: "{{ matrix_client_schildichat_themes_repository_url }}"
|
||||
version: "{{ matrix_client_schildichat_themes_repository_version }}"
|
||||
dest: "{{ role_path }}/files/scratchpad/themes"
|
||||
|
||||
- name: Find all schildichat theme files
|
||||
ansible.builtin.find:
|
||||
paths: "{{ role_path }}/files/scratchpad/themes"
|
||||
patterns: "*.json"
|
||||
recurse: true
|
||||
register: matrix_client_schildichat_theme_file_list
|
||||
|
||||
- name: Read schildichat theme
|
||||
ansible.builtin.slurp:
|
||||
path: "{{ item.path }}"
|
||||
register: "matrix_client_schildichat_theme_file_contents"
|
||||
with_items: "{{ matrix_client_schildichat_theme_file_list.files }}"
|
||||
|
||||
- name: Load schildichat theme
|
||||
ansible.builtin.set_fact:
|
||||
matrix_client_schildichat_setting_defaults_custom_themes: "{{ matrix_client_schildichat_setting_defaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming
|
||||
with_items: "{{ matrix_client_schildichat_theme_file_contents.results }}"
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of schildichat themes (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure schildichat themes repository is removed
|
||||
ansible.builtin.file:
|
||||
path: "{{ role_path }}/files/scratchpad/themes"
|
||||
state: absent
|
||||
run_once: true
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: "not matrix_client_schildichat_themes_enabled | bool"
|
24
roles/custom/matrix-client-schildichat/tasks/self_check.yml
Normal file
24
roles/custom/matrix-client-schildichat/tasks/self_check.yml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_client_schildichat_url_endpoint_public: "https://{{ matrix_server_fqn_schildichat }}/config.json"
|
||||
|
||||
- name: Check schildichat
|
||||
ansible.builtin.uri:
|
||||
url: "{{ matrix_client_schildichat_url_endpoint_public }}"
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_client_schildichat_self_check_validate_certificates }}"
|
||||
register: matrix_client_schildichat_self_check_result
|
||||
check_mode: false
|
||||
ignore_errors: true
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: Fail if schildichat not working
|
||||
ansible.builtin.fail:
|
||||
msg: "Failed checking schildichat is up at `{{ matrix_server_fqn_schildichat }}` (checked endpoint: `{{ matrix_client_schildichat_url_endpoint_public }}`). Is schildichat running? Is port 443 open in your firewall? Full error: {{ matrix_client_schildichat_self_check_result }}"
|
||||
when: "matrix_client_schildichat_self_check_result.failed or 'json' not in matrix_client_schildichat_self_check_result"
|
||||
|
||||
- name: Report working schildichat
|
||||
ansible.builtin.debug:
|
||||
msg: "schildichat at `{{ matrix_server_fqn_schildichat }}` is working (checked endpoint: `{{ matrix_client_schildichat_url_endpoint_public }}`)"
|
109
roles/custom/matrix-client-schildichat/tasks/setup_install.yml
Normal file
109
roles/custom/matrix-client-schildichat/tasks/setup_install.yml
Normal file
@ -0,0 +1,109 @@
|
||||
---
|
||||
|
||||
- name: Ensure schildichat paths exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- {path: "{{ matrix_client_schildichat_data_path }}", when: true}
|
||||
- {path: "{{ matrix_client_schildichat_docker_src_files_path }}", when: "{{ matrix_client_schildichat_container_image_self_build }}"}
|
||||
when: "item.when | bool"
|
||||
|
||||
- name: Ensure schildichat Docker image is pulled
|
||||
community.docker.docker_image:
|
||||
name: "{{ matrix_client_schildichat_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_client_schildichat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_schildichat_docker_image_force_pull }}"
|
||||
when: "not matrix_client_schildichat_container_image_self_build | bool"
|
||||
register: result
|
||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||
until: result is not failed
|
||||
|
||||
- name: Ensure schildichat repository is present on self-build
|
||||
ansible.builtin.git:
|
||||
repo: "{{ matrix_client_schildichat_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_client_schildichat_docker_src_files_path }}"
|
||||
version: "{{ matrix_client_schildichat_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
become: true
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
register: matrix_client_schildichat_git_pull_results
|
||||
when: "matrix_client_schildichat_container_image_self_build | bool"
|
||||
|
||||
# See:
|
||||
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
|
||||
# - https://github.com/vector-im/schildichat-web/issues/19544
|
||||
- name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ matrix_client_schildichat_docker_src_files_path }}/webpack.config.js"
|
||||
regexp: '(\s+)splitChunks: \{'
|
||||
line: '\1splitChunks: { maxSize: 100000,'
|
||||
backrefs: true
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
when: "matrix_client_schildichat_container_image_self_build | bool and matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled | bool"
|
||||
|
||||
- name: Ensure schildichat Docker image is built
|
||||
ansible.builtin.command:
|
||||
cmd: |-
|
||||
{{ devture_systemd_docker_base_host_command_docker }} buildx build
|
||||
--tag={{ matrix_client_schildichat_docker_image }}
|
||||
--file={{ matrix_client_schildichat_docker_src_files_path }}/Dockerfile
|
||||
{{ matrix_client_schildichat_docker_src_files_path }}
|
||||
changed_when: true
|
||||
when: matrix_client_schildichat_container_image_self_build | bool
|
||||
|
||||
- name: Ensure schildichat configuration installed
|
||||
ansible.builtin.copy:
|
||||
content: "{{ matrix_client_schildichat_configuration | to_nice_json }}"
|
||||
dest: "{{ matrix_client_schildichat_data_path }}/config.json"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure schildichat location sharing map style installed
|
||||
when: matrix_client_schildichat_location_sharing_enabled | bool
|
||||
ansible.builtin.copy:
|
||||
content: "{{ matrix_client_schildichat_location_sharing_map_style | to_nice_json }}"
|
||||
dest: "{{ matrix_client_schildichat_data_path }}/map_style.json"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure schildichat config files installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ matrix_client_schildichat_data_path }}/{{ item.name }}"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- {src: "{{ role_path }}/templates/labels.j2", name: "labels"}
|
||||
- {src: "{{ matrix_client_schildichat_page_template_welcome_path }}", name: "welcome.html"}
|
||||
- {src: "{{ matrix_client_schildichat_embedded_pages_home_path }}", name: "home.html"}
|
||||
when: "item.src is not none"
|
||||
|
||||
- name: Ensure schildichat config files removed
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_client_schildichat_data_path }}/{{ item.name }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- {src: "{{ matrix_client_schildichat_embedded_pages_home_path }}", name: "home.html"}
|
||||
when: "item.src is none"
|
||||
|
||||
- name: Ensure schildichat container network is created
|
||||
community.general.docker_network:
|
||||
name: "{{ matrix_client_schildichat_container_network }}"
|
||||
driver: bridge
|
||||
|
||||
- name: Ensure matrix-client-schildichat.service installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-client-schildichat.service.j2"
|
||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service"
|
||||
mode: 0644
|
@ -0,0 +1,25 @@
|
||||
---
|
||||
|
||||
- name: Check existence of matrix-client-schildichat.service
|
||||
ansible.builtin.stat:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service"
|
||||
register: matrix_client_schildichat_service_stat
|
||||
|
||||
- when: matrix_client_schildichat_service_stat.stat.exists | bool
|
||||
block:
|
||||
- name: Ensure matrix-client-schildichat is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix-client-schildichat
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
|
||||
- name: Ensure matrix-client-schildichat.service doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service"
|
||||
state: absent
|
||||
|
||||
- name: Ensure schildichat path doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_client_schildichat_data_path }}"
|
||||
state: absent
|
@ -0,0 +1,64 @@
|
||||
---
|
||||
|
||||
- name: Fail if required schildichat settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >
|
||||
You need to define a required configuration setting (`{{ item }}`) for using schildichat.
|
||||
when: "vars[item] == ''"
|
||||
with_items:
|
||||
- "matrix_client_schildichat_default_hs_url"
|
||||
|
||||
- name: Fail if schildichat location sharing enabled, but no tile server defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define at least one map tile server in matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles list
|
||||
when:
|
||||
- matrix_client_schildichat_location_sharing_enabled | bool
|
||||
- matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles | length == 0
|
||||
|
||||
- name: (Deprecation) Catch and report riot-web variables
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Riot has been renamed to schildichat (https://schildichat.io/blog/welcome-to-schildichat/).
|
||||
The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names.
|
||||
Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
Also note that DNS configuration changes may be necessary.
|
||||
when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
|
||||
with_items:
|
||||
- {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_schildichat_.*'}
|
||||
|
||||
- name: (Deprecation) Catch and report renamed schildichat-web settings
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'matrix_client_schildichat_showLabsSettings', 'new': 'matrix_client_schildichat_show_lab_settings'}
|
||||
- {'old': 'matrix_client_schildichat_permalinkPrefix', 'new': 'matrix_client_schildichat_permalink_prefix'}
|
||||
- {'old': 'matrix_client_schildichat_roomdir_servers', 'new': 'matrix_client_schildichat_room_directory_servers'}
|
||||
- {'old': 'matrix_client_schildichat_settingDefaults_custom_themes', 'new': 'matrix_client_schildichat_setting_defaults_custom_themes'}
|
||||
- {'old': 'matrix_client_schildichat_branding_authFooterLinks', 'new': 'matrix_client_schildichat_branding_auth_footer_links'}
|
||||
- {'old': 'matrix_client_schildichat_branding_authHeaderLogoUrl', 'new': 'matrix_client_schildichat_branding_auth_header_logo_url'}
|
||||
- {'old': 'matrix_client_schildichat_branding_welcomeBackgroundUrl', 'new': 'matrix_client_schildichat_branding_welcome_background_url'}
|
||||
- {'old': 'matrix_client_schildichat_jitsi_preferredDomain', 'new': 'matrix_client_schildichat_jitsi_preferred_domain'}
|
||||
|
||||
- when: matrix_client_schildichat_container_labels_traefik_enabled | bool
|
||||
block:
|
||||
- name: Fail if required matrix-client-schildichat Traefik settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item }}`).
|
||||
when: "vars[item] == ''"
|
||||
with_items:
|
||||
- matrix_client_schildichat_container_labels_traefik_hostname
|
||||
- matrix_client_schildichat_container_labels_traefik_path_prefix
|
||||
|
||||
# We ensure it doesn't end with a slash, because we handle both (slash and no-slash).
|
||||
# Knowing that `matrix_client_schildichat_container_labels_traefik_path_prefix` does not end with a slash
|
||||
# ensures we know how to set these routes up without having to do "does it end with a slash" checks elsewhere.
|
||||
- name: Fail if matrix_client_schildichat_container_labels_traefik_path_prefix ends with a slash
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
matrix_client_schildichat_container_labels_traefik_path_prefix (`{{ matrix_client_schildichat_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/schildichat`).
|
||||
when: "matrix_client_schildichat_container_labels_traefik_path_prefix != '/' and matrix_client_schildichat_container_labels_traefik_path_prefix[-1] == '/'"
|
@ -0,0 +1,49 @@
|
||||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"base_url": {{ matrix_client_schildichat_default_hs_url | string | to_json }},
|
||||
"server_name": {{ matrix_client_schildichat_default_server_name | string | to_json }}
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": {{ matrix_client_schildichat_default_is_url | string | to_json }}
|
||||
}
|
||||
},
|
||||
"setting_defaults": {
|
||||
"custom_themes": {{ matrix_client_schildichat_setting_defaults_custom_themes | to_json }}
|
||||
},
|
||||
"default_theme": {{ matrix_client_schildichat_default_theme | string | to_json }},
|
||||
"default_country_code": {{ matrix_client_schildichat_default_country_code | string | to_json }},
|
||||
"permalink_prefix": {{ matrix_client_schildichat_permalink_prefix | string | to_json }},
|
||||
"disable_custom_urls": {{ matrix_client_schildichat_disable_custom_urls | to_json }},
|
||||
"disable_guests": {{ matrix_client_schildichat_disable_guests | to_json }},
|
||||
"brand": {{ matrix_client_schildichat_brand | to_json }},
|
||||
"integrations_ui_url": {{ matrix_client_schildichat_integrations_ui_url | string | to_json }},
|
||||
"integrations_rest_url": {{ matrix_client_schildichat_integrations_rest_url | string | to_json }},
|
||||
"integrations_widgets_urls": {{ matrix_client_schildichat_integrations_widgets_urls | to_json }},
|
||||
"integrations_jitsi_widget_url": {{ matrix_client_schildichat_integrations_jitsi_widget_url | string | to_json }},
|
||||
"bug_report_endpoint_url": {{ matrix_client_schildichat_bug_report_endpoint_url | to_json }},
|
||||
"show_labs_settings": {{ matrix_client_schildichat_show_lab_settings | to_json }},
|
||||
"room_directory": {
|
||||
"servers": {{ matrix_client_schildichat_room_directory_servers | to_json }}
|
||||
},
|
||||
"welcome_user_id": {{ matrix_client_schildichat_welcome_user_id | to_json }},
|
||||
{% if matrix_client_schildichat_enable_presence_by_hs_url is not none %}
|
||||
"enable_presence_by_hs_url": {{ matrix_client_schildichat_enable_presence_by_hs_url | to_json }},
|
||||
{% endif %}
|
||||
"embedded_pages": {
|
||||
"homeUrl": {{ matrix_client_schildichat_embedded_pages_home_url | string | to_json }}
|
||||
},
|
||||
{% if matrix_client_schildichat_jitsi_preferred_domain %}
|
||||
"jitsi": {
|
||||
"preferred_domain": {{ matrix_client_schildichat_jitsi_preferred_domain | to_json }}
|
||||
},
|
||||
{% endif %}
|
||||
{% if matrix_client_schildichat_location_sharing_enabled %}
|
||||
"map_style_url": "https://{{ matrix_server_fqn_schildichat }}/map_style.json",
|
||||
{% endif %}
|
||||
"branding": {
|
||||
"auth_footer_links": {{ matrix_client_schildichat_branding_auth_footer_links | to_json }},
|
||||
"auth_header_logo_url": {{ matrix_client_schildichat_branding_auth_header_logo_url | to_json }},
|
||||
"welcome_background_url": {{ matrix_client_schildichat_branding_welcome_background_url | to_json }}
|
||||
}
|
||||
}
|
45
roles/custom/matrix-client-schildichat/templates/labels.j2
Normal file
45
roles/custom/matrix-client-schildichat/templates/labels.j2
Normal file
@ -0,0 +1,45 @@
|
||||
{% if matrix_client_schildichat_container_labels_traefik_enabled %}
|
||||
traefik.enable=true
|
||||
|
||||
{% if matrix_client_schildichat_container_labels_traefik_docker_network %}
|
||||
traefik.docker.network={{ matrix_client_schildichat_container_labels_traefik_docker_network }}
|
||||
{% endif %}
|
||||
|
||||
{% set middlewares = [] %}
|
||||
|
||||
{% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %}
|
||||
traefik.http.middlewares.matrix-client-schildichat-slashless-redirect.redirectregex.regex=({{ matrix_client_schildichat_container_labels_traefik_path_prefix | quote }})$
|
||||
traefik.http.middlewares.matrix-client-schildichat-slashless-redirect.redirectregex.replacement=${1}/
|
||||
{% set middlewares = middlewares + ['matrix-client-schildichat-slashless-redirect'] %}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %}
|
||||
traefik.http.middlewares.matrix-client-schildichat-strip-prefix.stripprefix.prefixes={{ matrix_client_schildichat_container_labels_traefik_path_prefix }}
|
||||
{% set middlewares = middlewares + ['matrix-client-schildichat-strip-prefix'] %}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_client_schildichat_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
|
||||
{% for name, value in matrix_client_schildichat_container_labels_traefik_additional_response_headers.items() %}
|
||||
traefik.http.middlewares.matrix-client-schildichat-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
|
||||
{% endfor %}
|
||||
{% set middlewares = middlewares + ['matrix-client-schildichat-add-headers'] %}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-client-schildichat.rule={{ matrix_client_schildichat_container_labels_traefik_rule }}
|
||||
{% if matrix_client_schildichat_container_labels_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-client-schildichat.priority={{ matrix_client_schildichat_container_labels_traefik_priority }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-client-schildichat.service=matrix-client-schildichat
|
||||
{% if middlewares | length > 0 %}
|
||||
traefik.http.routers.matrix-client-schildichat.middlewares={{ middlewares | join(',') }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-client-schildichat.entrypoints={{ matrix_client_schildichat_container_labels_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-client-schildichat.tls={{ matrix_client_schildichat_container_labels_traefik_tls | to_json }}
|
||||
{% if matrix_client_schildichat_container_labels_traefik_tls %}
|
||||
traefik.http.routers.matrix-client-schildichat.tls.certResolver={{ matrix_client_schildichat_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.services.matrix-client-schildichat.loadbalancer.server.port=8080
|
||||
{% endif %}
|
||||
|
||||
{{ matrix_client_schildichat_container_labels_additional_labels }}
|
@ -0,0 +1,18 @@
|
||||
{
|
||||
"layers": [
|
||||
{
|
||||
"id": "locallayer",
|
||||
"source": "localsource",
|
||||
"type": "raster"
|
||||
}
|
||||
],
|
||||
"sources": {
|
||||
"localsource": {
|
||||
"attribution": {{ matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution|to_json }},
|
||||
"tileSize": 256,
|
||||
"tiles": {{ matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles|to_json }},
|
||||
"type": "raster"
|
||||
}
|
||||
},
|
||||
"version": 8
|
||||
}
|
@ -0,0 +1,57 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix schildichat server
|
||||
{% for service in matrix_client_schildichat_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true'
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true'
|
||||
|
||||
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
--rm \
|
||||
--name=matrix-client-schildichat \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--network={{ matrix_client_schildichat_container_network }} \
|
||||
{% if matrix_client_schildichat_container_http_host_bind_port %}
|
||||
-p {{ matrix_client_schildichat_container_http_host_bind_port }}:8080 \
|
||||
{% endif %}
|
||||
--label-file={{ matrix_client_schildichat_data_path }}/labels \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
||||
--mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/app/config.json,ro \
|
||||
--mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_schildichat }}.json,ro \
|
||||
{% if matrix_client_schildichat_location_sharing_enabled %}
|
||||
--mount type=bind,src={{ matrix_client_schildichat_data_path }}/map_style.json,dst=/app/map_style.json,ro \
|
||||
{% endif %}
|
||||
{% if matrix_client_schildichat_embedded_pages_home_path is not none %}
|
||||
--mount type=bind,src={{ matrix_client_schildichat_data_path }}/home.html,dst=/app/home.html,ro \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_client_schildichat_data_path }}/welcome.html,dst=/app/welcome.html,ro \
|
||||
{% for arg in matrix_client_schildichat_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_client_schildichat_docker_image }}
|
||||
|
||||
{% for network in matrix_client_schildichat_container_additional_networks %}
|
||||
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-client-schildichat
|
||||
{% endfor %}
|
||||
|
||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-schildichat
|
||||
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true'
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true'
|
||||
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-client-schildichat
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
205
roles/custom/matrix-client-schildichat/templates/welcome.html.j2
Normal file
205
roles/custom/matrix-client-schildichat/templates/welcome.html.j2
Normal file
@ -0,0 +1,205 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
<style type="text/css">
|
||||
|
||||
/* we deliberately inline style here to avoid flash-of-CSS problems, and to avoid
|
||||
* voodoo where we have to set display: none by default
|
||||
*/
|
||||
|
||||
h1::after {
|
||||
content: "!";
|
||||
}
|
||||
|
||||
.mx_Parent {
|
||||
display: -webkit-box;
|
||||
display: -webkit-flex;
|
||||
display: -ms-flexbox;
|
||||
display: flex;
|
||||
-webkit-box-orient: vertical;
|
||||
-webkit-box-direction: normal;
|
||||
-webkit-flex-direction: column;
|
||||
-ms-flex-direction: column;
|
||||
flex-direction: column;
|
||||
-webkit-box-pack: center;
|
||||
-webkit-justify-content: center;
|
||||
-ms-flex-pack: center;
|
||||
justify-content: center;
|
||||
-webkit-box-align: center;
|
||||
-webkit-align-items: center;
|
||||
-ms-flex-align: center;
|
||||
align-items: center;
|
||||
text-align: center;
|
||||
padding: 25px 35px;
|
||||
color: #2e2f32;
|
||||
}
|
||||
|
||||
.mx_Logo {
|
||||
height: 54px;
|
||||
margin-top: 2px;
|
||||
}
|
||||
|
||||
.mx_ButtonGroup {
|
||||
margin-top: 10px;
|
||||
}
|
||||
|
||||
.mx_ButtonRow {
|
||||
display: -webkit-box;
|
||||
display: -webkit-flex;
|
||||
display: -ms-flexbox;
|
||||
display: flex;
|
||||
-webkit-justify-content: space-around;
|
||||
-ms-flex-pack: distribute;
|
||||
justify-content: space-around;
|
||||
-webkit-box-align: center;
|
||||
-webkit-align-items: center;
|
||||
-ms-flex-align: center;
|
||||
align-items: center;
|
||||
justify-content: space-between;
|
||||
box-sizing: border-box;
|
||||
margin: 12px 0 0;
|
||||
}
|
||||
|
||||
.mx_ButtonRow > * {
|
||||
margin: 0 10px;
|
||||
}
|
||||
|
||||
.mx_ButtonRow > *:first-child {
|
||||
margin-left: 0;
|
||||
}
|
||||
|
||||
.mx_ButtonRow > *:last-child {
|
||||
margin-right: 0;
|
||||
}
|
||||
|
||||
.mx_ButtonParent {
|
||||
display: -webkit-box;
|
||||
display: -webkit-flex;
|
||||
display: -ms-flexbox;
|
||||
display: flex;
|
||||
padding: 10px 20px;
|
||||
-webkit-box-orient: horizontal;
|
||||
-webkit-box-direction: normal;
|
||||
-webkit-flex-direction: row;
|
||||
-ms-flex-direction: row;
|
||||
flex-direction: row;
|
||||
-webkit-box-pack: center;
|
||||
-webkit-justify-content: center;
|
||||
-ms-flex-pack: center;
|
||||
justify-content: center;
|
||||
-webkit-box-align: center;
|
||||
-webkit-align-items: center;
|
||||
-ms-flex-align: center;
|
||||
align-items: center;
|
||||
border-radius: 4px;
|
||||
width: 150px;
|
||||
background-repeat: no-repeat;
|
||||
background-position: 10px center;
|
||||
text-decoration: none;
|
||||
color: #2e2f32 !important;
|
||||
}
|
||||
|
||||
.mx_ButtonLabel {
|
||||
margin-left: 20px;
|
||||
}
|
||||
|
||||
.mx_Header_title {
|
||||
font-size: 24px;
|
||||
font-weight: 600;
|
||||
margin: 20px 0 0;
|
||||
}
|
||||
|
||||
.mx_Header_subtitle {
|
||||
font-size: 12px;
|
||||
font-weight: normal;
|
||||
margin: 8px 0 0;
|
||||
}
|
||||
|
||||
.mx_ButtonSignIn {
|
||||
background-color: #368BD6;
|
||||
color: white !important;
|
||||
}
|
||||
|
||||
.mx_ButtonCreateAccount {
|
||||
background-color: #0DBD8B;
|
||||
color: white !important;
|
||||
}
|
||||
|
||||
.mx_SecondaryButton {
|
||||
background-color: #FFFFFF;
|
||||
color: #2E2F32;
|
||||
}
|
||||
|
||||
.mx_Button_iconSignIn {
|
||||
background-image: url('welcome/images/icon-sign-in.svg');
|
||||
}
|
||||
.mx_Button_iconCreateAccount {
|
||||
background-image: url('welcome/images/icon-create-account.svg');
|
||||
}
|
||||
.mx_Button_iconHelp {
|
||||
background-image: url('welcome/images/icon-help.svg');
|
||||
}
|
||||
.mx_Button_iconRoomDirectory {
|
||||
background-image: url('welcome/images/icon-room-directory.svg');
|
||||
}
|
||||
|
||||
/*
|
||||
.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
|
||||
If it is set on the page, we should show the buttons. Otherwise, we have to assume
|
||||
we don't have an account and should hide them. No account == no guest account either.
|
||||
*/
|
||||
.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
|
||||
display: none;
|
||||
}
|
||||
|
||||
.mx_ButtonRow.mx_WelcomePage_guestFunctions {
|
||||
margin-top: 20px;
|
||||
}
|
||||
.mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
|
||||
margin: 0 auto;
|
||||
}
|
||||
|
||||
@media only screen and (max-width: 480px) {
|
||||
.mx_ButtonRow {
|
||||
flex-direction: column;
|
||||
}
|
||||
|
||||
.mx_ButtonRow > * {
|
||||
margin: 0 0 10px 0;
|
||||
}
|
||||
}
|
||||
|
||||
</style>
|
||||
|
||||
<div class="mx_Parent">
|
||||
<a href="{{ matrix_client_schildichat_welcome_logo_link }}" target="_blank" rel="noopener">
|
||||
<img src="{{ matrix_client_schildichat_welcome_logo }}" alt="" class="mx_Logo"/>
|
||||
</a>
|
||||
<h1 class="mx_Header_title">{{ matrix_client_schildichat_welcome_headline }}</h1>
|
||||
<h4 class="mx_Header_subtitle">{{ matrix_client_schildichat_welcome_text }}</h4>
|
||||
<div class="mx_ButtonGroup">
|
||||
<div class="mx_ButtonRow">
|
||||
<a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
|
||||
<div class="mx_ButtonLabel">_t("Sign In")</div>
|
||||
</a>
|
||||
{% if matrix_client_schildichat_registration_enabled %}
|
||||
<a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
|
||||
<div class="mx_ButtonLabel">_t("Create Account")</div>
|
||||
</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% if matrix_client_schildichat_disable_guests != true %}
|
||||
<!-- The comments below are meant to be used by Ansible as a quick way
|
||||
to strip out the marked content when desired.
|
||||
See https://github.com/vector-im/riot-web/issues/8622.
|
||||
TODO: Convert to config option if possible. -->
|
||||
<!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
|
||||
<div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
|
||||
<div>
|
||||
<a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
|
||||
<div class="mx_ButtonLabel">_t("Explore rooms")</div>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<!-- END Ansible: Remove these lines when guest access is disabled -->
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
3
roles/custom/matrix-client-schildichat/vars/main.yml
Normal file
3
roles/custom/matrix-client-schildichat/vars/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
|
||||
matrix_client_schildichat_embedded_pages_home_url: "{{ ('' if matrix_client_schildichat_embedded_pages_home_path is none else 'home.html') }}"
|
@ -212,6 +212,10 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
|
||||
matrix_nginx_proxy_proxy_cinny_enabled: false
|
||||
matrix_nginx_proxy_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}"
|
||||
|
||||
# Controls whether proxying the schildichat domain should be done.
|
||||
matrix_nginx_proxy_proxy_schildichat_enabled: false
|
||||
matrix_nginx_proxy_proxy_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}"
|
||||
|
||||
# Controls whether proxying the buscarron domain should be done.
|
||||
matrix_nginx_proxy_proxy_buscarron_enabled: false
|
||||
matrix_nginx_proxy_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"
|
||||
@ -421,6 +425,9 @@ matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: []
|
||||
# A list of strings containing additional configuration blocks to add to Cinny's server configuration (matrix-client-cinny.conf).
|
||||
matrix_nginx_proxy_proxy_cinny_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to schildichat's server configuration (matrix-client-schildichat.conf).
|
||||
matrix_nginx_proxy_proxy_schildichat_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to buscarron's server configuration (matrix-bot-buscarron.conf).
|
||||
matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: []
|
||||
|
||||
|
@ -115,6 +115,13 @@
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_cinny_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for schildichat domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-schildichat.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-schildichat.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_schildichat_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for buscarron domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2"
|
||||
|
@ -0,0 +1,106 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% macro render_vhost_directives() %}
|
||||
gzip on;
|
||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||
|
||||
{% if matrix_nginx_proxy_hsts_preload_enabled %}
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
{% else %}
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
{% endif %}
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||
|
||||
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||
add_header Permissions-Policy interest-cohort=() always;
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_schildichat_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
|
||||
set $backend "matrix-client-schildichat:8080";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:8765;
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||
}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
|
||||
|
||||
server_name {{ matrix_nginx_proxy_proxy_schildichat_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
location /.well-known/acme-challenge {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
|
||||
set $backend "matrix-certbot:8080";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$http_host$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
{{ render_vhost_directives() }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
server {
|
||||
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
|
||||
server_name {{ matrix_nginx_proxy_proxy_schildichat_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/fullchain.pem;
|
||||
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/privkey.pem;
|
||||
|
||||
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||
{% if matrix_nginx_proxy_ssl_ciphers != "" %}
|
||||
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
|
||||
{% endif %}
|
||||
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
|
||||
|
||||
{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/chain.pem;
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||
ssl_session_tickets off;
|
||||
{% endif %}
|
||||
ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
|
||||
ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
|
||||
|
||||
{{ render_vhost_directives() }}
|
||||
}
|
||||
{% endif %}
|
Loading…
Reference in New Issue
Block a user