refactoring

2021-11-16 21:03:21 +02:00 · 2021-11-16 21:03:21 +02:00 · d3a9ec98de
parent 1ec67f49b0
commit d3a9ec98de
14 changed files with 30 additions and 8 deletions
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -113,6 +113,7 @@ matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx

 matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}"

+matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
 matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"

 matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
@ -151,6 +152,7 @@ matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_pr

 matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}"

+matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
 matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}"

 matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}"
@ -567,6 +569,7 @@ matrix_sms_bridge_systemd_required_services_list: |

 matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}"

+matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
 matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}"

 ######################################################################
@ -1216,6 +1219,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 # ma1sd's web-server port.
 matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_default_port|string }}"

+
 # We enable Synapse integration via its Postgres database by default.
 # When using another Identity store, you might wish to disable this and define
 # your own configuration in `matrix_ma1sd_configuration_extension_yaml`.
@ -1308,6 +1312,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
 # Settings controlling matrix-synapse-proxy.conf
 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"

+matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
+matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
+
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}"

--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@ -91,7 +91,7 @@ matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
 # Specifies where the homeserver is on the container network.
 # Where this is depends on whether there's a reverse-proxy in front of it, etc.
 # This likely gets overriden elsewhere.
-matrix_homeserver_container_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
+matrix_homeserver_container_url: ""

 matrix_identity_server_url: ~

--- a/roles/matrix-base/tasks/validate_config.yml
+++ b/roles/matrix-base/tasks/validate_config.yml
@ -0,0 +1,9 @@
+---
+
+- name: Fail if required Matrix Base settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`) for using this playbook.
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_homeserver_container_url"
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@ -33,7 +33,7 @@ matrix_appservice_slack_slack_port: 9003
 matrix_appservice_slack_container_http_host_bind_port: ''

 matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
-matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
+matrix_appservice_slack_homeserver_url: ""
 matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}"
 matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack'

--- a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml
+++ b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml
@ -8,5 +8,6 @@
  with_items:
    - "matrix_appservice_slack_control_room_id"
    - "matrix_appservice_slack_appservice_token"
+    - "matrix_appservice_slack_homeserver_url"
    - "matrix_appservice_slack_homeserver_token"
    - "matrix_appservice_slack_id_token"
--- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
@ -36,7 +36,7 @@ matrix_appservice_webhooks_matrix_port: 6789
 matrix_appservice_webhooks_container_http_host_bind_port: ''

 matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
-matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
+matrix_appservice_webhooks_homeserver_url: ""
 matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}"
 matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks'

--- a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml
@ -7,6 +7,7 @@
  when: "vars[item] == ''"
  with_items:
    - "matrix_appservice_webhooks_appservice_token"
+    - "matrix_appservice_webhooks_homeserver_url"
    - "matrix_appservice_webhooks_homeserver_token"
    - "matrix_appservice_webhooks_id_token"
    - "matrix_appservice_webhooks_api_secret"
--- a/roles/matrix-bridge-sms/defaults/main.yml
+++ b/roles/matrix-bridge-sms/defaults/main.yml
@ -26,7 +26,7 @@ matrix_sms_bridge_systemd_wanted_services_list: []

 matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080'
 matrix_sms_bridge_homeserver_hostname: 'matrix-synapse'
-matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
+matrix_sms_bridge_homeserver_port: ""

 matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}"
 matrix_sms_bridge_default_room: ''
--- a/roles/matrix-bridge-sms/tasks/validate_config.yml
+++ b/roles/matrix-bridge-sms/tasks/validate_config.yml
@ -7,6 +7,7 @@
  when: "vars[item] == ''"
  with_items:
    - "matrix_sms_bridge_appservice_token"
+    - "matrix_sms_bridge_homeserver_port"
    - "matrix_sms_bridge_homeserver_token"
    - "matrix_sms_bridge_default_region"
    - "matrix_sms_bridge_default_timezone"
--- a/roles/matrix-ma1sd/defaults/main.yml
+++ b/roles/matrix-ma1sd/defaults/main.yml
@ -83,7 +83,7 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_password: ""
 # so that ma1sd can rewrite the original URL to one that would reach the homeserver.
 matrix_ma1sd_dns_overwrite_enabled: false
 matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
-matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
+matrix_ma1sd_dns_overwrite_homeserver_client_value: ""

 # Override the default session templates
 # To use this, fill in the template variables with the full desired template as a multi-line YAML variable
--- a/roles/matrix-ma1sd/tasks/validate_config.yml
+++ b/roles/matrix-ma1sd/tasks/validate_config.yml
@ -46,6 +46,7 @@
  when: "vars[item] == ''"
  with_items:
    - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host"
+    - "matrix_ma1sd_dns_overwrite_homeserver_client_value"

 - name: (Deprecation) Catch and report renamed ma1sd variables
  fail:
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@ -197,8 +197,8 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-pr
 matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "127.0.0.1:12080"

 # The addresses where the Matrix Client API is, when using Synapse.
-matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
-matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
+matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: ""
+matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: ""

 # This needs to be equal or higher than the maximum upload size accepted by Synapse.
 matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 50
--- a/roles/matrix-nginx-proxy/tasks/validate_config.yml
+++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml
@ -45,5 +45,7 @@
        - "matrix_ssl_lets_encrypt_support_email"
        - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container"
        - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container"
+        - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container"
+        - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container"
      when: "vars[item] == '' or vars[item] is none"
  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@ -289,7 +289,7 @@ listeners:

  # Unsecure HTTP listener (Client API): for when matrix traffic passes through a reverse proxy
  # that unwraps TLS.
-  - port: {{ matrix_synapse_container_client_api_port|tojson }}
+  - port: {{ matrix_synapse_container_client_api_port|to_json }}
    tls: false
    bind_addresses: ['::']
    type: http