Rename some variables

7 лет назад · a43bcd81fe
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,18 @@
 # 2019-02-19

 ## Renaming variables

 The following playbook variables were renamed:

 - from `host_specific_hostname_identity` to `matrix_domain`
 - from `hostname_identity` to `matrix_domain`
 - from `hostname_matrix` to `matrix_server_fqn_matrix`
 - from `hostname_riot` to `matrix_server_fqn_riot`
 - from `host_specific_matrix_ssl_lets_encrypt_support_email` to `matrix_ssl_lets_encrypt_support_email`

 Doing that, we've simplified things, made names less confusing (hopefully) and moved all variable names under the `matrix_` prefix.


 # 2019-02-16

 ## Riot v1.0.1 support
--- a/docs/configuring-playbook-bridge-appservice-irc.md
+++ b/docs/configuring-playbook-bridge-appservice-irc.md
@@ -73,4 +73,4 @@ matrix_appservice_irc_configuration_extension_yaml: |
          lineLimit: 3
 ```

 You then need to start a chat with `@irc_bot:{{ hostname_identity }}`
 You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
--- a/docs/configuring-playbook-bridge-mautrix-telegram.md
+++ b/docs/configuring-playbook-bridge-mautrix-telegram.md
@@ -12,4 +12,4 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
 matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
 ```

 You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
 You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
--- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md
+++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md
@@ -10,4 +10,4 @@ Use the following playbook configuration:
 matrix_mautrix_whatsapp_enabled: true
 ```

 You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base hostname, not the `matrix.` hostname).
 You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
--- a/docs/configuring-playbook-ssl-certificates.md
+++ b/docs/configuring-playbook-ssl-certificates.md
@@ -66,13 +66,13 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
 To do that, simply define your own custom configuration like this:

 ```yaml
 # Note: we need to include the matrix (`hostname_matrix`) and riot (`hostname_riot`) domains explicitly.
 # Your base domain is in the `hostname_identity` variable.
 # Note: we need to include the matrix (`matrix_server_fqn_matrix`) and riot (`matrix_server_fqn_riot`) domains explicitly.
 # Your base domain is in the `matrix_domain` variable.
 # Adding any other additional domains (hosted on the same machine) is possible.
 matrix_ssl_domains_to_obtain_certificates_for:
  - '{{ hostname_matrix }}'
  - '{{ hostname_riot }}'
  - '{{ hostname_identity }}'
  - '{{ matrix_server_fqn_matrix }}'
  - '{{ matrix_server_fqn_riot }}'
  - '{{ matrix_domain }}'
 ```

 After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:
--- a/examples/host-vars.yml
+++ b/examples/host-vars.yml
@@ -1,26 +1,21 @@
 # This is something which is provided to Let's Encrypt
 # when retrieving the SSL certificates for domains.
 # The bare domain name which represents your Matrix identity.
 # Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
 #
 # In case SSL renewal fails at some point, you'll also get
 # an email notification there.
 # Note: this playbook does not touch the server referenced here.
 # Installation happens on another server ("matrix.<matrix-domain>").
 #
 # If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
 # you won't be required to define this variable
 # (see `docs/configuring-playbook-ssl-certificates.md`).
 #
 # Example value: someone@example.com
 host_specific_matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
 # Example value: example.com
 matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE

 # This is your bare domain name (`<your-domain>`).
 # This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
 #
 # Note: the server specified here is not touched.
 # In case SSL renewal fails at some point, you'll also get an email notification there.
 #
 # This playbook only installs to `matrix.<your-domain>`,
 # but it nevertheless requires to know the bare domain name
 # (for configuration purposes).
 # If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
 # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
 #
 # Example value: example.com
 host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE
 # Example value: someone@example.com
 matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE

 # A shared secret (between Coturn and Synapse) used for authentication.
 # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
--- a/group_vars/matrix-servers
+++ b/group_vars/matrix-servers
@@ -112,7 +112,7 @@ matrix_mailer_enabled: true
 #
 ######################################################################

 # By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`).
 # By default, this playbook installs the mxisd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`).
 # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
 matrix_mxisd_enabled: true

@@ -129,7 +129,7 @@ matrix_mxisd_synapsesql_type: postgresql
 matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}

 matrix_mxisd_dns_overwrite_enabled: true
 matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
 matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
 matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"

 # By default, we send mail through the `matrix-mailer` service.
@@ -207,9 +207,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: |

 matrix_ssl_domains_to_obtain_certificates_for: |
  {{
    ([hostname_matrix])
    ([matrix_server_fqn_matrix])
    +
    ([hostname_riot] if matrix_riot_web_enabled else [])
    ([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
  }}

 ######################################################################
@@ -247,7 +247,7 @@ matrix_postgres_db_name: "homeserver"
 #
 ######################################################################

 # By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain.
 # By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
 # If you wish to connect to your Matrix server by other means, you may wish to disable this.
 matrix_riot_web_enabled: true

@@ -274,7 +274,7 @@ matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
 ######################################################################

 # When mxisd is enabled, we can use it instead of the default public Identity servers.
 matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
 matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"

 # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
@@ -303,13 +303,13 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
 matrix_synapse_email_smtp_port: 8025
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
 matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
 matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"

 matrix_synapse_turn_uris: |
  {{
    [
      'turn:' + hostname_matrix + ':3478?transport=udp',
      'turn:' + hostname_matrix + ':3478?transport=tcp',
      'turn:' + matrix_server_fqn_matrix + ':3478?transport=udp',
      'turn:' + matrix_server_fqn_matrix + ':3478?transport=tcp',
    ]
    if matrix_coturn_enabled
    else []
--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@@ -1,16 +1,19 @@
 # The bare hostname which represents your identity.
 # This is something like "example.com".
 # The bare domain name which represents your Matrix identity.
 # Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
 #
 # Note: this playbook does not touch the server referenced here.
 hostname_identity: "{{ host_specific_hostname_identity|lower }}"
 # Installation happens on another server ("matrix.<matrix-domain>", see `matrix_server_fqn_matrix`).
 #
 # Example value: example.com
 matrix_domain: ~

 # This is where your data lives and what we set up here.
 # This and the Riot hostname (see below) are expected to be on the same server.
 hostname_matrix: "matrix.{{ hostname_identity }}"
 # This is where your data lives and what we set up.
 # This and the Riot FQN (see below) are expected to be on the same server.
 matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"

 # This is where you access the web UI from and what we set up here.
 # This and the Matrix hostname (see above) are expected to be on the same server.
 hostname_riot: "riot.{{ hostname_identity }}"

 # This and the Matrix FQN (see above) are expected to be on the same server.
 matrix_server_fqn_riot: "riot.{{ matrix_domain }}"

 matrix_user_username: "matrix"
 matrix_user_uid: 991
@@ -21,7 +24,7 @@ matrix_base_data_path_mode: "750"

 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"

 matrix_homeserver_url: "https://{{ hostname_matrix }}"
 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"

 matrix_identity_server_url: ~

@@ -32,8 +35,8 @@ matrix_docker_network: "matrix"
 #
 # If you wish to rely on DNS SRV records only, you can disable this.
 # Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
 # using certificates for the base domain (`hostname_identity`) and not for the
 # matrix domain (`hostname_matrix`).
 # using certificates for the base domain (`matrix_domain`) and not for the
 # matrix domain (`matrix_server_fqn_matrix`).
 matrix_well_known_matrix_server_enabled: true

 # Variables to Control which parts of our roles run.
--- a/roles/matrix-base/tasks/main.yml
+++ b/roles/matrix-base/tasks/main.yml
@@ -1,3 +1,7 @@
 - import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
  when: run_setup
  tags:
@@ -21,13 +25,9 @@
    - setup-synapse
    - setup-nginx-proxy

 - import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
  delegate_to: 127.0.0.1
  become: false
  when: run_self_check
  tags:
    - self-check
    - self-check
--- a/roles/matrix-base/tasks/sanity_check.yml
+++ b/roles/matrix-base/tasks/sanity_check.yml
@@ -15,15 +15,32 @@
    msg: "{{ matrix_ansible_outdated_fail_msg }}"
  when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"

 # This sanity check is only used to detect uppercase when people override these specific variables.
 #
 # If people set `host_specific_hostname_identity` without overriding other variables (the general use-case),
 # we take care to lower-case it automatically and it won't cause trouble anyway.
 - name: (Deprecation) Catch and report renamed settings
  fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  when: "item.old in vars"
  with_items:
    - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
    - {'old': 'hostname_identity', 'new': 'matrix_domain'}
    - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}

 - name: Fail if required variables are undefined
  fail:
    msg: "The `{{ item }}` variable must be defined and have a non-null value"
  with_items:
    - matrix_domain
    - matrix_server_fqn_matrix
    - matrix_server_fqn_riot
  when: "item not in vars or vars[item] is none"

 - name: Fail if uppercase domain used
  fail:
    msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
  when: "item != item|lower"
  with_items:
    - "{{ hostname_identity }}"
    - "{{ hostname_matrix }}"
    - "{{ hostname_riot }}"
    - "{{ matrix_domain }}"
    - "{{ matrix_server_fqn_matrix }}"
    - "{{ matrix_server_fqn_riot }}"
  when: "item != item|lower"
--- a/roles/matrix-base/tasks/self_check_dns.yml
+++ b/roles/matrix-base/tasks/self_check_dns.yml
@@ -4,16 +4,16 @@
  set_fact:
    dns_srv_record_checks:
      - service_and_protocol: "_matrix._tcp"
        domain: "{{ (hostname_identity + '.') }}"
        expected_target: "{{ (hostname_matrix + '.') }}"
        domain: "{{ (matrix_domain + '.') }}"
        expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
        expected_port: 8448

 - block:
    - set_fact:
        dns_srv_record_check_mxisd:
          service_and_protocol: "_matrix-identity._tcp"
          domain: "{{ (hostname_identity + '.') }}"
          expected_target: "{{ (hostname_matrix + '.') }}"
          domain: "{{ (matrix_domain + '.') }}"
          expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
          expected_port: 443

    - name: Determine domains that we require certificates for (mxisd)
@@ -25,4 +25,4 @@
  include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
  with_items: "{{ dns_srv_record_checks }}"
  loop_control:
    loop_var: dns_srv_record_check
    loop_var: dns_srv_record_check
--- a/roles/matrix-base/templates/static-files/well-known/matrix-server.j2
+++ b/roles/matrix-base/templates/static-files/well-known/matrix-server.j2
@@ -1,3 +1,3 @@
 {
 	"m.server": "{{ hostname_matrix }}:8448"
 	"m.server": "{{ matrix_server_fqn_matrix }}:8448"
 }
--- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
+++ b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
@@ -5,7 +5,7 @@ if [ "$(id -u)" != "0" ]; then
 	exit 1
 fi

 echo "WARNING! You are about to remove everything the playbook installs for matrix.{{ host_specific_hostname_identity }}: matrix, docker images,..."
 echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images,..."
 echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'"
 read sure

--- a/roles/matrix-corporal/defaults/main.yml
+++ b/roles/matrix-corporal/defaults/main.yml
@@ -15,7 +15,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
 matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
 matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"

 matrix_corporal_matrix_homeserver_domain_name: "{{ hostname_identity }}"
 matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"

 # Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008").
 # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.
--- a/roles/matrix-corporal/tasks/self_check_corporal.yml
+++ b/roles/matrix-corporal/tasks/self_check_corporal.yml
@@ -1,7 +1,7 @@
 ---

 - set_fact:
    corporal_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/corporal"
    corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal"

 - name: Check Matrix Corporal HTTP gateway
  uri:
@@ -13,9 +13,9 @@

 - name: Fail if Matrix Corporal HTTP gateway not working
  fail:
    msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
    msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}"
  when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content"

 - name: Report working Matrix Corporal HTTP gateway
  debug:
    msg: "Matrix Corporal is fronting the Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"
    msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)"
--- a/roles/matrix-corporal/templates/config.json.j2
+++ b/roles/matrix-corporal/templates/config.json.j2
@@ -8,7 +8,7 @@
 	},

 	"Reconciliation": {
 		"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ hostname_identity }}",
 		"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}",
 		"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
 	},

--- a/roles/matrix-coturn/templates/turnserver.conf.j2
+++ b/roles/matrix-coturn/templates/turnserver.conf.j2
@@ -1,6 +1,6 @@
 use-auth-secret
 static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
 realm=turn.{{ hostname_matrix }}
 realm=turn.{{ matrix_server_fqn_matrix }}
 min-port={{ matrix_coturn_turn_udp_min_port }}
 max-port={{ matrix_coturn_turn_udp_max_port }}
 external-ip={{ matrix_coturn_turn_external_ip_address }}
--- a/roles/matrix-mailer/defaults/main.yml
+++ b/roles/matrix-mailer/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r1-0"
 matrix_mailer_container_user_uid: 100
 matrix_mailer_container_user_gid: 101

 matrix_mailer_sender_address: "matrix@{{ hostname_identity }}"
 matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
 matrix_mailer_relay_use: false
 matrix_mailer_relay_host_name: "mail.example.com"
 matrix_mailer_relay_host_port: 587
--- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2
+++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2
@@ -15,7 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
 			--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_mailer_base_path }}/env-mailer \
 			--hostname={{ hostname_matrix }} \
 			--hostname={{ matrix_server_fqn_matrix }} \
 			{{ matrix_mailer_docker_image }}
 ExecStop=-/usr/bin/docker kill matrix-mailer
 ExecStop=-/usr/bin/docker rm matrix-mailer
--- a/roles/matrix-mxisd/defaults/main.yml
+++ b/roles/matrix-mxisd/defaults/main.yml
@@ -29,7 +29,7 @@ matrix_mxisd_synapsesql_type: ""
 matrix_mxisd_synapsesql_connection: ""

 # Setting up email-sending settings is required for using mxisd.
 matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ hostname_identity }}"
 matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
 matrix_mxisd_threepid_medium_email_connectors_smtp_host: ""
 matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587
 matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
@@ -40,7 +40,7 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
 # Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
 # so that mxisd can rewrite the original URL to one that would reach the homeserver.
 matrix_mxisd_dns_overwrite_enabled: false
 matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}"
 matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
 matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"

 # Default mxisd configuration template which covers the generic use case.
@@ -50,10 +50,10 @@ matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
 # or completely replace this variable with your own template.
 matrix_mxisd_configuration_yaml: |
  matrix:
    domain: {{ hostname_identity }}
    domain: {{ matrix_domain }}

  server:
    name: {{ hostname_matrix }}
    name: {{ matrix_server_fqn_matrix }}

  key:
    path: /var/mxisd/sign.key
--- a/roles/matrix-mxisd/tasks/self_check_mxisd.yml
+++ b/roles/matrix-mxisd/tasks/self_check_mxisd.yml
@@ -1,7 +1,7 @@
 ---

 - set_fact:
    mxisd_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/identity/api/v1"
    mxisd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1"

 - name: Check mxisd Identity Service
  uri:
@@ -12,9 +12,9 @@

 - name: Fail if mxisd Identity Service not working
  fail:
    msg: "Failed checking mxisd is up at `{{ hostname_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
    msg: "Failed checking mxisd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ mxisd_url_endpoint_public }}`). Is mxisd running? Is port 443 open in your firewall? Full error: {{ result_mxisd }}"
  when: "result_mxisd.failed or 'json' not in result_mxisd"

 - name: Report working mxisd Identity Service
  debug:
    msg: "mxisd at `{{ hostname_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"
    msg: "mxisd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ mxisd_url_endpoint_public }}`)"
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -22,11 +22,11 @@ matrix_nginx_proxy_container_additional_volumes: []

 # Controls whether proxying the riot domain should be done.
 matrix_nginx_proxy_proxy_riot_enabled: false
 matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"
 matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"

 # Controls whether proxying the matrix domain should be done.
 matrix_nginx_proxy_proxy_matrix_enabled: false
 matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}"
 matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"

 # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
@@ -92,7 +92,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
 # obeying the following hierarchy:
 # - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
 # - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
 # where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
 # where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
 #
 # The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
 # It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
@@ -106,7 +106,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
 matrix_ssl_lets_encrypt_staging: false
 matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
 matrix_ssl_lets_encrypt_support_email: ~

 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
@@ -1,8 +1,8 @@
 ---

 - set_fact:
    well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}"
    well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}"
    well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
    well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"

 # These well-known files may be served without a `Content-Type: application/json` header,
 # so we can't rely on the uri module's automatic parsing of JSON.
@@ -16,7 +16,7 @@

 - name: Fail if .well-known not working on the matrix hostname
  fail:
    msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
    msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
  when: "result_well_known_matrix.failed"

 - name: Parse JSON for well-known payload at the matrix hostname
@@ -25,12 +25,12 @@

 - name: Fail if .well-known not CORS-aware on the matrix hostname
  fail:
    msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
    msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
  when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"

 - name: Report working .well-known on the matrix hostname
  debug:
    msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
    msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"

 - name: Check .well-known on the identity hostname
  uri:
@@ -42,7 +42,7 @@

 - name: Fail if .well-known not working on the identity hostname
  fail:
    msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
    msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
  when: "result_well_known_identity.failed"

 - name: Parse JSON for well-known payload at the identity hostname
@@ -51,15 +51,15 @@

 - name: Fail if .well-known not CORS-aware on the identity hostname
  fail:
    msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
    msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
  when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"

 # For people who manually copy the well-known file, try to detect if it's outdated
 - name: Fail if well-known is different on matrix hostname and identity hostname
  fail:
    msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
    msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
  when: "well_known_matrix_payload != well_known_identity_payload"

 - name: Report working .well-known on the identity hostname
  debug:
    msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"
    msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"
--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
@@ -16,10 +16,22 @@
 # Tasks related to setting up Let's Encrypt's management of certificates
 #

 - name: (Deprecation) Fail if using outdated configuration
 - name: (Deprecation) Catch and report renamed settings
  fail:
    msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!"
  when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined"
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  with_items:
    - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
    - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
  when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"

 - name: Fail if required variables are undefined
  fail:
    msg: "Detected an undefined required variable"
  with_items:
    - "{{ matrix_ssl_lets_encrypt_support_email }}"
  when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none"

 - name: Allow access to HTTP/HTTPS in firewalld
  firewalld:
@@ -111,4 +123,4 @@
  file:
    path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
    state: absent
  when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
  when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
--- a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2
+++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2
@@ -13,4 +13,4 @@ docker run \
 	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
 	--network {{ matrix_docker_network }} \
 	{{ matrix_postgres_docker_image_to_use }} \
 	psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ host_specific_hostname_identity }}'"
 	psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"
--- a/roles/matrix-riot-web/tasks/self_check_riot_web.yml
+++ b/roles/matrix-riot-web/tasks/self_check_riot_web.yml
@@ -1,7 +1,7 @@
 ---

 - set_fact:
    riot_web_url_endpoint_public: "https://{{ hostname_riot }}/config.json"
    riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"

 - name: Check riot-web
  uri:
@@ -12,9 +12,9 @@

 - name: Fail if riot-web not working
  fail:
    msg: "Failed checking riot-web is up at `{{ hostname_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
    msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
  when: "result_riot_web.failed or 'json' not in result_riot_web"

 - name: Report working riot-web
  debug:
    msg: "riot-web at `{{ hostname_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
    msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -71,8 +71,8 @@ matrix_synapse_rc_message_burst_count: 10.0
 # If you're serving Synapse behind an HTTPS-capable reverse-proxy,
 # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
 matrix_synapse_tls_federation_listener_enabled: true
 matrix_synapse_tls_certificate_path: "/data/{{ hostname_matrix }}.tls.crt"
 matrix_synapse_tls_private_key_path: "/data/{{ hostname_matrix }}.tls.key"
 matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
 matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"

 # Enable this to allow Synapse to report utilization statistics about your server to matrix.org
 # (things like number of users, number of messages sent, uptime, load, etc.)
@@ -155,8 +155,8 @@ matrix_synapse_email_enabled: false
 matrix_synapse_email_smtp_host: ""
 matrix_synapse_email_smtp_port: 587
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <matrix@{{ hostname_identity }}>"
 matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
 matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
 matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"


 # Enable this to activate the REST auth password provider module.
@@ -229,8 +229,8 @@ matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"

 matrix_appservice_irc_configuration_yaml: |
  homeserver:
    url: "https://{{ hostname_matrix }}"
    domain: "{{ hostname_identity }}"
    url: "https://{{ matrix_server_fqn_matrix }}"
    domain: "{{ matrix_domain }}"
    enablePresence: true

 matrix_appservice_irc_configuration_extension_yaml: |
--- a/roles/matrix-synapse/tasks/self_check_client_api.yml
+++ b/roles/matrix-synapse/tasks/self_check_client_api.yml
@@ -9,9 +9,9 @@

 - name: Fail if Matrix Client API not working
  fail:
    msg: "Failed checking Matrix Client API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
    msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
  when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api"

 - name: Report working Matrix Client API
  debug:
    msg: "The Matrix Client API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
    msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
--- a/roles/matrix-synapse/tasks/self_check_federation_api.yml
+++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml
@@ -10,9 +10,9 @@

 - name: Fail if Matrix Federation API not working
  fail:
    msg: "Failed checking Matrix Federation API is up at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
    msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
  when: "result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api"

 - name: Report working Matrix Federation API
  debug:
    msg: "The Matrix Federation API at `{{ hostname_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
    msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
--- a/roles/matrix-synapse/tasks/setup_synapse_main.yml
+++ b/roles/matrix-synapse/tasks/setup_synapse_main.yml
@@ -41,7 +41,7 @@
    --cap-drop=ALL
    -v {{ matrix_synapse_config_dir_path }}:/data
    -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
    -e SYNAPSE_SERVER_NAME={{ hostname_matrix }}
    -e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }}
    -e SYNAPSE_REPORT_STATS=no
    {{ matrix_synapse_docker_image }}
    generate
@@ -56,7 +56,7 @@
 - name: Ensure Matrix log config installed
  template:
    src: "{{ matrix_synapse_template_synapse_log }}"
    dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config"
    dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config"
    mode: 0644

 - name: Ensure matrix-synapse.service installed
--- a/roles/matrix-synapse/tasks/validate_config.yml
+++ b/roles/matrix-synapse/tasks/validate_config.yml
@@ -10,7 +10,7 @@

 - name: (Deprecation) Catch and report renamed settings
  fail:
    msg: >
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  when: "item.old in vars"
--- a/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2
+++ b/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2
@@ -1,9 +1,9 @@
 # Homeserver details
 homeserver:
    # The address that this appservice can use to connect to the homeserver.
    address: https://{{ hostname_matrix }}
    address: https://{{ matrix_server_fqn_matrix }}
    # The domain of the homeserver (for MXIDs, etc).
    domain: {{ hostname_identity }}
    domain: {{ matrix_domain }}
    # Whether or not to verify the SSL certificate of the homeserver.
    # Only applies if address starts with https://
    verify_ssl: true
@@ -38,7 +38,7 @@ appservice:
        prefix: {{ matrix_mautrix_telegram_public_endpoint }}
        # The base URL where the public-facing endpoints are available. The prefix is not added
        # implicitly.
        external: https://{{ hostname_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
        external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}

    # Provisioning API part of the web server for automated portal creation and fetching information.
    # Used by things like Dimension (https://dimension.t2bot.io/).
@@ -206,7 +206,7 @@ bridge:
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
        '{{ hostname_identity }}': full
        '{{ matrix_domain }}': full

    # Options related to the message relay Telegram bot.
    relaybot:
--- a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2
+++ b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2
@@ -1,9 +1,9 @@
 # Homeserver details.
 homeserver:
  # The address that this appservice can use to connect to the homeserver.
  address: https://{{ hostname_matrix }}
  address: https://{{ matrix_server_fqn_matrix }}
  # The domain of the homeserver (for MXIDs, etc).
  domain: {{ hostname_identity }}
  domain: {{ matrix_domain }}

 # Application service host/registration related details.
 # Changing these values requires regeneration of the registration.
@@ -67,7 +67,7 @@ bridge:
  #   domain - All users on that homeserver
  #     mxid - Specific user
  permissions:
    '{{ hostname_identity }}': user
    '{{ matrix_domain }}': user

 # Logging config.
 logging:
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -5,7 +5,7 @@
 # This is used by remote servers to connect to this server,
 # e.g. matrix.org, localhost:8080, etc.
 # This is also the last part of your UserID.
 server_name: "{{ hostname_identity }}"
 server_name: "{{ matrix_domain }}"

 # When running as a daemon, the file to store the pid in
 pid_file: /homeserver.pid
@@ -43,7 +43,7 @@ pid_file: /homeserver.pid
 # enter into the 'custom HS URL' field on their client. If you
 # use synapse with a reverse proxy, this should be the URL to reach
 # synapse via the proxy.
 public_baseurl: https://{{ hostname_matrix }}/
 public_baseurl: https://{{ matrix_server_fqn_matrix }}/

 # Set the soft limit on the number of file descriptors synapse can use
 # Zero is used to indicate synapse should set the soft limit to the
@@ -339,7 +339,7 @@ event_cache_size: "{{ matrix_synapse_event_cache_size }}"


 # A yaml python logging config file
 log_config: "/data/{{ hostname_matrix }}.log.config"
 log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"


 ## Ratelimiting ##
@@ -660,7 +660,7 @@ form_secret: {{ matrix_synapse_form_secret|to_json }}
 ## Signing Keys ##

 # Path to the signing key to sign messages with
 signing_key_path: "/data/{{ hostname_matrix }}.signing.key"
 signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key"

 # The keys that the server used to sign messages with but won't use
 # to sign new messages. E.g. it has lost its private key
--- a/roles/matrix-synapse/vars/main.yml
+++ b/roles/matrix-synapse/vars/main.yml
@@ -2,5 +2,5 @@

 matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']

 matrix_synapse_client_api_url_endpoint_public: "https://{{ hostname_matrix }}/_matrix/client/versions"
 matrix_synapse_federation_api_url_endpoint_public: "https://{{ hostname_matrix }}:8448/_matrix/federation/v1/version"
 matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
 matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"